This article gives you an overview of how the Scanning Agent works and how to set it up.
Please note that this feature is only available for Probely Plus.
What is the Scanning Agent?
Probely's Scanning Agent gives you the possibility to scan internal applications without the need to expose them on the Internet or even to our IP addresses. It is the ideal approach to scan any application that is only reachable from within your network, including development/staging/pre-release applications and internal production applications that support your business.
A single Agent can be used to scan multiple internal targets, but you can also have different Agents, each responsible for a part of your network. There is no need to have a single Agent with connectivity to the whole network.
The Agent is, typically, installed in a Virtual Machine (VM), but you can run its containers directly, without a VM.
It creates an encrypted and authenticated tunnel, in which traffic flows securely between Probely and your network.
To make sure we meet your security expectations we followed a set of principles:
- all code is open source, and publicly available.
- you have complete control over the Agent, including the right to change it
- we cannot access the Agent
- runs in containers, with the least required privileges
- all traffic is encrypted end-to-end
- it does not open any network port
How to install it?
The Agent installation process requires us to provide you with an installer and the matching password. This step requires you to contact Probely's support.
We are working on a fully self-provision process, without the need to contact support.
Create the Agent
1. In your Probely account go to the top right dropdown and click Scanning Agents. If you do not see this option, contact your account owner.
2. Click Add Agent
3. Set the name of the Agent and click Add. You can change the name anytime.
4. Contact our support. Use the chat icon on the bottom-right corner of the window, or email us.
The support will provide you with an installer and a password.
This step is required because we need to build an installer for the Agent you created. It will be bound to this Agent and can only be used by your account and only for targets configured to use this Agent.
Install the Agent
The complete instructions on how to install the Agent on your network are available here.
To summarize the installation process:
- install the Virtual Machine (VM)
We recommend using option 1, install a pre-built VM. We support multiple virtualization solutions and can help you during the installation process.
Other installation options are available, check them here.
- configure the VM connectivity
The network requirements are minimal: a set of outbound rules to contact Probely and update servers, essential network services (NTP, DNS, DHCP), and rules to connect to your target.
Please note that the Agent can be configured to use an HTTP proxy to reach the Internet. Check how on the instructions.
The VM and installer instructions explain how to verify if the setup is correct. If something is not working please contact us, ideally with the output of the following commands:
sudo docker logs tunnel
sudo docker logs gateway
sudo docker ps -a
How to scan with the Agent?
Now that the Agent is configured, you just need to choose which targets will use it.
Go to the settings of the target you want to scan with the Agent and select the Agent you want to use. Click Save. In this example, we have an Agent named Staging.
From this moment, scans to this target will always go through the Agent Staging.
Delete removes this configuration, for this target.
Choosing an Agent in the target settings.
You can also assign an Agent to multiple targets at once, in the targets list. Just select the targets you want to configure and the options will appear:
Assigning an Agent to multiple targets at once.
Targets configured to use an Agent will show a green cloud icon with a tunnel in the listing, as the image above shows.
The complete installation reference is here, at Probely's Github repositories. The source code for the installer is also published there.
For any question about the Scanning Agent please don't hesitate to reach us.
ps: Why the name Farcaster? Read here.