Probes / Agents

Below is a link to our YouTube Channel Series @ConnectSecureEducation which covers the ‘Probes/Agent’ module within CyberCNS. After the video link is our documentation. Let us know if you have any feedback, you can email to education@connectsecure.com

https://youtu.be/b0ZdKKd7B8I

Table of Contents for Probes / Agents

1 Overview
- 1.1 Single Agent Actions
- 1.2 Global Actions
2 Discovery Settings
- 2.1 Discovery Setting Options
- 2.2 IP Ranges
- 2.3 SNMP Credentials
- 2.4 Active Directory Credentials
- 2.5 Active Directory Credentials | Exclude IP
- 2.6 Master Credentials
  - 2.6.1 Azure AD Asset Scanning
  - 2.6.2 Granting Permissions for Local Network Share in Azure AD
3 Performance Management
4 Uninstalling Probes / Lightweight Agents
5 Deleting Single Probes / Lightweight Agents
6 Deleting Multiple Probes / Lightweight Agents
7 Lightweight Agent Scanning
8 Agent Migration
9 Deprecated Agents

This section will cover the Probes / Agents at the Company level.

Overview

The Probes/Agent screen gives you an overview of currently installed CyberCNS agents, both Probe and/or Lightweight Agents. Additional settings for the agents can be configured here as well as initiating any of our scan types.

Scan Types that can be initiated on the agents
Blue number indicates the total number of agents
Connectivity status (green is online, red is offline)
Agent Type (Lightweight or Probe)
Action menu with additional agent commands and options

You can perform actions against a single agent using the three-dot action menu

Single Agent Actions

Discovery Settings - parameters for Probe agent type used for scanning for IP-based assets
Uninstall - issues remote uninstall of CyberCNS agent/services (needs to be online to uninstall)
Delete - permanently deletes the agent from the CyberCNS portal
Fetch Event Logs - download a range of Microsoft Windows Event Logs (Jobs > Agent Event Logs)
Agent Update Info - displays logging detail for agent version updates (requires asset to be online)

Additionally, you can perform actions against multiple agents using the checkbox on first column of the agents and then the GLOBAL ACTIONS button will light up.

Global Actions

Uninstall - issues remote uninstall of CyberCNS agent/services (needs to be online to uninstall)
Delete - permanently deletes the agent from the CyberCNS portal
Lightweight Agent Scan - initiates a Lightweight agent scan
Agent Migration - move an agent from company to another without uninstalling or reinstalling

Discovery Settings

Discovery Settings are only available on the Probe agent type

The probe agent discovery settings can be configured to scan the network(s). By doing so, IP-based devices can be discovered and subsequently added to the Active Assets. Please find the available configuration options listed below.

Discovery Setting Options

We have 4 discovery type options to choose from when scanning the network(s). These include the following: CIDR, IP Range, Static IP, and Domain Name.

To get started with a discovery scan, first click on the +Add button

IP Ranges

When you first open the window it will automatically select the discovery type of CIDR, detect the local IP, subnet, and fill this in for you. This can be edited any time based on the network and scan requirements. The following discovery types are available for scanning.

CIDR - classless inter-domain routing; using slash notation, such as /24 (256 IP addresses)

IP Range - define the Start and End IP you want to scan (IE: 192.168.60.1 - 192.168.60.10)

Static IP - scan any fixed IP address

Domain Name - scan any fixed domain name / FQDN

Once you have configured the discovery type settings you will click on the SAVE button

Once you save your IP Range parameters, you will have the three-dot action menu available for some additional options, which include:

Copy to Probe - this allows you to copy the IP Range information from probe to probe within the same company; duplicates will be ignored.
Edit - allows you to edit the parameters of an existing IP Range entry
Delete - deletes the IP Range parameters permanently

SNMP Credentials

SNMP v1/v2 and v3 are all supported by CyberCNS using read-only credentials

You can toggle between the versions by clicking on the v1/v2 or v3 options as per screenshot below. (#1/2)

Click on the +Add button to enter and save SNMP credentials based on the version you require (#3)

SNMP v1/v2 requires just a Name, Version, and Community String.

SNMP v3 requires a Name, Security Name, Auth Protocol, and Privacy Protocol.

MD5 and SHA (Secure Hash Algorithm) protocols are used for Authentication
DES (Data Encryption Standard) and AES (Advanced Encryption Standard) protocols can be used for Privacy.

Once you save your SNMP credentials, you will have the three-dot action menu available for some additional options, which include:

Edit - allows you to edit the parameters of an existing IP Range entry
Delete - deletes the IP Range parameters permanently

Active Directory Credentials

Use the +Add button to store credentials to be used with Active Directory scanning computers part of the AD network(s). You can add a single set of credentials or multipole sets; both are supported but not required.

Complete each of the required fields and then choose save.

Active Directory Credentials | Exclude IP

See ‘Discovery Settings’ for more information about using the discovery types; CIDR, IP Range, Static IP, Domain Name.

Master Credentials

Define a common set of ‘local’ credentials to do an authenticated asset scan against company level assets.

Click the +Add button to add the Master Credentials.

You can add a single set of credentials or multipole sets; both are supported but not required.

Complete each of the required fields and then choose save.

Once you have credentials saved you will be able to Edit or DELETE using the three-dot actin menu on the saved credential entry.

Azure AD Asset Scanning

Azure AD users can not access a local network share directly. If they have a local Active Directory and it is connected to the Azure AD using Azure Connect, then users will sync with Azure AD and the local AD post which they can access ADMIN$.

Granting Permissions for Local Network Share in Azure AD

Install and configure an Azure AD Connect account.
Join your VM in Azure to the Domain Controller.
Set a user from the domain controller.

Performance Management

Uninstalling Probes / Lightweight Agents

Click on the Probes/Agents menu and use the three-dot action menu to issue the Uninstall command

If the agent is offline, you must uninstall the agent from the Control Panel or run the command prompt as administrator and use the following commands:

→ sc.exe delete cybercnsagentv2

→ sc.exe delete cybercnsagentmonitor

Deleting Single Probes / Lightweight Agents

Deleting Multiple Probes / Lightweight Agents

Use the checkboxes to select the Probes/Agents you want to mark for deletion, using Global Actions.

Lightweight Agent Scanning

You can also kick off Lightweight Scan by clicking the option from the top toolbar.

Agent Migration

We can migrate a CyberCNS agent from company to another using the Agent Migration option found under the Global Action menu. You will have to use the checkbox to select an agent and then the Global Actions button will appear.

Using the drop down (1), select the company and then choose Migrate (2) to move the agent.

Deprecated Agents

To set your Agent Deprecation Days navigate to Settings as per the screenshot below.