The Remote Agents module provides a secure way to connect a local Siemplify instance to remote sites. This provides MSSP and enterprise security operations centers with a variety of capabilities:
- Executing actions and playbooks on remote sites directly from Siemplify
- Pulling alerts and security data from remote sites with remote connectors
- Connecting to separate networks to pull data for incident response purposes
The Remote Agents infrastructure consists of 3 main components:
Deployment of Siemplify platform to consolidate all security alerts in one place, and orchestrate security and network products with automated workflows.
A proxy component that receives and holds commands from Siemplify Platform. The publisher accepts only incoming communication from Siemplify platform and Siemplify Agents. The Publisher is used to transfer data in a secure way without any direct access to the remote site.
A lite agent deployed on the remote site. The agent pulls new tasks from the Publisher, executes locally (on the remote\separate network) and updates the Publisher with the results.
The agent is easily distributed, which allows MSSP end customers deploy it by themselves.
The agent uses only outgoing communication to the publisher.
Need more help with this?
Click here to open a Support ticket