Support
Scans

Internal Agents in Invicti Enterprise

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

In some organizations, some websites will only be available in the local network (and not on the internet). You can use our Internal Agent feature to scan your internal websites while the results remain on our Invicti Enterprise servers.

You can install an internal agent in Windows, Linux, and Docker. For further information, see Installing Internal Agents.

The Internal Agents feature is available in both Invicti Enterprise (On-Demand) and On-Premises.

Allowlisting Invicti’s IP addresses for effective communication

Invicti Enterprise Web Application On-Demand and internal agents use certain IP addresses to communicate with one another. 

In order for Invicti Enterprise Web Application On-Demand to operate effectively, you need to allowlist certain IP addresses on your firewall and/or proxy servers to allow communication of different components, such as internal scanning agents. 

Without establishing this communication, you may run into different problems, such as: 

  • The scanner agent may not report all of its findings to the Invicti Enterprise Web Application. 
  • Or, Invicti Enterprise may not push the vulnerabilities to the on-premises integration endpoints, such as Jira. 

It is strongly recommended to whitelist the IP addresses only if you plan to install any of the following components:

Internal Scanner Agent
Internal Authentication Verifier Agent OnPremises
Integrations, like Jira or CyberArk.

So, you need to whitelist the IP address for the components to communicate with one another, as needed. 

Allowlisting Requirements

  • www.invicti.com
  • r87.me
  • Allowlist the following addresses according to your region:
    • US region: 54.88.149.100, www.netsparkercloud.com
    • EU region: 3.122.90.89, eu.netsparker.cloud
    • CA region: 35.182.99.171, ca.netsparker.cloud

Manage Agents Fields

This table lists and explains the fields in the Agents window.

Field Description
Name This is the name of the agent.
State This is whether the agent is online and waiting for a scan assignment.

 

  • Available
  • Launching
  • Waiting
  • Scanning
  • Terminated
  • NotAvailable
Launch Date This is the date when the agent was first available.
Last Heartbeat This is the last time the agent communicated with the web application.
Version This is the version number of the scan agent.
Is Up To Date This is whether the Agent is up-to-date.
Operating System This is the operating system on which the Agent is installed.
Installed Framework This is the .NET environment on which the Agent is running.
Operating System Architecture This represents the operating system architecture on which the Agent is installed.
Target URL This is the target URL of the website, including the path.
Process Architecture This represents the process architecture on which the Agent is installed.
IP Address This is the IPv4 version of the Agent.
How to configure an agent for a website
  1. Log in to Invicti Enterprise.
  2. From the main menu, select Websites > New Website.
  3. On the New Website page, complete the fields, as described in How to Add a Website in Invicti Enterprise.
  4. In the Agent Mode field, select an option.
  1. Select Save.
How to scan an internal website
  1. From the main menu, select Scans > New Scan.
  2. In the Target URL field, enter the URL of the internal website.
  1. From the Preferred Agent drop-down, select an internal agent to use it during the scan if there is more than one. Alternatively, you can retain the default setting (Any of the available agents), so that Invicti Enterprise will automatically select one of them.
  2. Complete the remaining fields, and select Launch.
How to View Commands for an Agent
  1. From the main menu, select Agents > Manage Agents.
  2. On the Agents’ page, select the relevant agent.
  3. From the Commands drop-down, select View Agent Commands.

The Commands window is displayed.

Accessing Agent Logs

The Invicti Enterprise Scanning Agent stores the application logs in the Logs folder in the installation path.

With the latest version of the Agent, the last three days’ logs can be downloaded from the Manage Agents page. These logs are especially useful for troubleshooting.

How to Access Agent Logs

  1. From the main menu, select Agents Manage Agents.
  2. Next to the relevant Agent, select the Command drop-down, then Request Agent Logs.
  1. Once you confirm, the logs will be requested from the target agent and can be downloaded from the UI.
  1. Select the bell, then select the relevant notification.
  2. Select Download Logs. The download will start.

Filtering scanning agents

Column Filters

All columns can be filtered, using a highly customizable combination of Fields, Operators, and Values. Each is explained below.

Filters & Values

This table lists the filters and values available for the columns listed above. Select an option to filter the list by that criterion.

  • In many cases, values can be entered into the value field; in others, the value can be selected from a drop-down menu.
  • You can enter more than one filter at a time.
Field Description Value
Name Select to filter notifications by their name. Enter a value.
State Select to filter by agent’s state. The drop-down options are:

 

  • (Not Set)
  • Agent is not available
  • Available
  • Disabled
  • Launching
  • Scanning
  • Terminated
  • Updating
Launch Date Select to filter by agent’s launch date. Select a date from the calendar picker.
Last Heartbeat Select to filter by agent’s last heartbeat. Select a date from the calendar picker.
Version Select to filter by agent’s version. Enter a value.
VDB Version Select to filter by vulnerability database version. Enter a value.
Operating System Select to filter by the operating system. Enter a value.
Installed Framework Select to filter by the installed framework. Enter a value.
Operating System Architecture Select to filter by the operating system architecture. Enter a value.
Process Architecture Select to filter by the process architecture. Enter a value.
Target URL Select to filter by the target URL. Enter a value.
IP Address Select to filter by IP Address. Enter a value.

Operator

This table lists and explains the Operators available for filtering columns. They work in conjunction with the Field, Operator, and Value.

Operator Description
Equal This operator can be used for exact matching. For example, if filtered by the Target URL http://www.example.com/, the filtered list of results would not also list http://api.example.com.
Not Equal This operator can be used to exclude some results based on exactly matching. For example, if filtered by the Target URL of http://www.example.com/, the filtered list of results would exclude scans for that one.
Contains This operator can be used to include results if the filtered column contains the value. It does not matter where the value is. For example, you could filter for the word ‘production’.
Not Contains This operator can be used to exclude certain results on the Websites page.
Starts with This operator can be used to filter for columns that begin with the value.
Ends with This operator can be used to filter for columns that end with the value.
Less than This operator can be used to filter columns that contain numeric and date-time values rather than string values. For example Initiate Time, Duration, or Finish Time.
Less than or equal This operator can be used to filter columns that contain numeric and date-time values rather than string values. For example Initiate Time, Duration, or Finish Time.
Greater than or equal This operator can be used to filter columns that contain numeric and date-time values rather than string values. For example Initiate Time, Duration, or Finish Time.
Greater than This operator can be used to filter columns that contain numeric and date-time values rather than string values. For example Initiate Time, Duration, or Finish Time.

Value

This table lists the dropdown values available for filtering columns.

Value Description
Agent is not available This value can be used to filter down Agent according to its state. As the name implies, when selected only agents that are unavailable will be shown in the grid.
Available This value can be used to filter down Agent according to its state. As the name implies, when selected only agents that are available will be shown in the grid.
Disabled This value can be used to filter down Agent according to its state. As the name implies, when selected only agents that are disabled will be shown in the grid.
Launching This value can be used to filter down Agent according to its state. As the name implies, when selected only agents that are launching will be shown in the grid.
Scanning This value can be used to filter down Agent according to its state. As the name implies, when selected only agents that are scanning will be shown in the grid.
Terminated This value can be used to filter down Agent according to its state. As the name implies, when selected only agents that are terminated will be shown in the grid.
Updating This value can be used to filter down Agent according to its state. As the name implies, when selected only agents that are updating will be shown in the grid.
How to filter notifications in Invicti Enterprise
  1. From the main menu, select Notifications > Manage Notifications.
  2. From the Manage Notifications page, select the filter button ( ) next to any header column.
  3. Select Clear to clear all fields.
  4. Add a New Filter.
  5. In the relevant filter, where relevant:
  • From the Field drop-down, select Tag.
  • From the Operator drop-down, select an option.
  • In the Value field, enter a value.
  1. Select Apply.

Invicti Help Center

Our Support team is ready to provide you with technical help.

Go to Help Center This will redirect you to the ticketing system.