CyberCNS Global Deployment V4 Agent

Kevin_Bourbina · January 4, 2024, 2:42pm

Morning,

I’m not sure how many use CyberCNS who are aware of their recent change from V3 to V4, but it seems like the PowerShell variables for the lightweight agent install script have changed and some of the parameters required from the V3 script in the Global Deployment seem to be missing from the V4 install script. I’m unsure if this is going to require the Global Software deployment to be updated, but for example the Client Secret is missing from the V4 script when it’s required for the ImmyBot deployment and listed in V3. In the replies I’ll attach example scripts from test companies to showcase the differences.

Kevin_Bourbina · January 4, 2024, 2:44pm

V3:

Kevin_Bourbina · January 4, 2024, 2:45pm

V4:

Mark_Meredith · January 5, 2024, 10:33pm

Jumping on this to hopefully increase visibility. We will certainly need the ConnectSecure v4 deployment package as well going forward.

Ryan_Gyure · January 5, 2024, 11:13pm

Same for us as well.

RodrigoM · January 9, 2024, 3:10am

I’m working on this.
When you create the download link for the agent through ConnectSecure, it will expire in 24 hours.

I couldn’t find the API endpoint in the ConnectSecure documentation for generating the download link. However, by scraping it, I managed to find the endpoint.
In case you need it, here is the endpoint:
https://configuration.myconnectsecure.com/api/v4/configuration/agentlink?ostype=windows

Installation: Connect Secure Setup Install Script

# $ArgumentList = @(
#     "-c $CompanyID",
#     "-a $ClientID",
#     "-i $InstallationType"
# )


$Arguments = "-c $CompanyID -e $ClientID -i $InstallationType"

$Process = Start-Process -Wait $InstallerFile -ArgumentList $Arguments -Passthru
Write-Host "ExitCode: $($Process.ExitCode)"

Uninstallation: Connect Secure Uninstallation Script

cd "C:\PROGRA~2"
sc stop ConnectSecureAgentMonitor
timeout /T 5 > nul
sc delete ConnectSecureAgentMonitor
timeout /T 5 > nul
sc stop CyberCNSAgent
timeout /T 5 > nul
sc delete CyberCNSAgent
ping 127.0.0.1 -n 6 > nul
taskkill /IM osqueryi.exe /F
taskkill /IM nmap.exe /F
taskkill /IM cyberutilities.exe /F
taskkill /IM cybercnsagent.exe /F
CyberCNSAgent\cybercnsagent.exe --internalAssetArgument uninstallservice
rmdir CyberCNSAgent /s /q

Configuration Task : Connect Secure Configuration Task

param(
[Parameter(Position=0,Mandatory=$True,HelpMessage=@'
 -c, --companyId string              CompanyID
'@)]
[String]$CompanyID,
[Parameter(Position=1,Mandatory=$True,HelpMessage=@'
 -e, --tenantId string                TenantID
'@)]
[String]$ClientID,
[Parameter(Position=2,Mandatory=$False,HelpMessage=@'
-i, --installAgent                   Install Agent
      --internalAssetArgument string   For Agent Internal Usage
'@)]
[ValidateSet('Probe','Lightweight')]
[String]$InstallationType='Lightweight'
)

Dynamic Versions: ConnectSecure Agent Dynamic Versions

Get-DynamicVersionsFromUrl `
    -URL 'https://configuration.myconnectsecure.com/api/v4/configuration/agentlink?ostype=windows' `
    -VersionsURLPattern '(?<Uri>https://.*.cloudflarestorage.com/connectsecure-use/agents/(?<Version>[\d\.]+)/windows/(?<FileName>cybercnsagent.exe)[^""]*)'

Gav · January 10, 2024, 10:46pm

@Anthony_Birone has been working with an Immy partner who has access to CyberCNS poking at it as ideally we would be making a new software and obtain the CompanyID ClientID etc from the API which would then be able to be used as a cross tenant deployment, however it appears CyberCNS isn’t allowing this with their new portal yet…

@RodrigoM did you do anything different with version detection or did the regex for the existing global software match with their new version?
Do you know if this would require an uninstall/install to update or does installing over the existing old agent with the new one work?

RodrigoM · January 11, 2024, 12:30am

Hi @Gav
Yes, I made a new way to find out the version using Regex for the latest update, and I can confirm that it now correctly identifies the newest version from the URL link.
Currently, I’m developing a download script that will identify the latest version from the API and then download it for the deployment process.

RodrigoM · January 11, 2024, 5:03am

@Gav This week was my first experience with ConnectSecure, so I don’t have any information about the previous version. I’m confident that the following command will remove ConnectSecureV4:

cd "C:\PROGRA~2"
sc stop ConnectSecureAgentMonitor
timeout /T 5 > nul
sc delete ConnectSecureAgentMonitor
timeout /T 5 > nul
sc stop CyberCNSAgent
timeout /T 5 > nul
sc delete CyberCNSAgent
ping 127.0.0.1 -n 6 > nul
taskkill /IM osqueryi.exe /F
taskkill /IM nmap.exe /F
taskkill /IM cyberutilities.exe /F
taskkill /IM cybercnsagent.exe /F
CyberCNSAgent\cybercnsagent.exe -r
rmdir CyberCNSAgent /s /q

Gav · January 11, 2024, 5:13am

Thanks for sharing your findings @RodrigoM!

Apologies, I was trying to confirm how you were doing version detection for if the software was installed like this:

Does the new agent match the same way for detection here or did you do something different? (I’ve not seen any new agent installed yet myself to know how it displays in add/remove programs.)

RodrigoM · January 11, 2024, 10:11pm

I’m not familiar with CyberCNS. I got assigned a task to set up an agent for ConnectSecureV4. Here’s what I did:

For dynamic versions (to download and use the latest version for deployment):

Get-DynamicVersionsFromUrl `
    -URL 'https://configuration.myconnectsecure.com/api/v4/configuration/agentlink?ostype=windows' `
    -VersionsURLPattern '(?<Uri>https://.*.cloudflarestorage.com/connectsecure-use/agents/(?<Version>[\d\.]+)/windows/(?<FileName>cybercnsagent.exe)[^""]*)'```

Anthony_Birone · January 18, 2024, 2:46am

Another Immy partner asked us to build a dynamic integration with CyberCNS V4. We attempted to do so but were told by CyberCNS that the V4 API was not ready for production. They informed us that they were not allowing anyone to create V4 API keys.

I believe you can continue using the V3 deployment, as the agent is supposed to upgrade to V4.

technotlemons · February 22, 2024, 10:10pm

V4 API has now been released

Prasanna_Palla · April 4, 2024, 10:16pm

V4 MSI is working

Installation Script

$Arguments = @"
/c msiexec /i "$InstallerFile" /qn /norestart /l*v "$InstallerLogFile" WRAPPED_ARGUMENTS="-c $CompanyID -e $ClientID -i"
"@
Write-Host "Running: $Arguments"
$Process = Start-Process -Wait cmd -ArgumentList $Arguments -Passthru
Write-Host "ExitCode: $($Process.ExitCode)"

if ($Process.ExitCode -ne 0) {
    Get-Content $InstallerLogFile -ErrorAction SilentlyContinue
}

Barry_Trotman · May 5, 2024, 11:11pm

Is there any chance this can be updated into the global repository ready for use now that the MSI is supported?

Barry_Trotman · May 7, 2024, 8:40pm

@RodrigoM is this been completed and can it please be made available in the global repository?

Barry_Trotman · May 7, 2024, 9:32pm

I spoke to Connectsecure support; they say to go forward with the V4 agent deployment, not push the V3 agent and then syncing from the old portal.

DimitriRodis · May 30, 2024, 4:50pm

I have set up a development instance with ConnectSecure and will be working on this.

DimitriRodis · June 13, 2024, 4:57am

I have published the integration and agent into the ImmyBot global repository marked as Beta. It will not be marked as a release until I fix some known issues (with unknown resolutions) and also update the docs.

I have deployed agents successfully into a linked client using the agent linked to the integration in the global repo.

Known Issues:

A proper health check against the ConnectSecure API is not yet implemented. This shouldn’t prevent it from working, but fully completed integrations should have them properly implemented.
Despite successfully downloading and retrieving the installation parameters (aka InstallToken) from the API, I have a client that, when the agent attempts to install, we get back Exit Code -1. I don’t know what this means yet, or how to make the installer more verbose. If anyone knows what the Exit Codes are or has a doc link, please let me know.
I am planning on creating a configuration task that will allow you to override CompanyID/TenantID if needed, or if the integration is unavailable (because you “just need to deploy it” without the integration).
I have spoken briefly with @DarrenDK about the ability to have ImmyBot create ConnectSecure Tenants if they do not exist. It appears that we will need an additional integration interface to support this.
Alternatively to 4, I also spoke with @DarrenDK about a mechanism that would allow someone to create a cross tenant deployment, but ONLY deploy to linked tenants (this is my personal preference). I have some ideas based on ClientGroupings that @DarrenDK suggested I might try, but I haven’t gotten to this yet.
I am (for now) following the ConnectSecure docs for agent installation and uninstallation here: V4 How To (Home) - ConnectSecure V4 - Confluence (atlassian.net). There are some “alternative methods” in this thread for things like agent removal, but I am unsure if those alternative methods are truly needed–I’d like the feedback.

I will be keeping an eye on this thread, but it would also help to send issues into [email protected] addressed to me (for the time being), especially if you need to send instance/session links.

Barry_Trotman · June 13, 2024, 5:45am

Thanks, Dimitri for the effort and update on this, I’ll be testing and will provide feedback in this thread.