Agent Dependency and Whitelisting
Dependencies
The ConnectSecure agent requires several dependencies in the default agent installation directory according to the installed operating system.
For Windows: ‘C:\Program Files (x86)\CyberCNSAgent’
For Mac/Linux: /opt/CyberCNSAgent
Windows | MAC | Linux | ARM |
---|---|---|---|
Lightweight Agents | |||
connectsecurepatch.exe |
|
|
|
cybercnsagentmonitor.exe |
|
|
|
cyberutilities.exe | cyberutilities_darwin | cyberutilities_linux | cyberutilities_arm |
main.ps1 | main.ps1 | main.ps1 | main.ps1 |
osqueryi.exe | nmap | nmap | osqueryi_arm |
scripts.zip | osqueryi_darwin | osqueryi_linux | scripts.zip |
vcruntime140.dll | scripts.zip | scripts.zip |
|
WindowsSpeculationControlFinder.zip |
|
|
|
Additional Dependencies For Probe Agent | |||
osqueryi_darwin | osqueryi.exe | osqueryi.exe | osqueryi.exe |
osqueryi_linux | osqueryi_linux | osqueryi_darwin | osqueryi_linux |
osqueryi_arm | osqueryi_arm | osqueryi_arm | osqueryi_darwin |
firewall_configs.zip | firewall_configs.zip | firewall_configs.zip | firewall_configs.zip |
nmap.zip | nmap | nmap | nmap |
npcap.exe > 1.50 version |
|
|
|
WindowsSpeculationControlFinder.zip | WindowsSpeculationControlFinder.zip | WindowsSpeculationControlFinder.zip | WindowsSpeculationControlFinder.zip |
You can view the status of dependencies based on the agent by clicking on Overview > Agents and tapping on the three-dot Action menu.
Select the Dependency Status option.
This is an example of a Windows-based asset with a probe agent installed:
Please whitelist outbound communication from the agent machine to *.myconnectsecure.com and Whitelist below URL for Cloudflare R2 to download dependencies:
45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com
You can test the connection using the below command:
telnet 45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com 443
You can install TELNET CLIENT from Microsoft here: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771275(v=ws.10)
Dissolvable Agent for Probe-Scanned Assets
For remote assets getting scanned via Probe Agent:
Whitelist the executable path below for the dissolvable agent to be entered into a remote asset. "C:\windows\CyberCNS_DissolvableAgent"
To whitelist the folder on the remote asset, use the installation folder path, i.e “C:\Windows\CyberCNSAgent”
Port Communications
ConnectSecure V4 Agent(s) require ports 4222 and 443 to be open from the agent machine to the respective Region/POD IP addresses as shown below, based on your POD.
Windows Defender Policy
Use the PowerShell command to add the CyberCNSAgent to your Windows Defender allow policy:
Command: Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Program Files (x86)\CyberCNSAgent\cybercnsagent.exe"
Supported Operating Systems
Check out the complete list here: Agent Configurations | Supported Operating Systems
For optimal agent communication, you should consider adding the neccessary allow/whitelist policies based on the POD/Region of your ConnectSecure portal hosting. Tap the INFO icon from the Global Dashboard view to obtain your location.
Based on your POD, tap the location to see the details.
Region | POD# (Location) | Function | Server | IP |
---|---|---|---|---|
US | POD101 (Atlanta) | API Communication & Attack Surface Mapper | pod-101-co-ordinator-1 pod-101-worker-2 pod-101-worker-3 pod-101-worker-4 | 155.138.163.9 144.202.22.7 144.202.31.82 155.138.239.5 |
US | POD101 (Atlanta) | Cloudflare R2 | http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/ | |
US | POD101 (Atlanta) | Domain | *.myconnectsecure.com | |
US | POD101 (Atlanta) | External Scan | externalscan-pod101 | 96.30.199.202 |
US | POD101 (Atlanta) | Load Balancer | pod-101-ccns-lb servicebus-pod-101-atl pod-101-cybercns-lb servicebus-pod-101-cybercns-atl | 144.202.23.74 96.90.197.238 144.202.24.89 45.76.60.220 |
US | POD101 (Atlanta) | NATS Communication Domain Names | servicebus1011.myconnectsecure.com servicebus1012.myconnectsecure.com | |
US | POD101 (Atlanta) | API Communication Domain Names |
Region | POD# (Location) | Function | Server | IP |
---|---|---|---|---|
US | POD102 (LAX) | API Communication & Attack Surface Mapper | pod-102-co-ordinator-1 pod-102-worker-2 pod-102-worker-3 pod-102-worker-4 | 149.28.93.167 149.248.19.118 45.32.80.51 149.248.4.153 |
US | POD102 (LAX) | Cloudflare R2 | http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/ | |
US | POD102 (LAX) | Domain | *.myconnectsecure.com | |
US | POD102 (LAX) | External Scan | externalscan-pod102 | 149.28.94.44 |
US | POD102 (LAX) | Load Balancer | pod-102-ccns-lb servicebus-pod-102-lax pod-102-cybercns-lb servicebus-pod-102-cybercns-lax | 45.77.87.242 108.61.217.214 149.248.1.190 45.32.64.70 |
US | POD102 (LAX) | NATS Communication Domain Names | servicebus1021.myconnectsecure.com servicebus1022.myconnectsecure.com | |
US | POD102 (LAX) | API Communication Domain Names |
Region | POD# (Location) | Function | Server | IP |
---|---|---|---|---|
US | POD103 (Miami) | API Communication & Attack Surface Mapper | pod-103-co-ordinator-1 pod-103-worker-2 pod-103-worker-3 pod-103-worker-4 | 47.77.164.106 45.32.162.89 45.77.163.10 45.63.105.163 |
US | POD103 (Miami) | Cloudflare R2 | http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/ | |
US | POD103 (Miami) | Domain | *.myconnectsecure.com | |
US | POD103 (Miami) | External Scan | externalscan-podui-pod103 | 144.202.37.9 |
US | POD103 (Miami) | Load Balancer | pod-103-ccns-lb servicebus-pod-103-MIA pod-103-cybercns-lb servicebus-pod-103-cybercns-MIA | 104.207.144.192 149.28.101.233 149.28.97.153 45.63..110.13 |
US | POD103 (Miami) | NATS Communication Domain Names | servicebus1031.myconnectsecure.com servicebus1032.myconnectsecure.com | |
US | POD103 (Miami) | API Communication Domain Names |
Region | POD# (Location) | Function | Server | IP |
---|---|---|---|---|
US | POD104 (LAX) | API Communication & Attack Surface Mapper | pod-104-co-ordinator-1 | 149.248.11.111 |
US | POD104 (LAX) | Cloudflare R2 | http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/ | |
US | POD104 (LAX) | Domain | *.myconnectsecure.com | |
US | POD104 (LAX) | External Scan | externalscan-pod104 | 45.32.73.67 |
US | POD104 (LAX) | Load Balancer | pod-104-ccns-lb | 144.202.125.97 |
US | POD104 (LAX) | NATS Communication Domain Names | servicebus1041.myconnectsecure.com servicebus1042.myconnectsecure.com | |
US | POD104 (LAX) | API Communication Domain Names |
Region | POD# (Location) | Function | Server | IP |
---|---|---|---|---|
US | POD105 (Atlanta) | API Communication & Attack Surface Mapper | pod-105-co-ordinator-1 | 155.138.211.47 |
US | POD105 (Atlanta) | Cloudflare R2 | http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/ | |
US | POD105 (Atlanta) | Domain | *.myconnectsecure.com | |
US | POD105 (Atlanta) | External Scan | externalscan-pod105 | 66.42.80.25 |
US | POD105 (Atlanta) | Load Balancer | pod-105-ccns-lb | 66.42.92.100 |
US | POD105 (Atlanta) | NATS Communication Domain Names | servicebus1051.myconnectsecure.com | |
US | POD105 (Atlanta) | API Communication Domain Names |
Region | POD# (Location) | Function | Server | IP |
---|---|---|---|---|
US | POD106 (Silicon) | API Communication & Attack Surface Mapper | pod-106-co-ordinator-1 | 144.202.103.41 |
US | POD106 (Silicon) | Cloudflare R2 | http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/ | |
US | POD106 (Silicon) | Domain | *.myconnectsecure.com | |
US | POD106 (Silicon) | External Scan | externalscan-pod106 | 45.77.184.219 |
US | POD106 (Silicon) | Load Balancer | pod-106-ccns-lb | 45.32.136.214 |
US | POD106 (Silicon) | NATS Communication Domain Names | servicebus1061.myconnectsecure.com | |
US | POD106 (Silicon) | API Communication Domain Names |
Region | POD# (Location) | Function | Server | IP |
---|---|---|---|---|
US | POD107 (Miami) | API Communication & Attack Surface Mapper | pod-107-co-ordinator-1 pod-107-boldbi-5 pod-107-boldreport-6 | 104.156.246.18 207.246.65.150 149.28.99.175 |
US | POD107 (Miami) | Cloudflare R2 | http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/ | |
US | POD107 (Miami) | Domain | *.myconnectsecure.com | |
US | POD107 (Miami) | External Scan | externalscan-pod107 | 45.32.164.13 |
US | POD107 (Miami) | Load Balancer | pod-107-ccns-lb | 149.28.104.10 |
US | POD107 (Miami) | NATS Communication Domain Names | servicebus1071.myconnectsecure.com/ | 104.156.246.18 |
US | POD107 (Miami) | API Communication Domain Names |
Region | POD# (Location) | Function | Server | IP |
---|---|---|---|---|
US | POD200 (Canada) | API Communication & Attack Surface Mapper | pod-200-co-ordinator-1 | 155.138.158.204 |
US | POD200 (Canada) | Cloudflare R2 | http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/ | |
US | POD200 (Canada) | Domain | *.myconnectsecure.com | |
US | POD200 (Canada) | External Scan | externalscan-pod200 | 149.248.59.179 |
US | POD200 (Canada) | Load Balancer | servicebus-200-canada | 155.138.156.16 |
US | POD200 (Canada) | NATS Communication Domain Names | servicebus2001.myconnectsecure.com | |
US | POD200 (Canada) | API Communication Domain Names |
Region | POD# (Location) | Function | Server | IP |
---|---|---|---|---|
EU | POD300 (London) | API Communication & Attack Surface Mapper | pod-300-co-ordinator-1 | 192.248.150.43 |
EU | POD300 (London) | Cloudflare R2 | http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/ | |
EU | POD300 (London) | Domain | *.myconnectsecure.com | |
EU | POD300 (London) | External Scan | externalscan-pod300 | 78.141.199.55 |
EU | POD300 (London) | Load Balancer | pod-300-ccns-lb | 209.250.225.16 |
EU | POD300 (London) | NATS Communication Domain Names | servicebus3001.myconnectsecure.com | |
EU | POD300 (London) | API Communication Domain Names |
Region | POD# (Location) | Function | Server | IP |
---|---|---|---|---|
EU | POD400 (Poland) | API Communication & Attack Surface Mapper | pod-400-co-ordinator-1 | 70.34.243.47 |
EU | POD400 (Poland) | Cloudflare R2 | http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/ | |
EU | POD400 (Poland) | Domain | *.myconnectsecure.com | |
EU | POD400 (Poland) | External Scan | externalscan-pod400 | 64.176.68.187 |
EU | POD400 (Poland) | Load Balancer | pod-400-ccns-lb | 64.176.69.126 |
EU | POD400 (Poland) | NATS Communication Domain Names | servicebus4001.myconnectsecure.com | |
EU | POD400 (Poland) | API Communication Domain Names |
Region | POD# (Location) | Function | Server | IP |
---|---|---|---|---|
EU | POD401 (Madrid) | API Communication & Attack Surface Mapper | pod-401-co-ordinator-1 | 65.20.100.219 |
EU | POD401 (Madrid) | Cloudflare R2 | http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/ | |
EU | POD401 (Madrid) | Domain | *.myconnectsecure.com | |
EU | POD401 (Madrid) | External Scan | externalscan-pod401 | 65.20.101.228 |
EU | POD401 (Madrid) | Load Balancer | pod-401-ccns-lb | 65.20.103.34 |
EU | POD401 (Madrid) | NATS Communication Domain Names | servicebus4011.myconnectsecure.com | |
EU | POD401 (Madrid) | API Communication Domain Names |
Region | POD# (Location) | Function | Server | IP |
---|---|---|---|---|
AU | POD500 (Sydney) | API Communication & Attack Surface Mapper | pod-500-co-ordinator-1 | 149.28.188.232 |
AU | POD500 (Sydney) | Cloudflare R2 | http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/ | |
AU | POD500 (Sydney) | Domain | *.myconnectsecure.com | |
AU | POD500 (Sydney) | External Scan | externalscan-pod500 | 45.32.243.130 |
AU | POD500 (Sydney) | Load Balancer | pod-500-ccns-lb | 139.180.161.236 |
AU | POD500 (Sydney) | NATS Communication Domain Names | servicebus5001.myconnectsecure.com | |
AU | POD500 (Sydney) | API Communication Domain Names |
Region | POD# (Location) | Function | Server | IP |
---|---|---|---|---|
AF | POD600 (Johannesburg) | API Communication & Attack Surface Mapper | pod-600-co-ordinator-1 | 139.84.230.190 |
AF | POD600 (Johannesburg) | Cloudflare R2 | http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/ | |
AF | POD600 (Johannesburg) | Domain | *.myconnectsecure.com | |
AF | POD600 (Johannesburg) | External Scan | externalscan-pod600 | 139.84.237.7 |
AF | POD600 (Johannesburg) | Load Balancer | pod-600-ccns-lb | 139.84.229.231 |
AF | POD600 (Johannesburg) | NATS Communication Domain Names | servicebus6001.myconnectsecure.com | |
AF | POD600 (Johannesburg) | API Communication Domain Names |