The Remote Agents module provides a secure way to connect a local Siemplify instance to remote sites. This provides MSSP and enterprise security operations centers with a variety of capabilities:
- Execute actions and playbooks on remote sites directly from Siemplify
- Pulling alerts and security data from remote sites with remote connectors
- Connect to separate networks to pull data for incident response purposes
The Remote Agents infrastructure consists of 3 main components:
Deployment of Siemplify platform to consolidate all security alerts in one place, and orchestrate security and network products with automated workflows.
A proxy component that receives and holds commands from Siemplify Platform, is polled for new commands by the Remote Agents, gets new alerts and data from the Remote Agents and sends it back to Siemplify upon request.
This component enables one sided communication only, It cannot initiate any communication, only gets new commands from Siemplify / get snew alerts from the Remote Agent, and per request, send new commands to the Remote Agents and new alerts to Siemplify.
A lite agent deployed on the remote site. The agent pulls new jobs from the Publisher, executes locally (on the remote\separate network) and updates the Publisher with the results.
The agent is easily distributed and allows MSSP end customers to deploy it by themselves.
The agent can initiate communication with the Publisher to get new commands and to send new alerts and data.