Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Differences between “agent-based” and “agentless” modes


  1. The two modes offer exactly the same features, the only difference lies in the direction of the network traffic.

  2. The “agent-based” mode conducts the analysis with an outgoing HTTPS traffic from the targeted asset towards the Cyberwatch machine.

  3. The “agentless” mode conducts the analyses with a SSH / WinRM network traffic incoming from the Cyberwatch machine towards the targeted asset.

“Agent-based” mode

The “agent-based” mode requires to install a light agent on every asset you want to monitor.

This agent is coded in Python and provided with APT / YUM / MSI packages.

The agent executes periodically with cron (Linux) or Windows Service (Windows), conducts a diagnostic of the targeted asset, and sends the results to the Cyberwatch host.

“Agentless” mode

The “agentless” mode requires a valid connection from the Cyberwatch host towards every asset you want to monitor. The connection is based on the classical administration interfaces SSH (Linux) or WinRM (Windows).

The connection is periodically used by the Cyberwatch host to connect to the targeted asset, run a diagnostic, and compute the results.