V4 Agent Types

Agent Types - Table of Contents


V4 Agent Type - Overview

ConnectSecure offers two types of agents, Lightweight and Probe, that can be deployed based on the network, restrictions, and the network access level. The agents vary in scale from simple to complex management overhead. This document is a guide to help choose the right agent for the specific requirements.

The default installation path is below with the primary executables.

"C:\Program Files (x86)\CyberCNSAgent"

Primary executables

  • cybercnsagent.exe

  • cybercnsagentmonitor.exe

  • osqueryi.exe

  • nmap.exe

  • cyberutilities.exe

  • cyberpatch.exe

  • compliance.exe


V4 Agent Type - Data Collection Process

Upon installation, the ConnectSecure Vulnerability Scan Agent securely transmits system data to the ConnectSecure Portal using the below-mentioned methods.

  • For Windows probes, the SMB protocol is used to communicate with remote assets on the allowed network. The Admin$ share collects data requiring write, read, and execute privileges.

  • For Mac probes, SSH is the preferred communication method to fetch data from remote assets.

  • For VMware assets, SSH-based credentials are used to gather information.

  • For Network Devices, the agent uses SNMP (V1/V2/V3) to collect information.

Asset Type

Protocol

Port(s)

Asset Type

Protocol

Port(s)

Windows Probe Agent

SMB

445

Mac Probe Agent

SSH

22

VMWare

SSH

22

Network Devices

SNMP (V1, V2, V3)

161/162


V4 Agent Types - Lightweight and Probe

Any V4 agent is installed by default as a Lightweight Agent that can be converted into a Probe agent by mapping discovery settings and/or credentials.

Option 1 = Lightweight Agent (Default)


Option 2 = Probe Agent

  • Probe Agent is most useful for an office environment with controlled IP addressing.

  • Probe Agent can be installed on Windows, MacOS, or Linux-based operating systems.

  • Probe Agent requirements:

    • 4-core CPU

    • Minimum of 4 GB RAM for the first 1000 Assets and 1GB for every additional 500 assets.

    • Access to all the subnets which are to be assessed.

    • MacOS requires the latest Nmap installed.

    • Port 443 outbound opened to the installation domain *.myconnectsecure.com.

  • Probe Agent uses the following methods to gather data from the scan(s).

    • Windows - It attempts to use the Admin SMB share to send a small executable called the dissolvable agent that it then runs on the remote machine to fetch the details.

    • Active Directory - If Active Directory Credentials are provided to the Probe Agent under Discovery Settings, it uses SMB communication to fetch information from remote assets.

    • Linux - It uses SSH credentials to log in to machines and uses Linux commands to determine what is running on the machines.

    • Network Devices - It uses SNMP to discover the sysObjectID, look up the version of the device, and then query the vulnerabilities for the version. It also connects to OEM APIs to get the vulnerability details.

  • You can discover multiple subnets using a single Probe Agent by setting up the address type(s).

    • CIDR > Example: 192.168.1.0/24

    • IP Range > Example: 192.168.1.0-192.168.1.100

    • Static IP > Example: 192.168.1.1

    • Domain > Example: xyz.com

  • The probe will require AD Credentials for scanning purposes in the case of the AD environment.

  • In the case of a workgroup environment, the Probe agent can be supplied with common credentials under Discovery Settings> Master Credentials, which are to be used to login to Windows, Mac, and Linux remote systems.


V4 Agent Prerequisites

Check out the full page here: https://cybercns.atlassian.net/wiki/x/nYA_f


V4 Agent Installation

https://cybercns.atlassian.net/l/cp/XuuthZVo


Need Support?

Do you need help? You can access our support portal to create, view, and update tickets anytime.

https://cybercns.freshdesk.com

Click below to be directed to our secure support portal or email support@cybercns.com to open a ticket.