Agent Overview

About this document

This document provides an overview of Agents and includes details such as what are agents and how they connect with SAFE.

What are Agents?

SAFE agents are lightweight endpoint programs that run in Windows Endpoints, Mac Endpoints, and Windows Servers. The agent performs scanning based on controls (CIS benchmarks and STIG) and sends the results to the central SAFE server. The SAFE server receives data from each of the hosts, processes it, and generates the SAFE score of the organization.

The SAFE Agents can be configured to connect to the SAFE server:

• Directly to the SAFE Server - this requires the endpoint to have internet access.
• Via a Site Coordinator - this requires the target Site Coordinator to have been configured as a gateway to support agent communication and for the Site Coordinator to be routable from the endpoint. This option is most often used for Windows Servers that do not have Internet access.

The SAFE Agent is configured to scan periodically. For details on Agent Configuration options, please see Agent Global Policy.

Secure communication with SAFE

The agents communicate with SAFE or the Site Coordinator using SSL (Port 443).

1. Where agents are configured to communicate directly with SAFE, the certificate used by SAFE is generally from a well-known trusted CA, and agent host machines would generally have the CA already present in their trusted certificate store.
2. Where agents are configured to communicate with a Site Coordinator, then an SSL server certificate is required to be installed on the Site Coordinator, and the agent host machines should be able to trust it. See the “Installing Site Coordinator” document for more information.