Active Assets

Owned by Vrushali Parkar
Last updated: Nov 09, 2023 by Vrushali
14 min read

 

 

 

Active Assets

CyberCNS supports Deep scans of the network and discovers all active assets such as Routers, Switches, Access Points, Virtual Machines, Desktops, Laptops, Servers, and a few supported Printers. All discovered assets will further allow for a deep dive view and feature an easy-to-view 3-pane user interface layout released with CyberCNS V3.0. All the devices that are discovered using discovery settings for a company will appear here. Also, all tables under Asset details will have the “download as XLSX” option available. Even if the Assets are not shown under active assets after the scan is completed. Please refer

Navigate to Company View and Active Assets> Probe Assets/ LightWeight Assets/ One Time Scan Assets.

  • Searching for an Asset from the listed ones is available using the Search Asset option.

  • Individual Asset details will cover information such as Host Name, IP Address, Operating System, Tags, Importance, Discovered using which protocol, Last vulnerability scanned, Last PII Scanned Time, Vulnerability Risk Score ( Letter Grading), Serial Number, Last Logon User, and so on.

The last Vulnerability Scan timestamp helps verify the last scan of the asset.

  • The last sync time of the lightweight agent assets can be viewed in the asset details.

  • Bell icon indication is shown for Critical vulnerable assets. The Notification will be gone if you close it manually or the application is remediated. It will reappear again once you refresh the page or log out and log in again.

  • Here next if you click on that notification, it will open a CVE database search and show the affected assets.

Add/Update Credentials

  • Add/Update Credentials can be applied to online assets.

  • Add/Update Credentials for an individual asset as shown below. Select the OS type from the drop-down. The current choice of OS available includes Windows, Linux, VMWare, Darwin (Mac OS), and Network Devices.

  • Asset information can be updated at the asset level like Name, Type such as Windows/Linux/VMWare/Darwin/Network Device, username, password, and domain can be provided.

  • Tagging of any asset as a Production Machine to differentiate from other machines is also available.

  • Here user can view if the asset is Online()/Offline() for Lightweight Agents.

  • Here can view the agent ID for the respective asset by hovering over the cursor on the asset name.

  • Moving further with information gathered by CyberCNS V2, we see a summary like Vulnerabilities, Applications, Ports & Compliance.

  • Vulnerabilities & Applications provides you with a Total number of vulnerabilities along with categorization into Critical High, Medium & Low. These numbers when clicked will take you to a filtered view of the details of the category selected.

  • In the Security Report Card, different conditions are graded with details as shown below. e.g if an Antivirus is installed & enabled the score will be shown as 5 or else the score will be 1. This is also available as a report under Standard Reports.

  • The grades in the security and compliance report cards are correlated in the attached document.

  • In the Compliance Report Card, different conditions are graded along with Evidence as shown below.

  • If the Registry key is not present the LLMNR is Enabled and the score will be shown as 1 or the score will be 5.

  • If the Registry key is not present the NTLMV1 is Disabled and the score will be shown as 5 or the score will be 1.

  • If NBTNS is Enabled the score will be shown as 1 or the score will be 5.

  • If the Registry key is not present SMBV1 Server is Disabled and the score will be shown as 5 or the score will be 1.

  • If the Registry key is not present, SMBV1 Client is Disabled and the score will be shown as 5 or the score will be 1.

  • If a SMBSigning is Disabled the score will be shown as 1 or the score will be 5.

  • If the Registry key is not present TLS 1.2 is enabled and the score will be shown as 1 or the score will be 5.

  • If the Registry key is not present TLS 1.0 is Disabled and the score will be shown as 1 or the score will be 5.

  • If the Registry key is not present TLS 1.0 is Disabled and the score will be shown as 1 or the score will be 5.

  • Next, the Remediation Plan for that asset after it is scanned successfully is shown. This shows a list of Applications and OS updates along with required details like KB number, application version, and the total number of vulnerabilities associated with that update. These Vulnerabilities are categorised as Critical, High, Medium, and Low and shown here with colors associated with the category. e.g. Critical Vulnerabilities are RED in color.

  • To get into details of remediation, you can click on View Evidence and it will show you information like Product, Link to Fix & Current Version.

  • Items in the Remediation Plan fall under three categories PENDING, SUPPRESSED, and REMEDIATED.

  • Items that are Suppressed are listed under the Suppressed status filter.

  • Items that are actually remediated are indicated/updated with a green tick under REMEDIATED status filter.

  • Further, in the Vulnerability section of the asset, the Vulnerabilities are listed in you will be able to get the details of the CVEs, Severity, Product, Title, Description, and CVSS Score ( Base, Impact & Exploitability as being CVSS).

  • In the search bar, searching a particular CVE, and using the filters option to view the particular data as required is available.

  • Network Scan Finding will show network vulnerabilities categorized into Critical, High, Medium and Low.

  • The Informational tab under Network Scan Findings mentions items that are only for informational purposes.

  • Moving further to Compliance Check, a section that lists compliance controls that are applicable to this Asset.

  • Windows 11 Compatibility Check - This information will contain configuration, disk utilization, graphics resolution, and firmware.

  • It shows the details of → AMD Processor, a list of CPUs that are Windows 11 compatible.

  • PII Scan Result - This information will contain Status, Asset Name, Asset Type, Details, Line Number, and PII Data found.

  • Next, you will be able to get the list of Installed Programs on the system along with the Vulnerability Count if any.

  • Browser Plugins and alerts for Blacklisted plugin data will be shown here.

  • Installed Patches - Once the authenticated scans are completed successfully, the installed patches information will be showcased for Windows OS applications here.

  • The Services tab shows service details on the system with the current status captured during the scan.

  • The ports section in Asset details will list all the ports that are open and whether Compliant(Secure or In secure). The vulnerability count attached to these ports is also displayed so the user can take appropriate action.

  • Asset Users - Asset Users' information like User group and Logon Time will be showcased here.

  • Asset Shares - Asset share information like Name, Account Names, and Access Rights will be showcased here.

  • Next in the details, you will be able to see the details of available Interfaces of the asset.

  • The details of the utilisation of the Storage of the asset.

  • Asset Firewall Policy showcases the firewall policy status as enabled or disabled.

The Unquoted Service path shows the path only for the Windows.

  • An unquoted Service Path showcases the path for the services that are running with an unquoted service path.

OSquery: select name,service_type,display_name,start_type,path from services where (path not like '"%"%' and path not like '"%"') and path not like 'c:\Windows%' and start_type = 'AUTO_START' and name not like '%cybercnsagent%';

  • The OS query we use will search for the service name, executable path, and display name of the service as well as the services that auto-start in all the directories except C:\Windows\ and are already not enclosed within the double quotes.

  • If there are affected service paths, the query will list the name and path of the affected items, allowing us to view which ones we need to fix. 

How do we fix:

  • Open up the Registry Editor as an Administrator and then navigate to the below path HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services

  • The next step is to look for the application name which was listed in the unquoted service paths, and double-click on the name, to expand the information. After expanding, click on the ‘ImagePath’ line on the right side of the panel and edit the path. You need to add a double quote at the start and end of the path.  

  • For example:

Before: C\Program Files\unqouted test \binary files\excutable files\real-program.exe

After: “C\Program Files\unqouted test \binary files\excutable files\real-program.exe”

  • Once done, need to exit the registry editor and reboot the machine for the changes to take effect. Navigate to the CyberCNS portal, and scan the agent/asset to see the updated results.

  • In the assets section, options such as Sort, Filter, Refresh, Add Asset, Scan now, Integration Action, Snooze, and Toggle button [enable/disable] are available to perform different actions.

  • Assets can be sorted based on the Fields such as Asset Name, Risk Score, Last Vulnerability Scan, Last Discovered Scan, IP Address, OS, and Tags as shown below.

 

  • Once Field is chosen It can be used for further use by Clicking on the Save/Filter option or Filter option for One time utilization.

  • Assets can be filtered based on the Agent Type (ALL/ Probe, Lightweight/One-time scan agent), Status (Online/Offline), and Scan Status (Credentials not available for Scan, Not supported for Vulnerability Scan) of the assets.

  • Based on the Agents chosen agent type All, probe Agents, and Lightweight Agents can be filtered.

  • Only LWA can be filtered based on Online and Offline Agents.

  • Based on the scan status agents can be filtered.

  • If the asset is supported for a Vulnerability scan but cannot perform the scan because credentials are not given or it fails to authenticate, agents will highlight that asset Credentials not available for Scan.

 

  • Not supported for Vulnerability Scan will be highlighted if there are any actual devices, that are not supported by CyberCNS for vulnerability scan (even though credentials were given).

  • Click on Add Asset to add an asset as per the requirement.

  • In the depicted below image enter the details of Name, Asset IP, Choose Agent, and Importance, and click on Save.

  • To add asset credentials choose the credential type, and enter the Username and Password.

  • Once the details are provided click on Save.

  • Under Scan now, multiple scans such as Full Scan, Asset Scan, Vulnerability Scan, External Scan, Active Directory Scan, SNMP Scan, Lightweight Agent Scan, and Firewall Scan options are available to carry on different types of scans.

  • Under the Integration Action section, we have Remediation Action and Asset Action.

Integration Action for Remediation Plan can be used and achieved as below

  • Select the action item in the Remediation Plan.

  • Once Remediation Action under Integration Action is chosen, select the Integration Mapping Credential (which is already set under Global View> Integrations section) and Actions using integrations can be provided as per the requirement.

  • Once the below details are provided, click on Next.

  • Next, it will request/ask to enter the details to create a ticket, and once the details are provided click on Submit.

  • When the details are submitted, the ticket number will be generated as a notification message.

Suppress/Activate any action item listed under the remediation plan can be achieved below

  • Select an item under the remediation plan and click on Snooze/Activate option to suppress the remediation.

  • Select any one reason out of four & number of days to Snooze/Suppress the Remediation.

  • In case the Other option is selected, give the reason for suppressing the remediation plan and click on Submit.

  • Once the action item is suppressed successfully, it will be seen under the Suppressed Filter of Remediation Plan.

  • Enable or Disable the Toggle Table View is possible. Using this view, bulk actions can be performed.

  • Once the Toggle Table view is enabled will get the table with asset details such as Hostname, IP, OS, Manufacturer, Tags, Importance, Agent Type, Discovered Using, etc.

  • Using the top right icons, choose the fields that are required and save the settings once the columns are modified.

  • Using the download option, downloading the data as full data or filtered data is possible.

  • Under the Action column, the options of Details (which again takes to Asset Details View), Scan Now to Scan an individual asset, Delete to delete the asset, and Deprecate to deprecate the asset are available.

  • In this view, when multiple assets are selected using a check box, Global Actions options appear with options like Scan Now, Update Tag, Delete Tag, Update Importance, Delete and Deprecate actions can be performed for bulk/multiple assets.

 

Backup Software Exclusion

  • Navigate to the asset which needs to be excluded from the backup software check, from the Active Assets section.

  • Click on the "Tags" section to open it.

  • Add the tag BackupNotRequired to the asset and click close.

  • Under the Asset Security and Compliance Overview view, confirm that the Backup software section is no longer visible for the asset with the BackupNotRequired tag.

  • Ensure that the asset is tagged asBackupNotRequired for that Backup software section to be no longer included in the reports related to Backup software.

  • Tags can be edited using the Edit Tag(s) option.

  • Click on Edit Tag(s) to edit single or multiple tag names.

  • After editing the tag(s) name click on Update to update the tag name.

  • Click on Enter a tag name and press comma or enter to create a New Tag

  • To delete the tag name click on .

No Active Assets Found

 

1. The Nmap scan fails due to the permission issue when installing dependencies like

npcap and VC_redistx86. (windows)This can be resolved by manually installing the agent.

Open command prompt as administrator in agent machine

Step 1: Stop agent services

  • net stop cybercnsagentmonitor

  • net stop cybercnsagentv2

Step 2: Navigate to the agent nmap folder and install npcap and VC_redist x86 manually.

C:\Program Files (x86)\CyberCNSAgentV2\nmap

  • Run the Npcap OEM executable

  • Run the VC_redist x86 executables

Step 3: On successful installation initiate a scan in the Cybercns portal.

2. It may be the older version of the npcap driver present on the machine that is not supporting the agent. Please uninstall the npcap using the below steps,

Open the command prompt as administrator in the agent machine

Step 1: Stop agent services

  • net stop cybercnsagentmonitor

  • net stop cybercnsagentv2

Step 2: Uninstall the npcap / pcap driver from the agent machine

Step 3: Reboot the machine

Step 4: Initiate the scan from the Cybercns portal, which will automatically install the latest NPCAP OEM version and run the scan normally.

Multiple options can be selected.

This completes the Active Assets documentation.