Versions Compared

Old Version 1

changes.mady.by.user Ryan Seymour

Saved on

compared with

New Version Current

changes.mady.by.user Ryan Seymour

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Below is a link to our YouTube Channel Series @ConnectSecureEducation which covers the ‘Probes/Agent’ module within CyberCNS. After the video link is our documentation. Let us know if you have any feedback, you can email to education@connectsecure.com

...

Table of Contents for Probes / Agents

Table of Contents
minLevel1
maxLevel7

This section will cover the Probes / Agents at the Company level.

...

Overview

The Probes/Agent screen gives you an overview of currently installed CyberCNS agents, both Probe and/or Lightweight Agents. Additional settings for the agents can be configured here as well as initiating any of our scan types.

...

You can perform actions against a single agent using the three-dot action menu

...

Single Agent Actions

  • Discovery Settings - parameters for Probe agent type used for scanning for IP-based assets

  • Uninstall - issues remote uninstall of CyberCNS agent/services (needs to be online to uninstall)

  • Delete - permanently deletes the agent from the CyberCNS portal

  • Fetch Event Logs - download a range of Microsoft Windows Event Logs (Jobs > Agent Event Logs)

  • Agent Update Info - displays logging detail for agent version updates (requires asset to be online)

...

Additionally, you can perform actions against multiple agents using the checkbox on first column of the agents and then the GLOBAL ACTIONS button will light up.

...

Global Actions

  • Uninstall - issues remote uninstall of CyberCNS agent/services (needs to be online to uninstall)

  • Delete - permanently deletes the agent from the CyberCNS portal

  • Lightweight Agent Scan - initiates a Lightweight agent scan

  • Agent Migration -move an agent from company to another without uninstalling or reinstalling

...

Discovery Settings

Info

Discovery Settings are only available on the Probe agent type

The probe agent discovery settings can be configured to scan the network(s). By doing so, IP-based devices can be discovered and subsequently added to the Active Assets. Please find the available configuration options listed below.

...

Discovery Setting Options

We have 4 discovery type options to choose from when scanning the network(s). These include the following: CIDR, IP Range, Static IP, and Domain Name.

To get started with a discovery scan, first click on the +Add button

...

IP Ranges

When you first open the window it will automatically select the discovery type of CIDR, detect the local IP, subnet, and fill this in for you. This can be edited any time based on the network and scan requirements. The following discovery types are available for scanning.

...

  1. Copy to Probe - this allows you to copy the IP Range information from probe to probe within the same company; duplicates will be ignored.

  2. Edit - allows you to edit the parameters of an existing IP Range entry

  3. Delete - deletes the IP Range parameters permanently

...

SNMP Credentials

Tip

SNMP v1/v2 and v3 are all supported by CyberCNS using read-only credentials

...

  1. Edit - allows you to edit the parameters of an existing IP Range entry

  2. Delete - deletes the IP Range parameters permanently

...

Active Directory Credentials

Use the +Add button to store credentials to be used with Active Directory scanning computers part of the AD network(s). You can add a single set of credentials or multipole sets; both are supported but not required.

Complete each of the required fields and then choose save.

...

Active Directory Credentials | Exclude IP

Info

This tab allows you to configure the IP Addresses that can be excluded from scanning which is a part of the Active Directory discovery settings.

...

See ‘Discovery Settings’ for more information about using the discovery types; CIDR, IP Range, Static IP, Domain Name.

Master Credentials

Define a common set of ‘local’ credentials to do an authenticated asset scan against company level assets.

...

Once you have credentials saved you will be able to Edit or DELETE using the three-dot actin menu on the saved credential entry.

...

Azure AD Asset Scanning

Azure AD users can not access a local network share directly. If they have a local Active Directory and it is connected to the Azure AD using Azure Connect, then users will sync with Azure AD and the local AD post which they can access ADMIN$.

Granting Permissions for Local Network Share in Azure AD

  1. Install and configure an Azure AD Connect account.

  2. Join your VM in Azure to the Domain Controller.

  3. Set a user from the domain controller.

Performance Management

Info

This tab allows you to allocate the required number of processes to be executed at a time, when a scan is triggered. This is based on the system configuration where the agent is installed.
(Ex - 4 Core Processor - 16 Processes)

...

Uninstalling Probes / Lightweight Agents

Note

Agent must be online to use the remote uninstall command

...

→ sc.exe delete cybercnsagentmonitor

Deleting Single Probes / Lightweight Agents

Info

Online or Offline agents can be deleted. Once deleted, all the data pertaining to that Probe/Agent will be deleted from the CyberCNS portal.

...

Deleting Multiple Probes / Lightweight Agents

Use the checkboxes to select the Probes/Agents you want to mark for deletion, using Global Actions.

...

Lightweight Agent Scanning

Info

The agents must be online in order for scanning to be initiated

...

Panel
panelIconId1f422
panelIcon:turtle:
panelIconText🐢
bgColor#E3FCEF

We recommend using the ‘Global Scheduler’ to schedule your Lightweight Agent Scan so its happening automatically and keeping your assets up to date with the latest data.

Agent Migration

We can migrate a CyberCNS agent from company to another using the Agent Migration option found under the Global Action menu. You will have to use the checkbox to select an agent and then the Global Actions button will appear.

...

Using the drop down (1), select the company and then choose Migrate (2) to move the agent.

...

Deprecated Agents

Info

Agent deprecation helps keep your active/online agents clean.

Any agent unreachable by CyberCNS in the ‘Agent Deprecation Days’ field will automatically move from your Active Assets to the Deprecated Assets Agents section automatically.

To set your Agent Deprecation Days navigate to Settings as per the screenshot below.

...