V4 Agent Types

Agent Types - Table of Contents

1 V4 Agent Type - Overview
2 V4 Agent Type - Data Collection Process
3 V4 Agent Types - Lightweight and Probe
4 V4 Agent Prerequisites
5 V4 Agent Installation
6 Need Support?

V4 Agent Type - Overview

ConnectSecure offers two types of agents, Lightweight and Probe, that can be deployed based on the network, restrictions, and the network access level. The agents vary in scale from simple to complex management overhead. This document is a guide to help choose the right agent for the specific requirements.

The default installation path is below with the primary executables.

"C:\Program Files (x86)\CyberCNSAgent"

Primary executables

cybercnsagent.exe
cybercnsagentmonitor.exe
osqueryi.exe
nmap.exe
cyberutilities.exe
cyberpatch.exe
compliance.exe

V4 Agent Type - Data Collection Process

Upon installation, the ConnectSecure Vulnerability Scan Agent securely transmits system data to the ConnectSecure Portal using the below-mentioned methods.

For Windows probes, the SMB protocol is used to communicate with remote assets on the allowed network. The Admin$ share collects data requiring write, read, and execute privileges.
For Mac probes, SSH is the preferred communication method to fetch data from remote assets.
For VMware assets, SSH-based credentials are used to gather information.
For Network Devices, the agent uses SNMP (V1/V2/V3) to collect information.

Asset Type	Protocol	Port(s)

Asset Type	Protocol	Port(s)
Windows Probe Agent	SMB	445
Mac Probe Agent	SSH	22
VMWare	SSH	22
Network Devices	SNMP (V1, V2, V3)	161/162

V4 Agent Types - Lightweight and Probe

Any V4 agent is installed by default as a Lightweight Agent that can be converted into a Probe agent by mapping discovery settings and/or credentials.

Option 1 = Lightweight Agent (Default)

The Lightweight agent installation benefits from a continuous scanning approach on its installed asset.
Great for remote assets that are ‘off network’ or domain; scans only the asset the agent is installed on.
There is no need to schedule scans or manually run scans. The V4 Lightweight agent synchronizes and checks for changes continuously and automatically every 15 minutes.
If an RMM tool is deployed on the network, then you can use the RMM tool to push Lightweight Agent to multiple systems using our prebuilt PowerShell script we provide.
Port 443 Outbound is required.
Port 4222 outbound to your region is required; if 4222 fails the system will try 443 as secondary.
- See our Agent Configurationspage for full details.

Option 2 = Probe Agent

Probe Agent is most useful for an office environment with controlled IP addressing.
Probe Agent can be installed on Windows, MacOS, or Linux-based operating systems.
Probe Agent requirements:
- 4-core CPU
- Minimum of 4 GB RAM for the first 1000 Assets and 1GB for every additional 500 assets.
- Access to all the subnets which are to be assessed.
- MacOS requires the latest Nmap installed.
- Port 443 outbound opened to the installation domain *.myconnectsecure.com.
Probe Agent uses the following methods to gather data from the scan(s).
- Windows - It attempts to use the Admin SMB share to send a small executable called the dissolvable agent that it then runs on the remote machine to fetch the details.
- Active Directory - If Active Directory Credentials are provided to the Probe Agent under Discovery Settings, it uses SMB communication to fetch information from remote assets.
- Linux - It uses SSH credentials to log in to machines and uses Linux commands to determine what is running on the machines.
- Network Devices - It uses SNMP to discover the sysObjectID, look up the version of the device, and then query the vulnerabilities for the version. It also connects to OEM APIs to get the vulnerability details.
You can discover multiple subnets using a single Probe Agent by setting up the address type(s).
- CIDR > Example: 192.168.1.0/24
- IP Range > Example: 192.168.1.0-192.168.1.100
- Static IP > Example: 192.168.1.1
- Domain > Example: xyz.com
The probe will require AD Credentials for scanning purposes in the case of the AD environment.
In the case of a workgroup environment, the Probe agent can be supplied with common credentials under Discovery Settings> Master Credentials, which are to be used to login to Windows, Mac, and Linux remote systems.

V4 Agent Prerequisites

Check out the full page here: https://cybercns.atlassian.net/wiki/x/nYA_f

V4 Agent Installation

https://cybercns.atlassian.net/l/cp/XuuthZVo

Need Support?

Do you need help? You can access our support portal to create, view, and update tickets anytime.

https://cybercns.freshdesk.com

Click below to be directed to our secure support portal or email support@cybercns.com to open a ticket.