Agent Configurations
V4 Agent Configurations - Table of Contents
Agents now require the User Secret to be passed during installation as of October 1st, 2024.
ConnectSecure automatically generates the user secret based on the logged-in user
The user secret is used to determine ‘who’ installed the agent
The user secret does not expire unless reset in the Global Settings > Reset User Secret
The same user secret can be used across all companies in the portal when using scripted or RMM deployments; consider creating a dedicated user for this (IE: RMM User); again, this lets us know WHO installed the agent, so if you want your RMM listed; create that RMM User
The agent download screen will automatically create and assign the $user_secret as shown below:
The updated script that includes $user_secret is highlighted in bold below:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;Â
$source = (Invoke-RestMethod -Method "Get" -URI "https://configuration.myconnectsecure.com/api/v4/configuration/agentlink?ostype=windows");
$destination = 'cybercnsagent.exe';
Invoke-WebRequest -Uri $source -OutFile $destination;
./cybercnsagent.exe -c $company_id -e $tenant_id -j $user_secret -i;
Please email support@connectsecure.com if you have any questions or concerns about this.
Agent Configuration is specific to your POD and is based on the hosting regions. To obtain your POD, please tap the INFO button on the Overview > Dashboard screen as shown below.
Agent Types
ConnectSecure has two main agent types: Lightweight (LWA) and Probe.
Find these at the Overview > Agents screen under the two tabs with the count labeled:
By default, any ConnectSecure agent is installed as a Lightweight Agent. Afterward, you can convert the Lightweight Agent to a Probe Agent by mapping the company-based Discovery settings.
Lightweight Agent (Default Agent Type)
The LWA installation uses a continuous scanning method on the locally installed asset.
The LWA does not scan outside the boundaries of the local asset to which it is installed.
IE: No network scanning; no asset discovery; this requires the Probe Agent.
The LWA scans automatically based on the scan time interval settings.
If an RMM tool is deployed on the network, you can push the LWA to multiple systems using our prebuilt PowerShell/Terminal scripts, which are provided with the company agent download by OS.
The probe is generally best used in environment(s) with controlled IP-addressing.
The probe is compatible with Windows, MacOS, Linux, and ARM-based operating systems.
A complete list of supported operating systems is in the table near the end of this document
Probe Agent uses the following methods to gather data from the scan(s).
Windows: It attempts to use the Admin SMB share to send a small executable called the dissolvable agent, which then runs on the remote machine to fetch the details.
Active Directory: If Active Directory Credentials are provided to the Probe Agent under Discovery Settings, SMB communication fetches information from remote assets.
Darwin/Linux: Requires the latest installation of NMAP; uses SSH credentials and Linux commands to determine what is running.
Network Devices: This uses SNMP to discover the sysObjectID, look up the device's version, and query the vulnerabilities for that version. It also connects to OEM APIs to get the vulnerability details.
You can discover multiple subnets using a single Probe Agent by setting up the address type(s) found in the company discovery settings. Below are some examples of the address types you can use.
CIDR > Example: 192.168.1.0/24
IP Range > Example: 192.168.1.0-192.168.1.100
Static IP > Example: 192.168.1.1
Domain > Example: xyz.com
Probe Agent will require AD credentials to scan the Active Directory environment(s); prefer to use a lightweight agent directly installed on the domain controller.
Probe Agent can access workgroup machines using standard or local credentials mapped from the Discovery settings to the Probe (nondomain).
Probe agent can be used to deploy security patches to remote machines; previously this would require a lightweight agent but that is no longer the case.
Recommended Minimum Hardware Requirements
Probe Agent (Network Scan Agent) | |||
---|---|---|---|
Windows | MAC | Linux | ARM |
|
|
|
|
Lightweight Agent (default) | |||
---|---|---|---|
Windows | MAC | Linux | ARM |
The lightweight agent is only scanning the asset on which it is installed |
Agent Data Collection Process
Upon installation, the ConnectSecure Vulnerability Scan Agent securely transmits system data to the ConnectSecure Portal using the methods mentioned below.
For Windows probes, the SMBv2 protocol is used to communicate with remote assets on the allowed network. The Admin$ share collects data requiring write, read, and execute privileges.
For Mac probes, SSH is the preferred communication method for fetching data from remote assets, with Linux commands for fetching details.
For VMware assets, SSH is the preferred communication method to fetch data from remote assets using Linux commands to fetch details.
For Network Devices, the agent uses SNMP (V1/V2/V3) to collect information.
For Firewall Devices, the agent offers credentials and API-based integrations for deeper scanning.
Asset Type | Protocol | Port(s) |
---|---|---|
Windows Probe Agent | SMBv2 | 445 |
Linux Probe Agent | SSH | 22 |
Mac Probe Agent | SSH | 22 |
VMWare | SSH | 22 |
Network Devices | SNMP (V1, V2, V3) | 161/162 |
Supported Operating Systems
UBUNTU OS | |
---|---|
Ubuntu 22.04 LTS | Jammy Jellyfish |
Ubuntu 20.04 LTS | Focal Fossa |
Ubuntu 18.04 LTS | Bionic Beaver |
CENT OS | |
CentOS - 7.0 | Â |
CentOS - 8.0 | Â |
REDHAT LINUX OS | |
RHEL 7 | Maipo |
RHEL 8 | Ootpa |
RHEL 9 | Plow |
SLES | |
OS Version 11 | Suse |
OS Version 12 | Suse |
DEBIAN OS | |
Debian 7 | Wheezy |
Debian 8 | Jessie |
Debian 9 | Stretch |
Debian 10 | Buster |
Debian 11 | Bullseye |
Debian 12 | Bookworm |
MAC OS (Silicon CPU supported) | |
OS X 10.9 | Mavericks (Cabernet) |
OS X 10.10 | Yosemite (Syrah) |
OS X 10.11 | El Capitan (Gala) |
macOS 10.12 | Sierra (Fuji) |
macOS 10.13 | High Sierra (Lobo) |
macOS 10.14 | Mojave (Liberty) |
macOS 10.15 | Catalina (Jazz) |
macOS 11 | Big Sur (GoldenGate) |
macOS 12 | Monterey (Star) |
macOS13 | Ventura |
macOS14 | Sonoma |
macOS15 | Sequoia |
MICROSOFT WINDOWS OS | |
Windows 10 (64-bit) | Â |
Windows 11 (64-bit) | Â |
Windows Server 2012 (64-bit) | Â |
Windows Server 2012 R2 (64-bit) | Â |
Windows Server 2016 (64-bit) | Â |
Windows Server 2019 (64-bit) | Â |
Windows Server 2022 (64-bit) | Â |
Windows Server 2025 (64-bit) | Â |
Agent Command Line Options
Visit our KB for a complete listing of agent command line options, found here:
Agent Whitelisting by POD/Region
For a complete listing of POD/Region whitelisting recommendations, please visit this page:
https://cybercns.atlassian.net/wiki/x/ZwDXhw
Need Support?
Do you need help? You can access our support portal to create, view, and update tickets anytime.
https://cybercns.freshdesk.com
Click below to be directed to our secure support portal or email support@connectsecure.com to open a ticket.