Remote Agents & Distributed Scanning

Deploy lightweight agents and collectors for distributed scanning, network discovery, honeypots, and NetFlow v9 traffic monitoring.

Deployment Options

Deploy using your ISO generator, or run agents/collectors as dedicated onsite devices. Agents communicate securely back to the platform.

External Assets

Domain & Subdomain Scanning

External domain scans with automatic subdomain population. Discover your entire attack surface from an external perspective.

  • Automatic subdomain enumeration
  • Certificate Transparency monitoring
  • DNS-based discovery
  • External vulnerability assessment
Dedicated Agents

Honeypot & Network Discovery

Onsite dedicated agent devices for network discovery and honeypot deployment. Capture real attacker behavior.

  • 8 realistic honeypot services
  • Automated network device discovery
  • Real-time attacker telemetry
  • ARP-based asset detection
Workstation/Server Agents

Endpoint Vulnerability Scanning

Cross-platform agents for Windows, Linux, and macOS workstations and servers. Quick and deep scan modes.

  • Windows, Linux, macOS support
  • Quick scan mode (fast assessment)
  • Deep scan mode (comprehensive)
  • Self-IP exclusion protection
NetFlow v9 Collector NEW

Firewall Traffic Monitoring

Enable NetFlow v9 export from supported firewalls/routers to gain "who-talked-to-who" visibility across WAN and LAN. Use traffic patterns to flag suspicious behavior such as:

  • Unusual outbound destinations and services
  • Beacon-like periodic connections (C2 patterns)
  • Lateral movement signals (new internal talkers/ports)
  • Potential exfiltration indicators (unexpected sustained egress)

Why it matters: Vulnerabilities show what could be exploited; NetFlow shows what is actually happening.

Agent Capabilities

Automated Network Discovery

Agents automatically discover network devices every hour using ARP table analysis and IP range scanning, identifying new assets as they appear.

Scheduled Vulnerability Scanning

Trigger on-demand vulnerability scans remotely via the platform. Scans are scheduled and queued, giving you full control.

Realistic Honeypot Services

Fully interactive fake services: HTTP admin panels, phpMyAdmin, WordPress, FTP with fake filesystems, Telnet shells, and SSH authentication.

Real Attack Capture

Honeypot services capture actual attacker credentials, commands, and techniques in real-time for threat intelligence analysis.

Remote Deployment

Deploy via custom ISO images generated by the platform, pre-configured with enrollment tokens, network settings, and honeypot configs.

Secure Communication

All agent-to-server communication uses encrypted channels with JWT authentication and heartbeat monitoring for status tracking.

Security & Data Handling

Encrypted Communications

Agent-to-server communication uses encrypted channels with JWT authentication and heartbeat monitoring.

Credential Safety

Honeypot credential capture is stored hashed (SHA256) for security.

Safe Updates

Agents self-update regularly with rollback on failure.

Operational Visibility

Error tracking and alerting for scan failures and connectivity issues.

Traffic Monitoring Clarity (NetFlow v9)

Uses flow telemetry (connection metadata) to detect suspicious patterns and correlate with assets.