Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Assets prerequisites for agentless connections

Flows matrix

This matrix sums up the flows that may be required to monitor assets using agentless connection, based on the equipment type.

Source Destination Protocol Port Description
Cyberwatch scanner monitored asset TCP 22 SSH (Linux)
Cyberwatch scanner monitored asset TCP 5985 WinRM (Windows)
Cyberwatch scanner monitored asset UDP 161 SNMP (network devices)
Cyberwatch scanner monitored asset TCP 443 HTTPS VMware API
monitored asset Cyberwatch scanner TCP 443 HTTPS Microsoft cab file transfer

Software prerequisites

  • Operating System among those covered in the list of supported operating systems
  • SSH service enabled on Linux / UNIX, WinRM service enabled for Windows (PowerShell command: Enable-PSRemoting -Force), SNMPv3 enabled for network devices
  • Additional requirements for Linux:
    • Valid SSH account with login/password or public/private key authentication
    • Sudoers rights WITHOUT TTY if you want to deploy security fixes with Cyberwatch (optional)
  • Additional requirements for Windows:
    • Valid local or domain WinRM Administrator account, with “NEGOTIATE” authentication mode
    • The account provided MUST have administrator rights
    • The Windows Update service (wuauserv) must be activated
    • PowerShell v2 or higher must be installed, can be downloaded on the official Microsoft Update Catalog website
    • Windows Update Agent v6.1.0022.4 or higher must be installed

Windows Server 2008 assets also must support SHA-2 hash algorithms as described in the official Microsoft documentation. In summary, three updates are required:

  • SHA-2 Code Signing Support, by installing KB4474419
  • January 2020 (monthly rollup) update by installing KB4534310 on Windows Server 2008 R2 SP1
  • SHA-2 Related Servicing Stack Updates
    • by installing KB4490628 on Windows Server 2008 R2 SP1
    • by installing KB4493730 on Windows Server 2008 SP2

Requirements for Windows Server 2012 and Windows Server 2012 R2 to enable WUA scans

To guarantee that Windows Update Agent is fully operational, Windows Server 2012 and 2012 R2 need a cumulative monthly rollup update that is equal or more recent than: