/
Agent Dependency and Whitelisting

Agent Dependency and Whitelisting

Dependencies

The ConnectSecure agent requires several dependencies in the default agent installation directory according to the installed operating system.

For Windows: ‘C:\Program Files (x86)\CyberCNSAgent’

For Mac/Linux: /opt/CyberCNSAgent

Windows

MAC

Linux

ARM

Windows

MAC

Linux

ARM

Lightweight Agents

connectsecurepatch.exe

 

 

 

cybercnsagentmonitor.exe

 

 

 

cyberutilities.exe

cyberutilities_darwin

cyberutilities_linux

cyberutilities_arm

main.ps1

main.ps1

main.ps1

main.ps1

osqueryi.exe

nmap

nmap

osqueryi_arm

scripts.zip

osqueryi_darwin

osqueryi_linux

scripts.zip

vcruntime140.dll

scripts.zip

scripts.zip

 

WindowsSpeculationControlFinder.zip

 

 

 

Additional Dependencies For Probe Agent

osqueryi_darwin

osqueryi.exe

osqueryi.exe

osqueryi.exe

osqueryi_linux

osqueryi_linux

osqueryi_darwin

osqueryi_linux

osqueryi_arm

osqueryi_arm

osqueryi_arm

osqueryi_darwin

firewall_configs.zip

firewall_configs.zip

firewall_configs.zip

firewall_configs.zip

nmap.zip

nmap

nmap

nmap

npcap.exe > 1.50 version

 

 

 

WindowsSpeculationControlFinder.zip

WindowsSpeculationControlFinder.zip

WindowsSpeculationControlFinder.zip

WindowsSpeculationControlFinder.zip

You can view the status of dependencies based on the agent by clicking on Overview > Agents and tapping on the three-dot Action menu.

image-20240522-210457.png

Select the Dependency Status option.

image-20240522-210527.png

This is an example of a Windows-based asset with a probe agent installed:


Please whitelist outbound communication from the agent machine to *.myconnectsecure.com and Whitelist below URL for Cloudflare R2 to download dependencies:
45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com

You can test the connection using the below command:

telnet 45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com 443

You can install TELNET CLIENT from Microsoft here: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771275(v=ws.10)

Dissolvable Agent for Probe-Scanned Assets

For remote assets getting scanned via Probe Agent:

  • Whitelist the executable path below for the dissolvable agent to be entered into a remote asset.  "C:\windows\CyberCNS_DissolvableAgent" 

  • To whitelist the folder on the remote asset, use the installation folder path, i.e “C:\Windows\CyberCNSAgent”


Port Communications

ConnectSecure V4 Agent(s) require ports 4222 and 443 to be open from the agent machine to the respective Region/POD IP addresses as shown below, based on your POD.


Windows Defender Policy

Use the PowerShell command to add the CyberCNSAgent to your Windows Defender allow policy:

Command: Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Program Files (x86)\CyberCNSAgent\cybercnsagent.exe"


Supported Operating Systems

Check out the complete list here: Agent Configurations | Supported Operating Systems


For optimal agent communication, you should consider adding the neccessary allow/whitelist policies based on the POD/Region of your ConnectSecure portal hosting. Tap the INFO icon from the Global Dashboard view to obtain your location.

Based on your POD, tap the location to see the details.


Region

POD# (Location)

Function

Server

IP

Region

POD# (Location)

Function

Server

IP

US

POD101 (Atlanta)

API Communication & Attack Surface Mapper

pod-101-co-ordinator-1

pod-101-worker-2

pod-101-worker-3

pod-101-worker-4

155.138.163.9

144.202.22.7

144.202.31.82

155.138.239.5

US

POD101 (Atlanta)

Cloudflare R2

http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/

US

POD101 (Atlanta)

Domain

*.myconnectsecure.com

US

POD101 (Atlanta)

External Scan

externalscan-pod101

96.30.199.202
144.202.19.68
104.156.254.48
155.138.195.116
155.138.196.189

US

POD101 (Atlanta)

Load Balancer

pod-101-ccns-lb

servicebus-pod-101-atl

pod-101-cybercns-lb

servicebus-pod-101-cybercns-atl

144.202.23.74

96.90.197.238

144.202.24.89

45.76.60.220

US

POD101 (Atlanta)

NATS Communication Domain Names

servicebus1011.myconnectsecure.com

servicebus1012.myconnectsecure.com

servicebus1013.myconnectsecure.com

servicebus1014.myconnectsecure.com

US

POD101 (Atlanta)

API Communication Domain Names

pod101.myconnectsecure.com

pod101.mycybercns.com

Region

POD# (Location)

Function

Server

IP

Region

POD# (Location)

Function

Server

IP

US

POD102 (LAX)

API Communication & Attack Surface Mapper

pod-102-co-ordinator-1

pod-102-worker-2

pod-102-worker-3

pod-102-worker-4

149.28.93.167

149.248.19.118

45.32.80.51

149.248.4.153

US

POD102 (LAX)

Cloudflare R2

http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/

US

POD102 (LAX)

Domain

*.myconnectsecure.com

US

POD102 (LAX)

External Scan

externalscan-pod102

149.28.94.44
66.42.106.63
45.76.69.20
45.63.48.188
149.28.82.167

US

POD102 (LAX)

Load Balancer

pod-102-ccns-lb

servicebus-pod-102-lax

pod-102-cybercns-lb

servicebus-pod-102-cybercns-lax

45.77.87.242

108.61.217.214

149.248.1.190

45.32.64.70

US

POD102 (LAX)

NATS Communication Domain Names

servicebus1021.myconnectsecure.com

servicebus1022.myconnectsecure.com

servicebus1023.myconnectsecure.com

servicebus1024.myconnectsecure.com

US

POD102 (LAX)

API Communication Domain Names

pod102.myconnectsecure.com

pod102.mycybercns.com

Region

POD# (Location)

Function

Server

IP

Region

POD# (Location)

Function

Server

IP

US

POD103 (Miami)

API Communication & Attack Surface Mapper

pod-103-co-ordinator-1

pod-103-worker-2

pod-103-worker-3

pod-103-worker-4

47.77.164.106

45.32.162.89

45.77.163.10

45.63.105.163

US

POD103 (Miami)

Cloudflare R2

http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/

US

POD103 (Miami)

Domain

*.myconnectsecure.com

US

POD103 (Miami)

External Scan

externalscan-podui-pod103

144.202.37.9
104.238.137.61
45.77.93.69
45.77.165.110
45.32.172.78

US

POD103 (Miami)

Load Balancer

pod-103-ccns-lb

servicebus-pod-103-MIA

pod-103-cybercns-lb

servicebus-pod-103-cybercns-MIA

104.207.144.192

149.28.101.233

149.28.97.153

45.63..110.13

US

POD103 (Miami)

NATS Communication Domain Names

servicebus1031.myconnectsecure.com

servicebus1032.myconnectsecure.com

servicebus1033.myconnectsecure.com

servicebus1034.myconnectsecure.com

US

POD103 (Miami)

API Communication Domain Names

pod103.myconnectsecure.com

pod103.mycybercns.com

Region

POD# (Location)

Function

Server

IP

Region

POD# (Location)

Function

Server

IP

US

POD104 (LAX)

API Communication & Attack Surface Mapper

pod-104-co-ordinator-1
pod-104-worker-2
pod-104-worker-3
pod-104-worker-4

149.248.11.111
104.238.140.172
149.28.85.100
149.28.89.183

US

POD104 (LAX)

Cloudflare R2

http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/

US

POD104 (LAX)

Domain

*.myconnectsecure.com

US

POD104 (LAX)

External Scan

externalscan-pod104

45.32.73.67
45.77.124.22
149.28.83.41
149.28.93.179
45.77.87.43

US

POD104 (LAX)

Load Balancer

pod-104-ccns-lb
servicebus-pod-104-lax
pod-104-cybercns-lb
servicebus-pod-104-cybercns-lax

144.202.125.97
66.42.108.17
149.28.76.247
149.28.77.82

US

POD104 (LAX)

NATS Communication Domain Names

servicebus1041.myconnectsecure.com

servicebus1042.myconnectsecure.com

servicebus1043.myconnectsecure.com

servicebus1044.myconnectsecure.com

US

POD104 (LAX)

API Communication Domain Names

pod104.myconnectsecure.com

pod104.mycybercns.com

Region

POD# (Location)

Function

Server

IP

Region

POD# (Location)

Function

Server

IP

US

POD105 (Atlanta)

API Communication & Attack Surface Mapper

pod-105-co-ordinator-1
pod-105-worker-2
pod-105-worker-3
pod-105-worker-4

155.138.211.47
155.138.216.219
45.76.63.93
155.138.201.146

US

POD105 (Atlanta)

Cloudflare R2

http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/

US

POD105 (Atlanta)

Domain

*.myconnectsecure.com

US

POD105 (Atlanta)

External Scan

externalscan-pod105

66.42.80.25
155.138.215.234
45.32.216.246
45.76.60.14
45.32.213.19

US

POD105 (Atlanta)

Load Balancer

pod-105-ccns-lb
servicebus-pod-105-ATL
pod-105-cybercns-lb
servicebus-pod-105-cybercns-ATL

66.42.92.100
155.138.174.213
45.32.223.18
96.30.199.63

US

POD105 (Atlanta)

NATS Communication Domain Names

servicebus1051.myconnectsecure.com
servicebus1052.myconnectsecure.com
servicebus1053.myconnectsecure.com
servicebus1054.myconnectsecure.com

US

POD105 (Atlanta)

API Communication Domain Names

pod105.myconnectsecure.com
pod105.mycybercns.com