Internal Agents in Invicti Enterprise
In some organizations, some websites will only be available in the local network (and not on the internet). You can use our Internal Agent feature to scan your internal websites while the results remain on our Invicti Enterprise servers.
You can install an internal agent in Windows, Linux, and Docker. For further information, see Installing Internal Agents.
The Internal Agents feature is available in both Invicti Enterprise (On-Demand) and On-Premises.
- After installing the internal agent on your network, you should specify a website to scan it with the internal agent (see How to Configure an Agent for a Website)
- After installing the agents and determining which website will be scanned with the internal agent, you can start a scan on your internal website (How to Scan an Internal Website)
Allowlisting Invicti’s IP addresses for effective communication
Invicti Enterprise Web Application On-Demand and internal agents use certain IP addresses to communicate with one another.
In order for Invicti Enterprise Web Application On-Demand to operate effectively, you need to allowlist certain IP addresses on your firewall and/or proxy servers to allow communication of different components, such as internal scanning agents.
Without establishing this communication, you may run into different problems, such as:
- The scanner agent may not report all of its findings to the Invicti Enterprise Web Application.
- Or, Invicti Enterprise may not push the vulnerabilities to the on-premises integration endpoints, such as Jira.
It is strongly recommended to allowlist the IP addresses only if you plan to install any of the following components:
Internal Scanner Agent
Internal Authentication Verifier Agent OnPremises
Integrations, like Jira or CyberArk.
So, you need to allowlist the IP address for the components to communicate with one another, as needed.
- Allowlist the following addresses according to your region:
- US region: 126.96.36.199, 188.8.131.52, netsparkercloud.com, s3.us-east-1.amazonaws.com
- EU region: 184.108.40.206, 220.127.116.11, eu.netsparker.cloud, s3.eu-central-1.amazonaws.com
- CA region: 18.104.22.168, 22.214.171.124, 126.96.36.199, ca.netsparker.cloud, s3.ca-central-1.amazonaws.com
Manage Agents Fields
This table lists and explains the fields on the Agents page.
|Name||This is the name of the agent.|
|State||This is whether the agent is online and waiting for a scan assignment. The state can be: Available, Launching, Waiting, Scanning, Terminated, NotAvailable.|
|Launch Date||This is the date when the agent was first available.|
|Last Heartbeat||This is the last time the agent communicated with the web application.|
|Version||This is the version number of the scanner agent.|
|Is Up To Date||This is whether the Agent is up-to-date.|
|Vdb Version||This is the Vulnerability Database Version running on the Agent.|
|Operating System||This is the operating system on which the Agent is installed.|
|Installed Framework||This is the .NET environment on which the Agent is running. |
Note: Starting with the 7 December 2022 dated release, internal agents are bundled with the required .NET framework. So, you don’t need to install .NET into your environment. Also, the installed framework version and your .NET version can be different.
|Operating System Architecture||This represents the operating system architecture on which the Agent is installed.|
|Target URL||This is the target URL of the website, including the path.|
|Process Architecture||This represents the process architecture on which the Agent is installed.|
|IP Address||This is the IPv4 version of the Agent.|
How to configure an agent for a website
- Log in to Invicti Enterprise.
- From the main menu, select Websites > New Website.
- On the New Website page, complete the fields, as described in How to Add a Website in Invicti Enterprise.
- In the Agent Mode field, select an option.
- Select Save.
How to scan an internal website
- From the main menu, select Scans > New Scan.
- In the Target URL field, enter the URL of the internal website.
- From the Preferred Agent drop-down, select an internal agent to use it during the scan if there is more than one. Alternatively, you can retain the default setting (Any of the available agents), so that Invicti Enterprise will automatically select one of them.
- Complete the remaining fields, and select Launch.
How to view commands for an agent
- From the main menu, select Agents > Manage Agents.
- On the Agents’ page, select the relevant agent.
- From the Commands drop-down, select View Agent Commands.
The Commands window is displayed.
Accessing agent logs
The Invicti Enterprise Scanning Agent stores the application logs in the Logs folder in the installation path.
With the latest version of the Agent, the last three days’ logs can be downloaded from the Manage Agents page. These logs are especially useful for troubleshooting.
How to access agent logs
- From the main menu, select Agents > Manage Agents.
- Next to the relevant Agent, select the Command drop-down, then Request Agent Logs.
- Once you confirm, the logs will be requested from the target agent and can be downloaded from the UI.
- Select the bell, then select the relevant notification.
- Select Download Logs. The download will start.
Filtering scanning agents
All columns can be filtered, using a highly customizable combination of Fields, Operators, and Values. Each is explained below.
Filters & Values
This table lists the filters and values available for the columns listed above. Select an option to filter the list by that criterion.
- In many cases, values can be entered into the value field; in others, the value can be selected from a drop-down menu.
- You can enter more than one filter at a time.
|Name||Select to filter notifications by their name.||Enter a value.|
|State||Select to filter by agent’s state.||The drop-down options are:
|Launch Date||Select to filter by agent’s launch date.||Select a date from the calendar picker.|
|Last Heartbeat||Select to filter by agent’s last heartbeat.||Select a date from the calendar picker.|
|Version||Select to filter by agent’s version.||Enter a value.|
|VDB Version||Select to filter by vulnerability database version.||Enter a value.|
|Operating System||Select to filter by the operating system.||Enter a value.|
|Installed Framework||Select to filter by the installed framework.||Enter a value.|
|Operating System Architecture||Select to filter by the operating system architecture.||Enter a value.|
|Process Architecture||Select to filter by the process architecture.||Enter a value.|
|Target URL||Select to filter by the target URL.||Enter a value.|
|IP Address||Select to filter by IP Address.||Enter a value.|
This table lists and explains the Operators available for filtering columns. They work in conjunction with the Field, Operator, and Value.
|Equal||This operator can be used for exact matching. For example, if filtered by the Target URL http://www.example.com/, the filtered list of results would not also list http://api.example.com.|
|Not Equal||This operator can be used to exclude some results based on exactly matching. For example, if filtered by the Target URL of http://www.example.com/, the filtered list of results would exclude scans for that one.|
|Contains||This operator can be used to include results if the filtered column contains the value. It does not matter where the value is. For example, you could filter for the word ‘production’.|
|Not Contains||This operator can be used to exclude certain results on the Websites page.|
|Starts with||This operator can be used to filter for columns that begin with the value.|
|Ends with||This operator can be used to filter for columns that end with the value.|
|Less than||This operator can be used to filter columns that contain numeric and date-time values rather than string values. For example Initiate Time, Duration, or Finish Time.|
|Less than or equal||This operator can be used to filter columns that contain numeric and date-time values rather than string values. For example Initiate Time, Duration, or Finish Time.|
|Greater than or equal||This operator can be used to filter columns that contain numeric and date-time values rather than string values. For example Initiate Time, Duration, or Finish Time.|
This table lists the dropdown values available for filtering columns.
|Agent is not available||This value can be used to filter down Agent according to its state. As the name implies, when selected only agents that are unavailable will be shown in the grid.|
|Available||This value can be used to filter down Agent according to its state. As the name implies, when selected only agents that are available will be shown in the grid.|
|Disabled||This value can be used to filter down Agent according to its state. As the name implies, when selected only agents that are disabled will be shown in the grid.|
|Launching||This value can be used to filter down Agent according to its state. As the name implies, when selected only agents that are launching will be shown in the grid.|
|Scanning||This value can be used to filter down Agent according to its state. As the name implies, when selected only agents that are scanning will be shown in the grid.|
|Terminated||This value can be used to filter down Agent according to its state. As the name implies, when selected only agents that are terminated will be shown in the grid.|
|Updating||This value can be used to filter down Agent according to its state. As the name implies, when selected only agents that are updating will be shown in the grid.|
How to filter notifications in Invicti Enterprise
- From the main menu, select Notifications > Manage Notifications.
- From the Manage Notifications page, select the filter button ( ) next to any header column.
- Select Clear to clear all fields.
- Add a New Filter.
- In the relevant filter, where relevant:
- From the Field drop-down, select Tag.
- From the Operator drop-down, select an option.
- In the Value field, enter a value.
- Select Apply.