CyberCNS Agent types

Owned by Vrushali Parkar
Last updated: May 03, 2023 by Sneha B A (Unlicensed)
3 min read

In this section, we describe the different types of CyberCNS Agents and to help you choose the right type of Agent for your specific use cases.

CyberCNS provides several agents that can be deployed depending on the client network, restrictions, and the level of access that you have to the partner site. These vary in scale on the level of simplicity to management overhead. This document provides a way for you to decide which combination of these different options you can choose.

CyberCNS supports agents to be installed on 64-bit systems only. It supports Windows, Linux, Mac, and Raspberry Pi (ARM) platforms for agent installation.

When the agent is installed → what data it collects

→ Data will be collected by the agent system and sent to the cloud instance securely. 

  • For Windows probe will use SMB protocol to communicate with remote assets where it will use Admin$ share for collecting data(Required write, read, and execute privileges).

  • For Linux/Mac probe will SSH to communicate with a remote instance to fetch data.

  • For Vmware will use SNMP/SSH based on credentials configured to fetch information.

  • For Network Devices Agent will use SNMP(V1/V2/V3) to get details.

Probe Or Regular Agent

  • The Probe can be installed on the Windows/Linux/Mac/ARM (Raspberry Pi) system in the network you would be running scans on. The agent runs requires the following prerequisites.

    • 4 cores CPU on the machine

    • Minimum of 4 GB RAM for the first 1000 Assets and 1GB for every additional 500 assets.

    • Minimum Requirement for ARM agent(Raspberry Pi): Raspberry PI 4 with 8GB RAM

    • Access to all the subnets which are to be scanned

    • Linux, Mac, and Raspberry Pi require the latest nmap installed.

    • Ports 443 outbound opened to the CyberCNS installation domain portal.mycybercns.com/me/<domain name>

  • The Probe is useful for an office environment where you have controlled IP Addressing.

  • It deploys the following techniques to get to the devices

    • Windows - It attempts to use the Admin SMB share to send a small executable called the Dissolvable agent that it then runs on the remote machine to fetch the details.

    • Active Directory - In case Active Directory Credentials are provided to the Probe under Discovery Setting, It uses LDAP OR SMB communication to fetch information from remote assets.

    • Linux - It uses SSH credentials to log in to machines and uses Linux commands to determine what is running on the machines.

    • Network Devices - It uses SNMP to discover the Sysobjectid and look up the version of the device and then query the vulnerabilities for the version. It also connects to OEM APIs to get the vulnerability details.

  • You can discover & scan multiple subnets(CIDR/IP Range/Static IP) using a single Probe.

  • The probe will require AD Credentials in the case of the AD environment for scanning purposes.

  • In the case of a workgroup environment, Probe can be supplied with common credentials under Discovery Settings> Master credentials which are to be used to login to Windows, Mac, and Linux remote systems.

Lightweight Agent

  • The Lightweight agent can be installed as a service so you can benefit from a continuous scanning approach.

  • If there is an RMM tool deployed on the network then you can use the RMM tool to push Lightweight Agent to multiple systems as the CyberCNS provides installation using PowerShoutsider’s view of the system.

    • Port 443 Outbound is required

  • The Scan agent can run as an executable i.e.Scan Agent which will gather information from an asset without installing.

  • It collects information from the local system and pushes data to the CyberCNS portal. It does not cross the machine boundary. One weakness of this is that one does not get an outsider's view of the system.

    • Port 443 Outbound is required