The Footprint Super Agent adds agentless scan capabilities to either a new Footprint Agent installation or an existing one. This is an all-in-one scan option suitable for locations where you may not have dedicated hardware to deploy an Internal Scanner VM or the location simply does not require a dedicated Internal Scanner VM. There is a considerable requirement of computing resources 2 CPUs , 12 GB of RAM, 90 GB of Disk but this can be run on an existing workstation or even top-tier laptop for small scan surfaces.
The deployment is similar to the normal Footprint Agent - Local Computer/Active Directory but with the addition of an integrated Internal Scanner machine that can be used to scan devices remotely via the internal network.
Deploy the Footprint Super Agent on a clean install
Download either the FootprintInstaller.exe or FootprintInstaller.msi from the Footprint Console by navigating to Scan Surface > Agent-Based > Setup Agents
Make note of the Footprint Console URL and Footprint Token, this would point the agent to the specific tenant you are using. The same token id can be found in both Agent-Based and Agentless Setup screens. You may use either one.
Check the prerequisites for the Footprint Agent with integrated Internal Scanner - 2 CPUs , at least 12 GB RAM and 90 GB of free disk space.
Run the installer
Once the installer runs you will be presented with a screen asking if you want to deploy the Internal Scanner
Once the Internal Scanner is selected it would check prerequisites. If they are not met you would not be able to deploy the associated Internal Scanner.
6. Push Next, you will be asked for the installation path.
7. Press Next and pick one installation type: Local or Active Directory. The Local deployment would scan the local host using Agent-Based features while the Active Directory deployment would scan the local host and other Active Directory entities like OU, Security Groups or lists of Computers.
8. Enter the Specific Console URL and Token to connect this Agent/Internal Scanner with your tenant. You can find the correct values in the Scan Surface > Agent-based/Agentless > Setup Agents/Scanners
9. Press Install and wait for the setup to finish. Reboot is required to start scanning.
Attention: The Footprint agent is using certificate pinning so if you are performing any kind of SSL Inspection (with a proxy, with a Next Generation Firewall) you may see an error message stating that SSL error was detected. The agent is not using the browser certificate storage so you do need to provide the signing CA’s public key in order for the agent to trust inspection certificates generated on the fly.
Note: Sample error in case of SSL Inspection being detected.
Once Installed you will be able to see the new Agent appear in Scan Surface > Deployed Agents. While the agent itself is able to start scanning immediately, the Internal Scanner still requires time to download and prepare it’s container images.
Wait for “Installing IS” status to proceed through Downloading Files. Once Installation is done an Alert confirms the deployment.
Once Deployment is successful you will see the new Internal Scanner in Scan Surface > Agentless > Deployed Scanners
Once the deployment is done you may install or uninstall the Integrated Internal Scanner by pressing the Install Button
Deploy the Footprint Super Agent on an existing Footprint Agent installation
There is always the possibility to deploy the Internal Scanner VM from an existing Agent. The prerequisite is for the hardware requirements to be met and with a simple press of the “Install Internal Scanner” button
The two options are to Install Internal Scanner and Uninstall Internal Scanner. There is also a message that the minimum requirements are not met if this is the case.
Once installation is started you will see following message succession:
Once you reach the last stage you will know that the installation was a success or it ended with an error.
Windows Server Notice
For Windows Servers, Microsoft does not allow Virtual Hyper-V Networks to run allocate dynamic IP addresses to guest VMs. Therefore, in this situation, during the installation of the Super Agent, CODA will provision a virtual network using a static fallback subnet of 100.100.100.0/30. This is an unused PUBLIC IP address range owned by IANA.
Just wanted to make sure you don’t panic when you see public IP addresses used internally. In theory you should never see this IP range outside of the Super Agent machine, as the Host will SNAT all outbound connections to its own IP address.
We chose this subnet because if we were to choose any other RFC1918 subnet, we could create blind spots for that super-agent (since it will believe it’s directly connected to that subnet). Also, that block isn’t been in use on the Internet.