Rapid 7 Inisight Agent Connection Path

Hi there,

Let me explain the context :
I have configured a proxy for my insight agent to send the logs to my collector with port 8037(configured in the config.proxy file).

I have opened all the traffic from my agents to the collector. I can see that both of them communicate (no denied traffic from firewall).

Now from the Inisight Platform, the connection paths for my agent is “Direct to Platform”.

I thought that if I put hard coded the proxy for my agent, It will force the traffic to go the Collector.
Is there a way to force that ?

Thanks in advance for your responses,
Hugo

Hey Hugo,

So probably not the most fun answer, but the connection path on the Data Collection Management page doesn’t always list the Collector accurately even if forced.

If we look at a lab setup using two Collectors, persephone and eleanor, only persephone is showing explicitly and only on a few assets:
image

The top Ubuntu box is configured to use eleanor and has no direct access, but shows Direct to platform. The second Ubuntu box is allowed to use any path, and shows persephone.
The Windows box and third Ubuntu box are both set to persephone only and has no direct access, and shows different results.
The last Ubuntu box again is allowed to use any path, and shows pesephone.

I know there’s some improvements planned for the Connection Path field, I don’t have an ETA for that, but for now you’ll want to look at the actual Agent traffic or have us look at the Agent logs for you to determine whether it is using the Collector path.
The Data Collection Management page here is inconsistent at best around this.

So, not a great situation, but from all the cases I’ve looked at the Collector paths have been adhered to once defined (and assuming the Collectors are up and running, and reachable by the Agent). Your configuration is most likely fine and the Agent is likely doing that, but again we’d always be happy to just confirm that for you.