The remote agent architecture is built from 3 main components:

Siemplify

  • Communicates with the Publisher on port 443 under TLS
  • Has no direct access to remote agents
  • Configured to Email agent installation links over SMTP (must use SMTP ports)

Publisher

  • Binding to port 443 for communication with the other components
  • Stores temporary execution data and metadata (encrypted)
  • Keeps scripts and dependencies relevant for execution (encrypted)
  • Keeps log records (no sensitive data)

Remote Agent

  • Communicates with the Publisher on port 443 under TLS
  • Communicates with all third party security products in the remote network in order to run the relevant actions
  • Stores connector information (Gzip) and a config file

Once an integration or a connector is configured to run remotely, the data flow is as follows:

  1. Siemplify publishes a new job on the Publisher Server (for an Environment).
  2. The Agent which is installed on the remote Environment keeps querying the publisher for new jobs to execute.
  3. Once the Remote Agent finds a new job to execute, it fetches all the job data and starts executing it. The job contains all the alert context data and the relevant action execution data.
  4. The Remote Agent publishes the action results, its attachments, and the operations performed back to the Siemplify Publisher.
  5. The Siemplify server polls the publisher and when a job is finished, Siemplify retrieves the result data and attachments and performs any residual tasks on the Siemplify server.
  6. When data is getting into Siemplify, it returns an ACK to the Publisher and from the Publisher to the Agent. The ACK means that the data flow is completed, and the files can be deleted from the Publisher and Agent.

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment