Agent Configurations

Agents now require the User Secret to be passed during installation as of October 1st, 2024.

  • ConnectSecure automatically generates the user secret based on the logged-in user

  • The user secret does not expire unless reset in the Global Settings

  • The same user secret can be used across all companies in the portal when using scripted or RMM deployments; consider creating a dedicated user for this (IE: RMM User)

The agent download screen will automatically create and assign the $user_secret as shown here:

image-20240829-144545.png

The updated script that includes $user_secret is highlighted in bold below:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; 

$source = (Invoke-RestMethod -Method "Get" -URI "https://configuration.myconnectsecure.com/api/v4/configuration/agentlink?ostype=windows");

$destination = 'cybercnsagent.exe';

Invoke-WebRequest -Uri $source -OutFile $destination;

./cybercnsagent.exe -c $company_id -e $tenant_id -j $user_secret -i;


Please email support@connectsecure.com if you have any questions or concerns about this.

V4 Agent Configurations - Table of Contents


 

Agent Configuration is specific to your POD and is based on the hosting regions. To obtain your POD, please tap the INFO button on the Overview > Dashboard screen as shown below.

image-20240903-174809.png

Agent Types

ConnectSecure has two main agent types: Lightweight (LWA) and Probe.

Find these at the Overview > Agents screen under the two tabs with the count labeled:

By default, any ConnectSecure agent is installed as a Lightweight Agent. Afterward, you can convert the Lightweight Agent to a Probe Agent by mapping the company-based Discovery settings.

Lightweight Agent (Default Agent Type)


  • The probe is generally best used in environment(s) with controlled IP-addressing.

  • The probe is compatible with Windows, MacOS, Linux, and ARM-based operating systems.

    • A complete list of supported operating systems is in the table near the end of this document

  • Probe Agent uses the following methods to gather data from the scan(s).

    • Windows: It attempts to use the Admin SMB share to send a small executable called the dissolvable agent, which then runs on the remote machine to fetch the details.

    • Active Directory: If Active Directory Credentials are provided to the Probe Agent under Discovery Settings, SMB communication fetches information from remote assets.

    • Darwin/Linux: Requires the latest installation of NMAP; uses SSH credentials and Linux commands to determine what is running.

  • Network Devices: This uses SNMP to discover the sysObjectID, look up the device's version, and query the vulnerabilities for that version. It also connects to OEM APIs to get the vulnerability details.

  • You can discover multiple subnets using a single Probe Agent by setting up the address type(s) found in the company discovery settings. Below are some examples of the address types you can use.

    • CIDR > Example: 192.168.1.0/24

    • IP Range > Example: 192.168.1.0-192.168.1.100

    • Static IP > Example: 192.168.1.1

    • Domain > Example: xyz.com

  • Probe Agent will require AD credentials to scan the Active Directory environment(s); prefer to use a lightweight agent directly installed on the domain controller.

  • Probe Agent can access workgroup machines using standard or local credentials mapped from the Discovery settings to the Probe (nondomain).


Ports Communication

ConnectSecure V4 Agent(s) require ports 4222 and 443 to be open from the agent machine to the respective Region/POD IP addresses. Refer to the Agent Whitelisting by POD/Regiondocument for IP details.


Recommended Minimum Hardware Requirements

Probe Agent (Network Scan Agent)

Probe Agent (Network Scan Agent)

Windows

MAC

Linux

ARM

  • CPU: 4 Core

  • Disk: 50 GB

  • RAM: 4 GB for first 1000 Assets and 1 GB additional for every 500 Assets added after

  • CPU: 4 Core

  • Disk: 50GB

  • RAM: 4 GB for first 1000 Assets and 1 GB additional for every 500 Assets added after

  • CPU: 4 Core

  • Disk: 50GB

  • RAM: 4 GB for first 1000 Assets and 1 GB additional for every 500 Assets added after

  • Raspberry Pi 4 +

  • Raspberian OS

  • Disk: 32GB min but prefer 64GB

  • RAM: 4GB min

Lightweight Agent (default)

Lightweight Agent (default)

Windows

MAC

Linux

ARM

  • CPU: shared 1 core

  • RAM: 160MB

  • Disk: 10MB

The lightweight agent is only scanning the asset on which it is installed


Agent Data Collection Process

Upon installation, the ConnectSecure Vulnerability Scan Agent securely transmits system data to the ConnectSecure Portal using the methods mentioned below.

  • For Windows probes, the SMB protocol is used to communicate with remote assets on the allowed network. The Admin$ share collects data requiring write, read, and execute privileges.

  • For Mac probes, SSH is the preferred communication method for fetching data from remote assets, with Linux commands for fetching details.

  • For VMware assets, SSH is the preferred communication method to fetch data from remote assets using Linux commands to fetch details.

  • For Network Devices, the agent uses SNMP (V1/V2/V3) to collect information.

  • For Firewall Devices, the agent offers credentials and API-based integrations for deeper scanning.

Asset Type

Protocol

Port(s)

Asset Type

Protocol

Port(s)

Windows Probe Agent

SMB

445

Linux Probe Agent

SSH

22

Mac Probe Agent

SSH

22

VMWare

SSH

22

Network Devices

SNMP (V1, V2, V3)

161/162


Agent Requirements

Whitelisting by POD/Region

Please visit our V4 Agent Whitelisting by POD/Region document for full details based on your POD:

https://cybercns.atlassian.net/wiki/x/ZwDXhw


Dependencies

The ConnectSecure agent requires and runs the following dependencies. They are in the default agent installation directory based on the installed operating systems.

‘C:\Program Files (x86)\CyberCNSAgent’ (Windows)

/opt/CyberCNSAgent (Linux/Mac)

Windows

MAC

Linux

ARM

Windows

MAC

Linux

ARM

Lightweight Agents

connectsecurepatch.exe

 

 

 

cybercnsagentmonitor.exe

 

 

 

cyberutilities.exe

cyberutilities_darwin

cyberutilities_linux

cyberutilities_arm

main.ps1

main.ps1

main.ps1

main.ps1

osqueryi.exe

nmap

nmap

osqueryi_arm

scripts.zip

osqueryi_darwin

osqueryi_linux

scripts.zip

vcruntime140.dll

scripts.zip

scripts.zip

 

Additional Dependencies For Probe Agent

osqueryi_darwin

osqueryi.exe

osqueryi.exe

osqueryi.exe

osqueryi_linux

osqueryi_linux

osqueryi_darwin

osqueryi_linux

osqueryi_arm

osqueryi_arm

osqueryi_arm

osqueryi_darwin

firewall_configs.zip

firewall_configs.zip

firewall_configs.zip

firewall_configs.zip

nmap.zip

nmap

nmap

nmap

npcap.exe > 1.50 version

 

 

 

WindowsSpeculationControlFinder.zip

WindowsSpeculationControlFinder.zip

WindowsSpeculationControlFinder.zip

WindowsSpeculationControlFinder.zip

You can view the status of dependencies based on the agent by clicking on Overview > Agents and tapping on the three-dot Action menu.

Select the Dependency Status option.

This is an example of a Windows-based asset with a Lightweight agent installed:


Supported Operating Systems

UBUNTU OS

UBUNTU OS

Ubuntu 22.04 LTS

Jammy Jellyfish

Ubuntu 20.04 LTS

Focal Fossa

Ubuntu 18.04 LTS

Bionic Beaver

CENT OS

CentOS - 7.0

 

CentOS - 8.0

 

REDHAT LINUX OS

RHEL 7

Maipo

RHEL 8

Ootpa

SLES

OS Version 11

Suse

OS Version 12

Suse

DEBIAN OS

Debian 7

Wheezy

Debian 8

Jessie

Debian 9

Stretch

Debian 10

Buster

Debian 11

Bullseye

MAC OS (Silicon CPU supported)

OS X 10.9

Mavericks (Cabernet)

OS X 10.10

Yosemite (Syrah)

OS X 10.11

El Capitan (Gala)

macOS 10.12

Sierra (Fuji)

macOS 10.13

High Sierra (Lobo)

macOS 10.14

Mojave (Liberty)

macOS 10.15

Catalina (Jazz)

macOS 11

Big Sur (GoldenGate)

macOS 12

Monterey (Star)

macOS13

Ventura

macOS14

Sonoma

macOS15

Sequoia

MICROSOFT WINDOWS OS

Windows 10 (64-bit)

 

Windows 11 (64-bit)

 

Windows Server 2012 (64-bit)

 

Windows Server 2012 R2 (64-bit)

 

Windows Server 2016 (64-bit)

 

Windows Server 2019 (64-bit)

 

Windows Server 2022 (64-bit)

 


Proxy Support

Please use the option with the proxy format for an authenticated proxy:

-p username:password@IPaddress or Hostname:port

e.g. -p user:pass@proxy.example.me:3128

For unauthenticated Proxy

-p IP address or Hostname:port

e.g. -p proxy.example.me:3128


Need Support?

Do you need help? You can access our support portal to create, view, and update tickets anytime.

https://cybercns.freshdesk.com

Click below to be directed to our secure support portal or email support@connectsecure.com to open a ticket.