Global Agent Requirements

Last updated: December 17, 2025

Global Scan Agent Requirements

The Cyrisma Scan Agent performs local assessments on endpoints and securely communicates results to the Cyrisma cloud platform. To ensure consistent performance, accurate scan results, and reliable communication, all endpoints running a Cyrisma Scan Agent must meet the following global requirements.

This article outlines requirements that apply to all supported operating systems. OS-specific steps, installation methods, and troubleshooting guidance are provided in separate articles.

1. Hardware Requirements

Processor

  • Minimum: 2 virtual CPUs

  • Recommended: 2.8–2.9 GHz processor

A multi-core CPU ensures the agent can perform vulnerability checks, configuration audits, and data scan operations without negatively impacting system performance.

Memory (RAM)

  • Minimum Free Memory Required: 1 GB

  • Recommended Total System Memory: 8 GB

The agent requires at least 1 GB of free memory to operate effectively. Environments running additional workloads or performing large data scans should allocate more memory to avoid slowdowns or instability.

Disk Space

  • Minimum Required: ~500 MB free

  • Temporary Usage: Up to 1–2 GB during data scanning, depending on scan scope

2. Network Connectivity Requirements

All Cyrisma agents require outbound access to the Cyrisma cloud instance to register, receive configuration updates, and upload scan results.

Outbound Connection Requirements

  • Protocol: HTTPS

  • Port: 443

  • Direction: Outbound only

  • Transport: TLS 1.2 or higher

Required Domains

Agents must be able to reach:

  • https://<customer-instance>.cyrisma.com

Your tenant may use additional subdomains, but all are governed under the primary Cyrisma cloud instance domain.

Proxy and Web Filtering Considerations

  • Agents will use system-level proxy settings where applicable.

  • SSL/TLS inspection can interrupt agent provisioning and communication.

    • Cyrisma domains should be added to TLS/SSL inspection bypass lists.

If outbound traffic to the cloud instance is restricted, the agent will not check in or upload results.

3. Firewall & Endpoint Security Requirements

Firewall Rules

  • Allow outbound HTTPS (443) to the Cyrisma cloud instance.

  • No inbound firewall rules are required; the agent never listens for inbound connections.

Endpoint Protection / Antivirus Configuration

Endpoint protection software must allow Cyrisma agent processes to operate normally. Depending on configuration, security tools may attempt to block activities such as:

  • Vulnerability scanning

  • Port scanning

  • Remote attribute collection

  • Data scan operations

  • Compression of scan results

To avoid interference:

  • Exclude the Cyrisma agent installation directory (varies by OS).

  • If directory exclusions are not permitted, allowlist agent-related executable processes.

These allowances ensure that endpoint protection products do not block legitimate scanning functions.

4. Cyrisma Platform Requirements

All agents—regardless of operating system—require the following details to successfully provision and check in:

Provisioning Information

  • Provisioning Key

  • Tenant Cyrisma URL

    • Example: https://ccNNNN.cyrisma.com

These values are supplied through the Cyrisma platform under Admin → Scan Agents.

Provisioning Behavior

Upon installation, the agent:

  1. Contacts the Cyrisma cloud instance.

  2. Awaits approval.

  3. Registers itself to the tenant and receives configuration updates.

Provisioning will fail if:

  • The provisioning key is incorrect

  • The tenant URL is incorrect

  • Outbound access is blocked

5. Security & Permission Requirements

Local Permissions

  • Installation requires administrator/root privileges.

  • The agent service requires elevated permissions to access system configuration, security settings, and file metadata necessary for vulnerability and data scanning.

Network Scanning Permissions

If the agent is used for agentless or network-based scans, a service account with appropriate administrative rights on the target systems is required.
This account allows the agent to collect OS, configuration, and security details from remote machines.

System Performance Impact

Insufficient memory, restricted permissions, or over-aggressive endpoint security filtering may cause:

  • Slow scan performance

  • Failed communication with the Cyrisma platform

  • Incomplete or inaccurate scan data

Validating system readiness before installation greatly reduces these issues.

6. Supported Operating Systems

7. Pre-Deployment Readiness Checklist

Before installing any Cyrisma Scan Agent, verify the following:

  1. The device meets minimum CPU and memory requirements.

  2. The operating system is supported (see OS-specific articles).

  3. Outbound HTTPS (443) to your Cyrisma instance is allowed.

  4. TLS/SSL inspection will not interfere with Cyrisma traffic.

  5. Antivirus and endpoint security solutions allow the agent to run.

  6. Administrative privileges are available on the endpoint.

  7. You have the provisioning key and tenant URL.

  8. (If performing network scans) A service account with required privileges is available.