We were looking at agent documentation and setting up proxy information. It discusses the word collectors, is the console acting as a collector when agent is deployed? because “data collection” polls 6 hrs on agent… Is a collector an actual device that is set up within Rapid7 environment separate from the agent, i thought the agent was the collector?
This is a very good question, we use the word collector in a couple of places so I agree we could have been a little clearer (the good news is we’re making some changes which should help clarify this further in the future!)
There is an imbedded collector on the console which does quite a few things including handling of processes between the console and the platform for synchronization of data between the two. However, there is also a concept of a stand alone collector which can be used in air gapped locations (assets with an agent installed which are air gapped can forward their traffic to this collector, if configured to do so), this can also be used for proxy or other situations. The agents themselves are also proxy aware. To answer your second question, yes, the collector is software that gets installed on a seperate server/asset from your console. The embedded collector on your console is irreplaceable and is not interchangeable with the collector used for agents, they are two separate concepts.
A collector is not required for using the Insight Agent.
I hope this helped clarify the collector for you! There is more detailed technical documentation that can be found here: Collectors in InsightVM | InsightVM Documentation
Please let me know if you have any additional questions I may help with.
okay so that makes sense. The part above so is that how the agent works? Anytime you add an agent to server it automatically gets a stand alone “collector” so it can Poll the every 6 hrs?
The agent doesn’t require the standalone collector to function For a moment, let’s remove ‘collector’ from the conversation.
You can deploy agents in your environment (installing them on your individual assets) and the agents will beacon to the platform every 6 hours by default. These agents are proxy aware. This means that any change on the assets that have an agent on them will be assessed every 6 hours and sent to the platform and then correlated by your console. That’s it!
As I mentioned, these agents are proxy aware but the collectors are as well. I personally like simplicity so unless the environmental factors call for a need for the collector and additional infrastructure, I’d opt for deploying the agents by themselves. Again, it depends what the business and environmental needs are - there isn’t one size that fits all.
Okay that makes sense.
So my networking team wants to add a proxy. I think we need to open port 8843 from anywhere to the console for use as a proxy for agent updates is that the correct statement to make as well? In order for agents to receive the updates that are pushed out ?
Sorry I missed your reply here! All agent communication requirements can be found via the below two links:
For more information on how the agent updates in case this is helpful: https://docs.rapid7.com/insight-agent/how-the-insight-agent-software-updates
For the last link specifically on updates, remember this is just update priority list, which means if no collector exists NO PROBLEM since one is not required It will try through proxy if one is configured. If one is not configured, then again no problem! It will try directly to the platform in that case which is why you must ensure the network requirements in the first link I provided are in place appropriately.