Eclypsium Network Devices Solution Guide 2.9.0

WE DEFEND THE FOUNDATION
OF THE ENTERPRISE
Eclypsium - Network Devices

SOLUTION GUIDE
Version 2.9.0
Dec 2021
Eclypsium Proprietary
1
Solution Overview 5
System Requirements 5
Prerequisites 5
Supported Operating Systems 6
Quick Start Guide 7

Installation 7
Registration 7
Common errors 7
Activate Scanner's listener 8
Windows 8
Linux 9
Initiating a scan 10
Using the Administration Console 10
Command Line Scan 10
Note: 11
Parameters 11
Recurrent tasks and Proxy 12
Linux 12
Windows 12
Uninstall 13
Windows 13
Linux 13
Eclypsium Administration Console walkthrough 14

Trigger a global Network Devices Scan 14
Trigger a Network Devices Scan on a set of hosts 14
Enable/Disable Network Scan 15
Network Scan Settings 16
Deep Coverage Scan 16

Running a deep coverage scan 16
Deep coverage for Pulse Secure devices 16
Enable Logging of Unauthenticated Requests 18
© 2022 Eclypsium, Inc. | https://www.eclypsium.com | info@eclypsium.com
2
Known Limitations 18
Configuring SCP for Cisco IOS devices 19
Deep coverage for Cisco Nexus (NX-OS) 20
Enabling REST API 20
HTTPS API - Configuration example 20
SSH - Configuration example 21
Configuring SCP 21
Deep coverage for Aruba devices 22
ArubaOS-CX 22
Enabling REST API 22
HTTPS API - Configuration example 22
SSH - Configuration example 23
Limitations 23
ArubaOS-Switch 23
Configuration example 23
Extending Deep coverage using templates 24
Download device's binary for Cisco 24
Deep Coverage Visualization 25
Authenticated Scans filters 25
Device Summary 26
Device Details 26
Protocol Info 27
Device examples 28
Cisco IOS 28
Cisco Nexus (NX-OS) 30
Arista 31
Juniper 32
Pulse Secure 34
Citrix 35
ArubaOS-CX (Aruba) 36
ArubaOS-Switch (Aruba) 37
Palo Alto Networks 38
Fortinet Fortigate 39
OS Specific configuration 39
CentOS 7 40
Firewall configuration 40
3
Credential Manager 41
Registering a credential manager 41
Other options to register a Credential Manager 42
Format of credentials 43
Appendix A - Version Support 44
Appendix B - Supported protocols for Deep Coverage 44
Appendix C - Supported Credential Manager 45
Frequently Asked Questions (FAQ) 46

Eclypsium Network Scanner 46
4
Solution Overview
The Eclypsium Network Devices Scanner is a tool that was added to the Eclypsium product,
allowing the customer to discover and monitor devices in the corporate network.
The system uses multiple network scanning techniques to identify devices and then sends the
returned information to the Eclypsium Platform for analysis and presentation.
Once the Scanner is fully operational, the network administrator will be able to generate scans
on demand.
System Requirements
Prerequisites
The Network Scanner is an application installed on a host connected to an active Eclypsium
Platform. The prerequisites are:
● Eclypsium Platform 2.9.0 or above

● Eclypsium Endpoint Scanner 2.9.0 or above on the scanning host
5
● Eclypsium Endpoint Scanner registered into the Eclypsium Platform
Supported Operating Systems

The Eclypsium Network Devices Scanner supports the following Operating Systems and
versions:
● CentOS 7
● Windows 10
● Ubuntu 16.04 - 20.04
● Debian 11.x
Review Appendix A for version support
6
Quick Start Guide
Installation
The Eclypsium Network Device Scanner does not require any installation. Copy the executable
provided by the Solutions Team to the folder created by the Eclypsium scanner during its
deployment.
● On Windows (as Administrator):

move /y EclypsiumNetworkApp.exe \"Program Files\Eclypsium\"
● On Linux:
sudo mv EclypsiumNetworkApp /usr/bin/
NOTE 1: The Network Device Scanner is not downloadable from the web console and will be
provided by the Solutions Team.
Registration
The Eclypsium Network Devices Scanner requires registration with the Platform. Upon
registration, the Scanner will do two things: First, it will update the
Eclypsium Platform that a Network Devices Scanner is available on this host. Then, it will
execute a scan based on the Platform configurations.
To execute registration run:
● On Windows (as Administrator):
cd \"Program Files\Eclypsium"
EclypsiumNetworkApp.exe --register
● On Linux:
sudo EclypsiumNetworkApp --register
Common errors
● Errno 13 - will appear if the registration process is not run as an administrator or with
root privileges
● "No pending host tasks found. Exiting..." - This message will appear if the --register
flag is missing.
7
Activate Scanner's listener
To activate the listener, follow the instructions below. We recommend configuring a recurring
task every 2 hours.
Windows
schtasks.exe /create /tn EclypsiumNetworkApp /tr "'C:\Program
Files\Eclypsium\EclypsiumNetworkApp.exe'" /sc HOURLY /mo 2
After creating the scheduled task, you will need to make the following changes:
1. Open the Task Scheduler as Administrator
2. Edit the active task for EclypsiumNetworkApp
3. Navigate to the Actions tab
4. Edit the scheduled task
5. Set the Start in (optional) field to C:\Windows\Temp
Note: If, during installation, you chose a folder other than "\Program Files\Eclypsium," you
should use the appropriate folder where you installed the agent.
6. Navigate to the General tab of the scheduled task

7. Enable the task to Run with Highest Privileges
8. Select Run whether user is logged on or not. You will be prompted to provide an
account to be used to run the task. Enter one with Administrator privileges.
8
Linux
(sudo crontab -l ; echo "0 */2 * * * cd /tmp && EclypsiumNetworkApp")
| sudo crontab -
NOTE 1: Crontab user is required to be root
NOTE 2: If in the first step, you chose a folder other than /usr/bin, you should use that folder
instead
9
Validate the task configuration by running sudo crontab -u root -l
Initiating a scan
You can now initiate a scan either from the Eclypsium Web Console or from the CLI on the host.
Using the Administration Console

Follow the instructions here
Command Line Scan

To run a manual scan, you will need to execute the Scanner while overriding its network
configuration:
1. Open the Command Line tool of your OS
2. In the prompt, type the path and name of the executable
● On Windows
“C:\Program Files\Eclypsium\EclypsiumNetworkApp.exe”
● On Linux
sudo EclypsiumNetworkApp
3. Add parameters as defined below. Note - if you add no flags, the Scanner will check for a
Platform job, and only if one exists will it execute.
When the scan starts, you will be able to see in the console the logs of the scanning:
$ sudo EclypsiumNetworkApp
2021-10-13 16:27:42,572 - scanner - [+] Scanner version: 0.0.0
2021-10-13 16:27:43,232 - scanner - [+] Scanning started
2021-10-13 16:27:43,264 - device.protocol_pipeline - [+] Running pre-scan actions
2021-10-13 16:27:53,450 - device.protocol_pipeline - [+] Scanning device 172.16.10.1
...

2021-10-13 16:28:46,273 - scanner - [+] Found a device: 172.16.10.1
...

2021-10-13 16:58:57,458 - 140181684648832 - scanner - [+] Scan complete
10
Note:
When running the scan, if you close the console or press Ctrl+C, the scan is cancelled and any
information collected is discarded, in order to see the resulting data you need to run the scanner
until it exits by itself.
Parameters
-h / --help: Displays help message
-v / --version: Displays scanner version
--ip: Define specific IP addresses to scan. It can be one IP address, several IPs, or subnets
Examples:
--ip 192.168.100.1
--ip 192.168.100.4 192.168.100.1
--ip 192.168.100.0/26
When the value is empty or unprovided, the Scanner will auto-discover the default
network interface and run a scan in the subnet /24 of that IP
--port: Define specific ports to scan. It can be one value or a space-separated list. Default
values to scan are 80, 443, 8080, 8443, 22, 139, 445 and 5060.
--log-level: Set the verbosity level for the Scanner logs. It can be one of the following values:
● SILENT
● CRITICAL
● ERROR
● WARNING
● INFO
● DEBUG
By default is INFO.
--aggressiveness: Sets the type of scan to run. It can be:

● NORMAL_SCAN: Runs scan for device discovery and identification
● DEEP_SCAN: Runs NORMAL_SCAN + automatic detection of CVE.
The default value is NORMAL_SCAN
--threads: Number of threads to use during the scan. The default value is 16
--no-upload: Disables uploading of scan results to the Platform. Disabled by default
--out-folder: Set the output folder for the scan data. By default uses installation folder
11
-- proxy: When deployment requires a proxy to connect to the platform, this parameter can be
added to the command line. Value for the parameter is a JSON like string containing the
protocol and URL of the proxy
On Linux:
--proxy ‘{ “http” : “http://your_proxy_server:3128” }’
On Windows:
--proxy “{\ “http\” : \“http://your_proxy_server:3128\” }”
Note: When using Scheduled tasks, you need to add the parameter proxy to the optional
arguments. Check this section following same steps than for configuration file
Recurrent tasks and Proxy

When using recurring tasks to run the Scanner, as explained here, it's required to update the
tasks command and add the --proxy parameter.
Linux
1. sudo crontab -e
2. Open the desired text editor when asked
3. Replace
* */2 * * * cd /tmp && EclypsiumNetworkApp
With
* */2 * * * cd /tmp && EclypsiumNetworkApp --proxy ‘{ “http” :
“http://your_proxy_server:3128” }’
Windows
1. Edit the scheduled task
12
2.
In the Add arguments(optional): field enter:

--proxy “{\ “http\” : \“http://your_proxy_server:3128\” }”
Uninstall
In order to uninstall the Network scanner:
1. Unregister it from Platform
2. Remove the recurring task on the host
3. Remove the executable file from the host
Windows
\"Program Files\Eclypsium\EclypsiumNetworkApp" --unregister
schtasks.exe /delete /tn EclypsiumNetworkApp /F
del "\Program Files\Eclypsium\EclypsiumNetworkApp.exe"
Linux
EclypsiumNetworkApp --unregister
13
sudo crontab -l | grep -v EclypsiumNetworkApp | sudo crontab -
sudo rm /usr/bin/EclypsiumNetworkApp
Eclypsium Administration Console walkthrough
Trigger a global Network Devices Scan

You can initiate a global scan in the device list page by clicking on the Network Devices Scan
button at the top of the page. This will initiate a scan on all Eclypsium Network Devices
Scanners registered with the Platform.
Trigger a Network Devices Scan on a set of hosts

You can initiate a network device scan by filtering the device list with any filter criteria and then
clicking on the Network Devices Scan button in the device page to launch the scan only on a
specific set of devices.
14
Enable/Disable Network Scan
A Network scanner can be enabled or disabled for a single host on the Device Page of said
host. Use the Scan Network toggle to control the service.
15
Network Scan Settings
Configuration for scanners is managed remotely by the Platform. Eclypsium's representatives
will configure it for you. You can override the global configuration at the device level at any time.
Deep Coverage Scan

This type of scan gets more detailed information from the devices by using authenticated
connections to the devices.This is also referred to as a post-authentication scan.
This scan enables advanced features like:
● Vulnerabilities detection
● Checking up to date firmware
● Firmware Integrity
NOTE: Feature support depends on a combination of vendor,device, and model. Check

Appendix B for details on Vendors and Protocols
Running a deep coverage scan

In order to run a deep coverage scan you need to use the NORMAL_SCAN or DEEP_SCAN
settings. You also need to have an IP associated with the device you are scanning.
The Scanner, while running, will check for configuration, and if possible, will run the deep
coverage scan for these devices.
Deep coverage for Pulse Secure devices

Deep Coverage for Pulse Secure devices is able to detect IOC on attacks with the information
collected by the Scanner. Perform the following configuration on your Pulse Secure device in
order for Deep Coverage to retrieve the information
Enable the REST API
1. Go to Authentication -> Auth Servers -> Administrators -> Users
2. Click on the admin user to edit its configuration
3. Click Allow access to REST APIs checkbox and Save Changes
16

17
Enable Logging of Unauthenticated Requests
1. Go to System -> Log/Monitoring -> User Access -> Settings
2. Click on the Unauthenticated Requests checkbox
3. Click on Save Changes
Known Limitations
● Connections to Pulse Secure devices have limitations due to the way the API works.
While collecting logs from the device, you need to ensure that you have logged out of
the Administration console with the user you configure for Deep coverage scanning
because the attempt to connect to the device will fail if you have a session active.
● There is a limit to the number of connections you can establish over specific periods.
Depending on the device's configuration, the session used to scan the device will remain
active for about 5 minutes. If you run another scan in that same window, the deep
coverage scan will fail because since it won’t be able to connect
18
Configuring SCP for Cisco IOS devices
If you want to download binary files from Cisco devices, you must enable the SCP protocol on
the target hosts.
1. Enable the SCP service
ip scp server enable
2. Set the maximum privilege level of 15 to the device user.

This is configured on the TACACS+ or RADIUS servers being used to provide AAA
(Authentication-Authorization-Accounting), in case the scanner is using a local user
follow the next steps:
a. Set max privilege level to the local user:
username <user> privilege 15 secret <password>
b. Activate AAA with auth login & exec default to local credentials:
Note: The commands may vary depending on the desired order for
authenticating in the device.
aaa new-model
aaa authentication login default local
aaa authorization exec default local
Configuration example for local user ‘admin’ :
ip scp server enable

username user privilege 15 password 7 020700560208
aaa new-model
aaa authentication login default local
aaa authorization exec default local
19
Deep coverage for Cisco Nexus (NX-OS)
Post-authentication is supported on both HTTPS API and SSH protocols in Cisco Nexus
devices. The protocol will be chosen depending on the device configuration.
Enabling REST API

By default HTTPS REST API is disabled, we can activate it following the below steps:
1. Log into the device through SSH.
2. Enter configuration mode and activate the feature “NXAPI”.

Switch(config)# feature nxapi
HTTPS API - Configuration example

{
"targets": {
"192.168.0.62": {
"username": "admin",
"password": "admin",
"driver": "nxos",
"optional_args": {
"port": 443
}
}
}
We must pay special attention to some parameters:

● port = 443 → This is the indication for Deep coverage to use HTTPS API protocol.
● driver = “nxos” → mandatory parameter indicating the driver.
20
SSH - Configuration example
{
"targets": {
"192.168.0.62": {
"optional_args": {
"port": 22
}
}
}
In case we want Deep Coverage to access via SSH, we have to indicate port = 22 in the
configuration file. The driver field is optional here.
Configuring SCP
To be able to download binaries from the Nexus devices, it is required to enable the SCP server
on the targets.
Enter configuration mode and activate the feature “SCP server”.

Switch(config)# feature scp-server
21
Deep coverage for Aruba devices
The scanner supports two types of Aruba platforms:

- ArubaOS-CX
- ArubaOS-Switch
ArubaOS-CX
For Aruba switches running ArubaOS-CX, Deep Coverage supports both HTTPS API and SSH
protocols. The protocol will be chosen based on the device configuration.
Enabling REST API

By default HTTPS REST API is disabled, we can activate it following the below steps:
3. Log into the device through SSH
4. Allow HTTPS-server RW access on VRF’s default & management:

Switch(config)# https-server rest access-mode read-write
Switch(config)# https-server vrf default
Switch(config)# https-server vrf mgmt
5. There must be a user on the switch who belongs to the "administrators group" and has a
password set. This user would then be allowed to access the REST API.
Switch(config)# user admin group administrators password plaintext mypassword
HTTPS API - Configuration example

{
"targets": {
"192.168.0.60": {
"driver": "aoscx",
"optional_args": {
"port": 443
}
}
}
22
We must pay special attention to some parameters:
● port = 443 → This is the indication for Deep coverage to use HTTPS API protocol.
● driver = “aoscx” → mandatory parameter indicating the driver.
SSH - Configuration example

{
"targets": {
"192.168.0.60": {
"optional_args": {
"port": 22
}
}
}
In case we want Deep Coverage to access via SSH, we have to indicate port = 22 in the
configuration file. The driver field is optional here.
Limitations
● REST API supported version is 10.04 - Devices running earlier versions may have
limited support and functionality. For these cases, we recommend configuring with SSH
protocol.
ArubaOS-Switch
The only supported protocol is SSH for the devices running ArubaOS-Switch.
Configuration example
{
"targets": {
"192.168.0.60": {
"optional_args": {
"port": 22
}
}
}
23
Extending Deep coverage using templates
You can extend deep coverage by leveraging templates.
First, you will need to set up specific files that run commands on the device to collect extra data.
Download device's binary for Cisco

Download the firmware binary of the device and send it to the Platform
Notes:
● This requires the device to have SCP enabled to download the binary and the
login user to be configured with the highest privileges. More details on how to set
up SCP in Cisco devices can be found in the previous section.
● Also requires a template to run during the scan.
●
Binary information will be displayed on the Platform.
Note: The Solution's team will provide the template files and configure them.
24
Deep Coverage Visualization
Information collected with deep coverage has specific visualizations in the Platform
Authenticated Scans filters

It is possible to filter and check for Authenticated scans on the lists of devices. You can add an
Authentication successful column to the list and filter for Authenticated scans.
There are 3 possible values:
● None: Last network scan on that device was Not authenticated

● Yes: Last network scan on that device was authenticated and information collected
● No: Last network scan on that device was authenticated but authentication or data
collection failed
25
Device Summary
You can see in the summary the Firmware Version of the device.
Device Details
26
In the Device Details section, you will see detailed information and the Network Interfaces
available on the device.
Protocol Info
In Protocol Information, you will have a specific row detailing the protocol that collected the
Deep Coverage information.
Note: The protocol depends on the device. You can see "Authenticated" next to the protocol
name or something like "PULSE COMMAND API" in the case of Pulse Secure devices
Also Authenticated protocols can be filtered on this list:
27
Device examples
Cisco IOS
28
29
Cisco Nexus (NX-OS)
30
Arista
31
Juniper
32
33
Pulse Secure
34
Citrix
35
ArubaOS-CX (Aruba)
36
ArubaOS-Switch (Aruba)
37
Palo Alto Networks
38
Fortinet Fortigate
OS Specific configuration
In order for some features to work, changes to the environment are required.
39
CentOS 7
Firewall configuration
By default, CentOS has a firewall that blocks incoming packets, this affects protocols like uPnP
and prevents the collection of data. In order to enable collection overuPnP protocol:
● Allow all incoming traffic for the network being scanned
Open a console and run:
firewall-cmd --add-rich-rule="rule family=ipv4 source address=192.168.0.0/24 accept"
where 192.168.0.0/24 has to be replaced with the subnet being scanned
Or
● Disable the firewall entirely
Open a console and run:
systemctl stop firewalld, systemctl disable firewalld
40
Credential Manager
Integration with Credential Manager is used to obtain a device’s credentials when scanning
with post-authentication/deep coverage.
Integration with Credential Manager and TACACS server looks like this:
The scanner is registered to use a credential manager. The Credential Manager is

accessed when the scanner is scanning a device to request the credential for that specific
device. Authentication details to access the Credential Manager are stored encrypted on
the Platform side during the registration process. The scanner requests these
Authentication details from the Platform when starting the scanning process.
Registering a credential manager

The credential manager registration is done by running the following commands:
1. Start registration process running the command line

Windows (As Administrator)
\"Program Files\Eclypsium\EclypsiumNetworkApp"
--register-cred-manager
Linux
Sudo EclypsiumNetworkApp --register-cred-manager
41
2. The scanner will run and ask for credentials
2021-12-30 13:56:46,636 - 140473857625088 - scanner - [+] Scanner version: 2.9.0
Credential manager data:
3. Enter credentials using the following format:
{"url": "https://cred_manager_url", "token": "access_token",

"driver": "vault"}
url: URL to connect to credential manager

token: Access token to connect to credential manager
driver: Platform supports different Credential managers, driver define which one we
are using. Check Appendix C for driver names depending on supported Credential
Manager
4. Scanner will display the result of the registration in the command line
Other options to register a Credential Manager

There are two more options to register a Credential manager:
1. Passing data in command line
–register-cred-manager "{\"url\": \"https://cred_manager_url\",
\"token\": \"access_token\", \"driver\": \"vault\"}"
Linux
sudo EclypsiumNetworkApp –register-cred-manager ‘{"url":
"https://cred_manager_url", "token": "access_token", "driver":
"vault"}’
2. Using a file
You can use the same JSON content explained in previous section inside a file and run:
–register-cred-manager PATH-TO-FILE
Linux
42
sudo EclypsiumNetworkApp –register-cred-manager PATH-TO-FILE
Format of credentials
The scanner expects a predefined format of the credentials and identifier in the vault.
The information used to identify the device is the IP, then the identifier of a device in the vault
must be the IP of the device.
Example for Hashicorp Vault:
Each secret inside the vault also have a predefined format that should contain:
● username
● password
● Optional: if you are storing community for SNMP, it requires a key snmp and inside the
key community
Example in JSON format:
{
"password": "device_password",
"snmp": {
"community": "public"
},
"username": "device_username"
}
43
Revoking credentials
Credentials for Credential Manager registered with a scanner in the Platform, can be revoked at
any time from the scanner’s device page. Once removed, the post-authentication scanning will
fail until new credentials are registered. First time the scanner runs a scan
Appendix A - Version Support
Scanner
Version Platform Endpoint Scanner
Supported OS
Version Version
2.9.0
44
CentOS7 ✅
Windows 10 ✅
Ubuntu
16.04 - 20.04
✅ 2.9.0 and above 2.9.0 and above
Debian 11.x ✅
Appendix B - Supported protocols for Deep

Coverage
Some vendors implement more than one way to connect to devices, here is the list of protocols
available to scan using Deep Coverage
Vendor/OS Protocol Driver name

(for configuration)
Arista HTTP/HTTPS API eos
Cisco IOS SSH ios
Cisco NX-OS HTTPS API nxos
Cisco NX-OS SSH nxos_ssh
F5 HTTPS iControl f5
API
Juniper SSH junos
Pulse Secure HTTPS API pulse
Citrix HTTPS API citrixns
HPE Aruba (AOS-CX) HTTPS API or SSH aoscx
HPE Aruba (AOS-Switch) SSH aosswitch
Palo Alto Networks HTTPS API panos
45
Fortinet FortiOS SSH fortios
Appendix C - Supported Credential Manager
Credential Manager Version Protocol Driver name

(for configuration)
Hashicorp Vault 1.2.3 and later HTTP/HTTPS API vault
46
Frequently Asked Questions (FAQ)
Eclypsium Network Scanner

1. Which Operating Systems can the Scanner run on?
Refer to the Supported Operating Systems section
2. How is the Scanner distributed and deployed on hosts?
The Eclypsium Network Scanner is a single-file executable for each OS. It's distributed
as EXE for Microsoft Windows. For details on how to install the Scanner, refer to the
Installation section.
3. Installation of the network scanner adds what components on each system?
The Scanner consists of one executable file copied to the disk
4. What data is collected by the Scanner?
The Scanner collects the following information from the discovered devices:
● Information identifying the system (e.g., IP address, MAC address, hostname,

Vendor, Product, Device type)
● Detailed information on available protocols (e.g. response from HTTP requests,
Systems descriptors from SNMP, banners, etc.).
● Vulnerabilities are available on network devices.
5. What protocols are being used during scans?
Protocol usage depends on Platform configuration. The list of supported protocols is:
TCP ARP UPnP NetBIOS HTTP HTTPS
FTP SSH TELNET SNMP SMTP IMAP
POSTGRES DNS IPP SMBv1 POP3 SIP

(TCP/UDP)
47
6. Which ports are being checked during scans?
The ports being checked during the scan are remotely configured from the Platform. By
default the scan checks for: 80 (HTTP), 443 (HTTPS), 8080 (HTTP), 8443 (HTTPS), 22
(SSH), 139 (SMB), 445 (SMB)
SNMP is disabled by default. It can be enabled by adding port 161 (SNMP) in the Platform
configuration.
SIP is disabled by default. It can be enabled by adding port 5060 (SIP) in the Platform
configuration.
7. Which Target Network can be scanned?
Target networks are configured per Scanner on the Platform. In general, Corporate
networks will be targeted to be scanned. The configuration includes a mechanism to
avoid scanning non-corporate networks.
8. Does the Network Scanner Software impact the system or consume system resources?
Network Scanner software does not perform resource-intensive operations. The Scanner
software mostly runs network-related tasks to collect data from network devices
48

Eclypsium Network Devices Solution Guide 2.9.0

Uploaded by

Copyright:

Available Formats

Eclypsium Network Devices Solution Guide 2.9.0

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Eclypsium Network Devices Solution Guide 2.9.0

Uploaded by

Copyright:

Available Formats

WE DEFEND THE FOUNDATION

Eclypsium - Network Devices

Quick Start Guide 7

Eclypsium Administration Console walkthrough 14

Deep Coverage Scan 16

Appendix A - Version Support 44

Appendix B - Supported protocols for Deep Coverage 44

Appendix C - Supported Credential Manager 45

Frequently Asked Questions (FAQ) 46

● Eclypsium Platform 2.9.0 or above

Supported Operating Systems

Review Appendix A for version support

● On Windows (as Administrator):

6. Navigate to the General tab of the scheduled task

Using the Administration Console

Command Line Scan

2021-10-13 16:27:53,454 - device.protocol_pipeline - [+] Scanning device 172.16.10.15

2021-10-13 16:57:52,817 - scanner - [+] Found a device: 172.16.10.254

--aggressiveness: Sets the type of scan to run. It can be:

The default value is NORMAL_SCAN

Recurrent tasks and Proxy

In the Add arguments(optional): field enter:

Eclypsium Administration Console walkthrough

Trigger a global Network Devices Scan

Trigger a Network Devices Scan on a set of hosts

Deep Coverage Scan

NOTE: Feature support depends on a combination of vendor,device, and model. Check

Running a deep coverage scan

Deep coverage for Pulse Secure devices

1. Enable the SCP service

ip scp server enable

2. Set the maximum privilege level of 15 to the device user.

username <user> privilege 15 secret <password>

Configuration example for local user ‘admin’ :

ip scp server enable

Enabling REST API

1. Log into the device through SSH.

2. Enter configuration mode and activate the feature “NXAPI”.

HTTPS API - Configuration example

We must pay special attention to some parameters:

Enter configuration mode and activate the feature “SCP server”.

The scanner supports two types of Aruba platforms:

Enabling REST API

3. Log into the device through SSH

4. Allow HTTPS-server RW access on VRF’s default & management:

HTTPS API - Configuration example

SSH - Configuration example

Download device's binary for Cisco

Authenticated Scans filters

There are 3 possible values:

● None: Last network scan on that device was Not authenticated

Also Authenticated protocols can be filtered on this list:

● Allow all incoming traffic for the network being scanned

Open a console and run:

firewall-cmd --add-rich-rule="rule family=ipv4 source address=192.168.0.0/24 accept"

where 192.168.0.0/24 has to be replaced with the subnet being scanned

● Disable the firewall entirely

Open a console and run:

systemctl stop firewalld, systemctl disable firewalld

The scanner is registered to use a credential manager. The Credential Manager is