The CYRISMA CyBroker Sensor is essential for scanning targets within the local area network (LAN) where the sensor is installed. It can conduct Data Sensitivity scans against UNC file paths and perform Vulnerability/Baseline scans on Windows, macOS, and Linux machines

PDF of documention: cybroker_setup.pdf

Prerequisites for Sensor Installation

Before setting up the sensor, ensure your workstation or server meets the following requirements:

Operating System: The sensor must be installed on:

• Windows Server (2012 R2, 2016, 2019)
• Windows 10 or 11 Workstations

Network Communication:

• Ensure communication with servers in the cyrisma.com domain by adjusting web filters and firewalls accordingly.
• Exempt the directory C:\Cyrisma_Agent from Anti-Virus scans.
• Allow emails from cyrisma.com in your Anti-Spam settings.

DotNet Framework:

• The sensor requires DotNet version 4.7.2. The installer may try to install it automatically, but it’s advisable to install it manually beforehand to avoid reboot issues. Download DotNet.

Network Rights:

• Create an account with Admin rights to enable “Agentless” scanning across the network and have these credentials ready for the agent provisioning process.

Installation Steps

Access Command Center:

• Log into the Cyrisma Command Center and navigate to ADMIN -> Scan Agents.
• Click Generate (or Regenerate) to create an installation key.

Download Agent:

• Use the provided link to download the agent installer from: Cyrisma Setup.

Run Installer:

• Execute the downloaded package on the target machine. You will need the installation key and the URL for pairing.
• Double-click the installer, input your key and URL, accept the EULA, and proceed through the installation prompts.

Command Line Installation (Optional):

• If using a deployment manager, run the following command:

• To install the packet capture driver for unauthenticated scans, include the parameter:

Final Approval:

• After installation, return to Command Center -> Admin -> Scan Agent to provision the new agent.
• Select the agent, and ensure to select “No” for “Run as System,” entering the service account credentials when prompted.

Endpoint Protection Considerations

The CYRISMA Agent functions in two modes:

• Local Scanning: Runs as “System” for local access.
• Network Scanning: Operates under a defined “Service Account” with provided credentials.

Due to its scanning capabilities, the agent may be flagged by endpoint protection systems. To avoid disruptions:

• Add the agent’s IP address to your firewall rules.
• Include the CYRISMA directory or specific executables in your endpoint protection exclusions:

Executables to Exclude:

• C:\CYRISMA_Agent\DataSpotliteAgent.exe (Main executable)
• C:\CYRISMA_Agent\App\psexec.exe (Remote attribute collection)
• C:\CYRISMA_Agent\App\atexec.exe (Secondary attribute collection)
• C:\CYRISMA_Agent\App\cytcp.exe (TCP scanning)
• C:\CYRISMA_Agent\App\fileconv.exe (Data preparation)
• C:\CYRISMA_Agent\bin\pscopy.exe (Agent management)
• C:\CYRISMA_Agent\App\7z.exe (Compression of results)

Conclusion

Following these steps and considerations will ensure successful installation and operation of the CYRISMA CyBroker Sensor in your network environment. Proper configuration and attention to endpoint protection settings will facilitate smooth scanning processes without triggering security alerts.