Introduction
Each of these gives a different view of the asset and is available to view in the Asset View.
Company Level
Once the agent installation is successful, Navigate to the Probe / Agents tab to view the installed agent along with the details of Hostname, Version, Agent Type, IP, OS Type, Installed On, Last Scanned Time, Last PII Scan Time, Last Ping Time, and whether the agent is Online (If the agent is online it shows in green) or Offline (if the agent is offline it shows in red).
Probe Agents, Lightweight agents and Deprecated Agents are separated in the Probe/Agent section. Probe Agent scan and Lightweight agent scan can be separately and manually triggered at the Company Level.
Full Scan, Asset Scan, Active Directory Scan, Offline Vulnerability Scan, Firewall Scan, Lightweight Agent Scan, and PII Scan are the scan types available on the top of the page, where the scan for the agent can be done using these options based on the requirement. When the scan is completed, it will successfully upload the results to the company from where this agent was downloaded under the Active Assets section.
Discovery Settings
In the depicted below image using the Action column addition of Discovery settings or Uninstall of the agent can be carried out.
Under Discovery settings, IP ranges credentials, SNMP credentials, Active Directory credentials, Master Credentials, Performance Management, and Brute Force Settings can be added.
IP Ranges
In the IP Ranges click on +Add to add the IP ranges and can add single/multiple entries.
Addition of IP Ranges, CIDR, Static IP, and Domain Name to discover the assets and provide your IP/subnets to scan using the agent and can also add multiple entries here OR exclude the Subnet/IP from scanning.
In IP ranges, if CIDR is chosen as Discovery Type then enter the Name and select the Netmask value as required.
Click on Save once the above credentials are provided.
In IP ranges, if IP Range is chosen as Discovery Type then enter the Name and the End IP address.
Click on Save once the above credentials are provided.
In IP ranges, if Static IP is chosen as Discovery Type then enter the Name and Start IP address.
Click on Save once the above credentials are provided.
The domain name functions as a link to the IP address. Links do not contain actual information, but they do point to the place where the IP address information resides. It is convenient to think of IP addresses as the actual code and the domain name as a nickname for that code. |
In IP ranges, if the Domain Name is chosen as the Discovery Type then enter the name of your choice and the Domain name to be scanned, Exclude IP from scanning, and add the IP Ranges to be excluded from Scan.
Click on Save once the above credentials are provided.
Once the above details are Saved, the IP Ranges will be notified and an, IP added successfully message.
There is an option to Edit and Delete the IP Ranges using the Action column. Any IP Ranges can be edited and deleted if needed.
Copy To Probe
From one probe agent to another probe agent, the IP range will be copied within the same company. Duplicates will be discarded. |
Select the company under which the probe agent’s discovery settings (Only IP Ranges) are to be copied to another probe agent.
Navigate to Probes/Agents, under the Action column, select a probe agent, and click on Discovery settings.
In the IP ranges section, under the action column, click on copy to probe option to copy all the IP details to another probe agent for the same company.
Here as shown in the depicted select the probe from the dropdown as needed.
SNMP Credentials
There are two options available for adding SNMP Credentials, they are SNMP v1/v2 and SNMP v3.
Click on +Add to add the SNMP v1/v2 Credentials and can add single/multiple entries.
In the depicted below image, you can choose either SNMP v1 or SNMP v2 as per the requirement.
Enter the Name and SNMP v1/v2 community string for network devices vulnerability scan and choose the type of version while adding SNMP credentials as per the requirement.
Once the details are provided click on Save.
Once the above details are Saved, the SNMP credentials save will be notified as, SNMP v1 added successfully, message.
There is an option to Edit and Delete the SNMP credentials using the Action column. Any SNMP credentials v1/v2 can be edited and deleted if needed.
The protocols used for Authentication are MD5 and SHA (Secure Hash Algorithm). The protocols used for Authentication are MD5 and SHA; and for Privacy, DES (Data Encryption Standard) and AES (Advanced Encryption Standard) protocols can be used. |
Now, enter the details of Name, Security Name, Auth Password, and Privacy Password, and click on Save.
Once the above details are Saved, the SNMP credentials will be notified by, the SNMP v3 added successfully, message.
There is an option to Edit and Delete the SNMP credentials using the Action column. Any SNMP v3 credentials can be edited and deleted if needed.
Active Directory Credentials
Active Directory credentials are used to discover the assets and information from computers that are part of the AD network.
Click on +Add to add the Active Directory Credentials and can add single/multiple entries.
Active Directory credentials will have access to all the computers under AD. To only apply these credentials to limited IP ranges, please use Exclude IP section and add the IP Ranges to be excluded from the Active Directory Scan.
.jpeg?version=1&modificationDate=1687950333520&cacheVersion=1&api=v2 "CyberCNS V3 > Probes/Agents > WhatsApp Image 2023-06-28 at 4.31.47 PM (2).jpeg")
How you can find out the name and IP address of the AD domain controller on your network in Linux?
How do I get to Active Directory on Mac?
How do I get to Active Directory on Windows?
Now, enter the details of Name, Domain, Active Directory Domain Controller Name/ IP address, User Name, and Password.
Next, click on Save when the above details are provided.
Once the above details are Saved, the Active Directory credentials will be notified by the Active Directory Credentials added successfully, message.
There is an option to Edit and Delete the Active Directory credentials using the Action column. Any Active Directory credentials can be edited and deleted if needed.
Exclude IP
This Tab allows you to configure the IP Addresses that can be excluded from scanning which is a part of the Active Directory discovery settings.
Click on +Add to add the Exclude IP.
.jpeg?version=1&modificationDate=1687950616865&cacheVersion=1&api=v2 "CyberCNS V3 > Probes/Agents > WhatsApp Image 2023-06-28 at 4.31.47 PM (3).jpeg")
Addition of IP Ranges, CIDR, Static IP, and Domain Name to discover the assets and provide your IP/subnets to scan using the agent and can also add multiple entries here OR exclude the Subnet/IP from scanning.
Master Credentials
The Master credentials section will be used to do an authenticated asset scan and find vulnerabilities, without going by updating the credentials for each asset. Here a common set of credentials for OS like Windows, Mac, and Linux can be used.
Prerequisites for Master Credentials:
Windows machine
1. SMB should be enabled (port: 445)
Linux based OS
1. ssh access should be enabled for the end machine (asset).
2. The user should have sudo privileges on the asset.
3.User should have access to the sudo command without a password.
Darwin-based OS(MAC)
1. ssh should be enabled in the endpoint machine.
2.User should have sudo privileges.
3.User should have access to the sudo command without a password.
VMware based OS
1. ssh should be enabled in the endpoint machine.
2. User should have access to the sudo command without a password. |
To add Master Credentials click on +Add and can add single/multiple entries.
If you enter credentials for VMWare in the master credentials section, the agent will select and use any VMWare devices discovered as per the discovery settings, and if the corresponding port is open (port 22 for VMWare or Linux, port 445 for Windows) the scans will be successful.
Even if the VMWare/ESXI host is not authenticated, we are attempting to extract information about the version and build from packet headers obtained through various network protocols supported by VMWare including VCenter.
In Master Credentials, when the master credentials are provided, from the next scan, every vulnerability scan will try to scan with those credentials.
Select the Type of Asset as per the requirement.
Now, enter the details of your Name, Username, Password, and Domain.
When the above details are provided click on Save.
Once the above details are Saved, the Master credentials will be notified by the Asset Credentials added successfully, message.
There is an option to Edit and Delete the Master credentials using the Action column. Any Master credentials can be edited and deleted if needed.
.jpeg?version=1&modificationDate=1687950827371&cacheVersion=1&api=v2 "CyberCNS V3 > Probes/Agents > WhatsApp Image 2023-06-28 at 4.31.47 PM (5).jpeg")
To scan Azure AD Assets:
Azure AD users can not access a local network share directly. If they have a local Active Directory and it is connected to the Azure AD using Azure Connect, then users will sync with Azure AD and the local AD post which they can access ADMIN$.
For Granting permissions to Azure AD users for local network share:
You must install and configure an Azure AD Connect
After that, you must join your VM in Azure to the Domain Controller.
And finally set a user from your domain controller.
Performance Management
This tab allows you to allocate the required number of processes to be executed at a time when a scan is triggered to manage the performance of the scans and the systems. This is based on the system configuration on which the CyberCNS agent is installed.
(Ex - 4 Core Processor - 16 Processes)
|
Brute Force Settings
By implementing this setting, the security posture can be strengthened of the system for brute force attacks, potentially safeguarding user accounts and sensitive information. |
Users can enable/disable “Brute Force Settings” from this section of discovery settings for the Probe Agent. Also, a specific port number can be provided.
It checks for default ssh credentials and populates the data under Network Scan Findings.
Uninstall Probe/Agents
CyberCNS allows uninstalling agents from this section only if the agents are showing online from the CyberCNS portal. |
In case, yes is selected, the Probe/Agent is notified by the Uninstalling initiated.., message.
Upon successful uninstallation, the Probe/Agents will start appearing offline in the CyberCNS portal.
For an Uninstallation and deletion of the agent,
The CyberCNSAgentV2 folder must not exist on the system. Please delete it if it exists.
Windows services cybercnsagentv2 and cybercnsagentmonitor should not be running and should not exist. If they exist, please stop the services and then delete them using the following commands
--> Open the command prompt, and Run as administrator.
--> sc.exe delete cybercnsagentv2
--> sc.exe delete cybercnsagentmonitor
Delete Probe/Agents
CyberCNS allows deleting the agents, even though the agents are online or offline. Once deleted, all the data about that Probe/Agent will be deleted from the CyberCNS portal. |
Once the delete option is chosen, a confirmation dialog box with Yes or No options appears to confirm the delete choice once again.
Upon successful deletion, the Probe/Agents will disappear in the CyberCNS portal.
Fetch Event Logs
This will help to fetch event logs from the system on which the agent is installed. |
For example:- Start Date → 19/04/2023 & End Date → 20/04/2023 |
Navigate to the Jobs> Agent Event Logs section, to view the job status. Once the job is completed successfully, using the action column download the event logs. The downloaded event logs will be in the Xlsx format.
Agent Update Info
Agent Update information log will help to fetch the information about the agent updation from the older version to the latest version. |
Navigate to Probes/Agents, to get the Agent Update Info.
Once the agent is updated to the latest version, the agent log of the update to the latest version will be generated. It will display the agent update logs on the pop-up screen as shown below.
Migrate to Lightweight Agent
Navigate to Probes/Agents.
Select the appropriate probe agent to be migrated to the lightweight agent.
Select Migrate to Lightweight option under the Action column.
Migration from Probe to Lightweight has the following changes: All Assets discovered by the probe will be deleted, except for the probe itself. Discovery Settings added to the probe will be deleted. All credentials associated with the probe will be deleted. Any job running on the probe machine will be terminated. All pending jobs in the queue will be deleted.
|
Before migration from Probe Agent to lightweight agent, the asset shows PROBE_ASSET as a tag under Active Assets.
After migration from probe Agent to lightweight agent, the asset will show LIGHTWEIGHTAGENT as a tag under Active Assets.
Migrate to Probe
Navigate to Probes/Agents.
Select the appropriate lightweight agent to be migrated to the probe agent.
Select the Migrate to Probe option under the Action column.
Migration from Lightweight to Probe has the following changes: |
Deprecated Agent
Agent deprecation helps you clean up agents from the lists that are not reachable from the CyberCNS agent. Users can set the deprecation age as per requirement using Settings Only the offline agents will move to the Deprecated Agent based on the deprecation age.
|
In the image below please enter the agent deprecation days as per the requirement. Once set, for the agent offline days, the deprecation value will be considered only if the entered days are more than the Last Ping time and the deprecated agents will be moved to the Deprecated Agents section.
Once the details are Saved, the Asset Deprecation Days will be Updated successfully.
Global Level
Over companies agents will be listed in the Global view > Probes/Agents tab. |
To get all the agents of all the companies, Navigate to the Probe / Agents tab to view the installed agent along with the details of Hostname, Version, IP, OS Type, Installed On, Last Scanned Time, Last PII Scan Time, Last Ping Time, Company name, and whether the agent is Online (If the agent is online it shows in green) or Offline (if the agent is offline it shows in red).
The Probes/Agent tab lists all the agents installed across all the companies.
The Lightweight agent tab lists all the lightweight agents installed across all the companies.
Only the offline agents will move to the Deprecated Agent. |
When the agent is offline deprecation value will be considered and the deprecated agents will be moved to the Deprecated Agents tab.
It lists all the agents deprecated across all the companies.
The Bulk delete option allows for the Uninstallation, Deletion, Update Performance Management, or Depreciation of multiple agents(Probe/Lightweight) in Global Actions.
Agents can be Uninstalled, Deleted, or Deprecated. Additionally, they can fetch Event logs and provide Agent Update Info.
This completes the Probe/Agents.
