V4 Agent Types
Agent Types - Table of Contents
V4 Agent Type - Overview
ConnectSecure offers two types of agents, Lightweight and Probe, that can be deployed based on the network, restrictions, and the network access level. The agents vary in scale from simple to complex management overhead. This document is a guide to help choose the right agent for the specific requirements.
The default installation path is below with the primary executables.
"C:\Program Files (x86)\CyberCNSAgent"
Primary executables
cybercnsagent.exe
cybercnsagentmonitor.exe
osqueryi.exe
nmap.exe
cyberutilities.exe
cyberpatch.exe
compliance.exe
V4 Agent Type - Data Collection Process
Upon installation, the ConnectSecure Vulnerability Scan Agent securely transmits system data to the ConnectSecure Portal using the below-mentioned methods.
For Windows probes, the SMB protocol is used to communicate with remote assets on the allowed network. The Admin$ share collects data requiring write, read, and execute privileges.
For Mac probes, SSH is the preferred communication method to fetch data from remote assets.
For VMware assets, SSH-based credentials are used to gather information.
For Network Devices, the agent uses SNMP (V1/V2/V3) to collect information.
Asset Type | Protocol | Port(s) |
---|---|---|
Windows Probe Agent | SMB | 445 |
Mac Probe Agent | SSH | 22 |
VMWare | SSH | 22 |
Network Devices | SNMP (V1, V2, V3) | 161/162 |
V4 Agent Types - Lightweight and Probe
Any V4 agent is installed by default as a Lightweight Agent that can be converted into a Probe agent by mapping discovery settings and/or credentials.
Option 1 = Lightweight Agent (Default)
The Lightweight agent installation benefits from a continuous scanning approach on its installed asset.
Great for remote assets that are ‘off network’ or domain; scans only the asset the agent is installed on.
There is no need to schedule scans or manually run scans. The V4 Lightweight agent synchronizes and checks for changes continuously and automatically every 15 minutes.
If an RMM tool is deployed on the network, then you can use the RMM tool to push Lightweight Agent to multiple systems using our prebuilt PowerShell script we provide.
Port 443 Outbound is required.
Port 4222 outbound to your region is required; if 4222 fails the system will try 443 as secondary.
See our Agent Configurationspage for full details.
Option 2 = Probe Agent
Probe Agent is most useful for an office environment with controlled IP addressing.
Probe Agent can be installed on Windows, MacOS, or Linux-based operating systems.
Probe Agent requirements:
4-core CPU
Minimum of 4 GB RAM for the first 1000 Assets and 1GB for every additional 500 assets.
Access to all the subnets which are to be assessed.
MacOS requires the latest Nmap installed.
Port 443 outbound opened to the installation domain *.myconnectsecure.com.
Probe Agent uses the following methods to gather data from the scan(s).
Windows - It attempts to use the Admin SMB share to send a small executable called the dissolvable agent that it then runs on the remote machine to fetch the details.
Active Directory - If Active Directory Credentials are provided to the Probe Agent under Discovery Settings, it uses SMB communication to fetch information from remote assets.
Linux - It uses SSH credentials to log in to machines and uses Linux commands to determine what is running on the machines.
Network Devices - It uses SNMP to discover the sysObjectID, look up the version of the device, and then query the vulnerabilities for the version. It also connects to OEM APIs to get the vulnerability details.
You can discover multiple subnets using a single Probe Agent by setting up the address type(s).
CIDR > Example: 192.168.1.0/24
IP Range > Example: 192.168.1.0-192.168.1.100
Static IP > Example: 192.168.1.1
Domain > Example: xyz.com
The probe will require AD Credentials for scanning purposes in the case of the AD environment.
In the case of a workgroup environment, the Probe agent can be supplied with common credentials under Discovery Settings> Master Credentials, which are to be used to login to Windows, Mac, and Linux remote systems.
V4 Agent Prerequisites
Check out the full page here: https://cybercns.atlassian.net/wiki/x/nYA_f
V4 Agent Installation
https://cybercns.atlassian.net/l/cp/XuuthZVo
Need Support?
Do you need help? You can access our support portal to create, view, and update tickets anytime.
https://cybercns.freshdesk.com
Click below to be directed to our secure support portal or email support@cybercns.com to open a ticket.