Skip to content

goubx/Agent-Based-Monitoring-Windows

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 

Repository files navigation

Agent-Based-Monitoring-Windows

I will demonstrate how to set up and run local agent-based scans on tenable.io for Windows devices.

Requirements for this Lab

  • Azure
  • Windows 11 Pro VM
  • Tenable.IO

Walkthrough

After creating a Windows virtual machine, I will now show you how I go about creating a local-based agent to scan my Windows device. The purpose of this is that in work settings, employees are given devices to work on outside of the office. Instead of having to manually check all of those devices, I can set up an agent that does a self-assessment on the device it's installed on.

1. While my VM is booting up, I will log onto Tenable.

Now I'm gonna create the Agent Group

Agent groups are used to organize and manage the agents linked to your account. Each agent can be added to any number of groups, and scans can be configured to use these groups as targets.

Go to:

  • Settings
  • Sensors
  • Nessus Agents
  • Agent Groups

Agent Group created


As you can see, the Agent Group above was created.

2. Next, I'm going to create a Basic Agent Scan

  • Go to Scanner
  • Press New Scan
  • Press the Nessus agent
  • Then select the Basic Agent Scan Template

This is what it looks like when you get there.

Agent Group created


Configurations:

  • I selected the group I created in the "agent groups" section.
  • Then I named the scan
  • For the Scan Type, I am selecting a triggered scan so that when a filename I select ends up in the directory, & the agent discovers it, it will know it's time to scan.

For this scenario, the key file will be

goub.txt

I will now leave the scan as is and save it.

Copy and paste this command from settings in Tenable. This is the code that will be used to install the agent on the VM.

  • Settings
  • Sensors
  • Nessus Agents
  • Linked Agents
  • Look at the instructions for installing the Agent on Windows Platforms

It should look like this, on the right side of the screen.

Agent Group created


Copy and paste the command as seen:

Invoke-WebRequest -Uri "https://sensor.cloud.tenable.com/install/agent/installer/ms-install-script.ps1" -OutFile "./ms-install-script.ps1"; & "./ms-install-script.ps1" -key "58aab372289ac80911e4c5ad40a07b23b5524319f9ff5c010aa50ec625ccf389" -type "agent" -name "" -groups ''; Remove-Item -Path "./ms-install-script.ps1"

Keep this because you will have to edit in the file name & group names.

3. Now I will install the agent on the virtual machine.

I will have to run commands on PowerShell to install the agent.

First, I will open up the Notepad in my VM and paste that command.

Agent Group created


It is basically downloading the PowerShell Script from the Tenable Server. It will provide things like the key, agent, agent groups, etc.

I am going to put my agent group's name, which is "Agent-Goub-Win11," that I created, in the spot where it says list of groups.

And now it should say instead:

Invoke-WebRequest -Uri "https://sensor.cloud.tenable.com/install/agent/installer/ms-install-script.ps1" -OutFile "./ms-install-script.ps1"; & "./ms-install-script.ps1" -key "58aab372289ac80911e4c5ad40a07b23b5524319f9ff5c010aa50ec625ccf389" -type "agent" -groups 'Agent-Goub-Win11'; Remove-Item -Path "./ms-install-script.ps1"

I removed the agent from the code since it is not necessarily needed in this scenario.

Now I will launch the command into PowerShell.

Launch Command


Here is the installation occurring. It will take a few minutes for the installation to finish.

Now my agent is installed on the VM. Below is a screenshot to confirm it is running in the background.

Launch Command


Now in PowerShell, I am going to add the file I created as the trigger into the trigger directory

Launch Command


The commands to create this in PowerShell are

cd \

cd programdata

cd Tenable

cd '.\Nessus Agent'

cd nessus

cd triggers

New-Item -Name goub.xt <---- Trigger File Name

Trigger creation


This is what it looks like before I add the file

After adding the file, the scan should start.

Trigger creation


The scan has started since it was deleted from the trigger folder.

As you can see below, the scan has been activated since it's running in the task manager. This is also confirmed because in my Tenable dashboard, the files are showing as "triggered".

Trigger creation


Trigger creation


Now I just have to wait for the results once the scan is complete.

Trigger creation


Trigger creation


With the scan now complete, I will upload the completed scan file.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors