Agents Overview

The CYRISMA Agent serves as the primary data collector for CYRISMA instances. It operates in two modes:

1. Agent-Based Scanning: The agent collects vulnerability, configuration, and sensitivity data from the host machine it is installed on. Each host requires an agent for these tasks.
2. Agentless Scanning: The agent collects data from other machines on the network without requiring agents on the targets. It can also perform network discovery and unauthenticated vulnerability scans. For this mode, the host running the agent must have network credentials to access the targets.

Agent Prerequisites

Before installing an agent, ensure the following requirements are met:

Supported Systems:

• Windows Server 2012 R2, 2016, or 2019
• Windows 10 or 11 workstations

Communication Requirements:

• Ensure the agent can communicate with servers in the cyrisma.com domain.
• Exempt the C:\Cyrisma_Agent directory from antivirus scans and allow mail from cyrisma.com in your anti-spam settings.

Java & Memory Requirements:

• Java requires at least 1024MB of available memory on the host machine.

DotNet 4.8 or Above:

• The installer can install DotNet if missing, but a reboot may be required. Download DotNet from here.

Credentials for Agentless Scanning:

• Create a network account with Admin rights to provision agents for scanning machines without local agents.

Agent Installation

Graphical Installer:

1. Double-click the downloaded installer (Cyrisma_Setup.exe).
2. Enter the Installation Key and URL from the Scan Agent page of the CYRISMA Command Center.
3. Accept the End User License Agreement.
4. The installation will proceed in the background after the initial setup window closes.
5. Logs are available at C:\CYRISMA_Agent\logs\CYRISMA_Agent_Install.log.

Agent Status Section

The Agent Status Section provides an overview of all agents associated with your CYRISMA instance, displaying their current state and key details:

• Scan Agent Name: The name and version of the installed agent.
• Host: The machine where the agent is installed.
• Running Task: The current scanning task being performed by the agent (e.g., "Idle" if no active tasks are running).
• Last Checked: The last time the agent communicated with the CYRISMA Command Center. Agents that have not checked in for an extended period will appear as "Down."
• Action: Available actions include:
  • Restart: Requests the agent to restart at its next check-in.
  • Edit: Allows you to modify agent details, including credentials and settings.

Interpreting Agent Status:

• Idle - Down: Indicates the agent is not performing any tasks and has not checked in recently. Agents that do not check in for 840 hours will no longer increment their time values and are presumed permanently offline.
• Idle: Indicates the agent is ready for new tasks.

Agents can be sorted, filtered, or searched to locate specific agents quickly. The table view supports pagination for large environments.

Provisioning a New Agent

After installation, provision the agent to enable scanning capabilities:

Navigate to Admin -> Scan Agents and select Provision New Agent.

Unprovisioned agents will appear in the list. Select the agent and choose its scanning mode:

• Local Only: No network credentials are required.
• Network Scans: Enter network credentials. Use a service account with local admin rights on the targets.

When provisioning an agent, you have the option to add the agent(s) to an existing Internal Authenticated group scan and/or a Secure Baseline group scan. In the 'Add New Agents' modal, Select a scan from the 'Vulnerability Scan' and/or 'Secure Baseline Scan' drop-downs to select a scan to add the agent to while provisioning the agent.

Submit the provisioning details. Agents will check in within 1–10 minutes and begin receiving scanning tasks.

Managing Agent Downloads

In the Agent Download Section, you can download agent installers for different operating systems (Windows, Mac Intel, Mac M-Series, Linux/Debian). Each installer includes:

• Deployment Agent Name: The name of the installer.
• Installation Key/URL: Required credentials for the agent to connect to your instance.
• Download Link: Direct download link for the agent installer.
• Recipient: Email button to send download instructions to team members.

The Regenerate Windows Installation Key button allows you to update the installation key for new deployments.

Agent Permissions

Agent operations rely on Windows Security Framework permissions. Ensure the following for successful scans:

Domain Environment:

• Firewall rules, WinRM settings, and endpoint protection must allow agent operations.
• Adjust agent service credentials to match the network credentials used during provisioning.

Non-Domain Environments:

• Enable remote management settings manually.
• Install agents directly on all target machines to simplify operations.

Agent logs can provide detailed information on adjustments required for permissions or security framework issues.

Updating and Deleting Agents

To update an agent:

1. Go to Admin -> Scan Agents and select Update Existing Agent.
2. Update agent details such as:
   • Service Account Password: Ensure the updated credentials match those on the network/domain.
   • Memory Threshold: Adjust the maximum percentage of memory the agent can consume.
   • Physical Notes or Status: Disable or enable agents as needed.

To delete an agent:

1. Use the Delete button on the Scan Agents page.
2. This action:
   • Removes the agent from the CYRISMA Command Center interface.
   • Sends an uninstall signal for the agent to remove itself upon the next check-in.

Best Practices for Agent Usage

• Remote Hosts: Always install agents locally on remote machines to ensure consistent scanning.
• Local Networks: Utilize agentless scanning for simplicity, provided credentials and permissions are configured correctly.
• Service Accounts: Use strong, secure credentials for agent provisioning and update passwords as needed to prevent lockouts.
• Monitor Agent Logs: Regularly review logs to identify and resolve issues related to connectivity, permissions, or resource constraints.

The CYRISMA agent ensures seamless, scalable scanning for vulnerabilities, secure baselines, and data sensitivity across diverse environments.