DeepSurface: Microsoft Endpoint Configuration Manager (part of InTune)

Documentation
Installation Guide
Overview
Let DeepSurface Host For You
Getting Started
System Requirements
Self Hosted Quick Start - Installing to Cloud Platforms
Self Hosted - Installation Using an OVA
Registration, Package Installation, and Initialization
First Steps After Initialization of the Console
Deployment Options
Main and Subordinate Consoles
Agent-Based Deployment
User Managed Scan Deployment
Credentialed Scanning Deployment
Mixed Environment
Deployment Tools
Active Directory Group Policy
Microsoft Endpoint Configuration Manager (part of InTune)
Tanium Deploy
HCL BigFix
Ivanti
Virtual Machines
VMWare
Virtual Box
VirtualBox Guest Additions
AWS EC2 (BYOL)
AWS EC2 (Usage Based)
Azure Cloud
Google Cloud
Additional Items to Consider
Main Console Server Certificates
LDAP
TOFU
Clock Sync
DeepSurface Commands
Multiple Vulnerability Sources
API Documentation
User Guide
Reporting
Dashboards
Exports
Risk Insight
Hosts
Patches
Vulnerabilities
Vulnerability Instances
Users
Remediation Workflow Manager
Plans
Settings
Integrations
Workflow
Exporting
Accepted Risk Plans
Accepted Risk Workflow
Explore
Model
Paths
Activity
Tasks
Configuration Alerts
Scan Logs
Notification Settings
Scanning
Status
Agents
User Managed
Credentialed Scanning Settings
Credentials
Scan Groups
General Settings
Cloud Scanning
Network Connectivity
Subordinates
Vulnerability Sources
Setup
Sensitive Assets: Polices
Sensitive Assets: Manual
Admin Settings
SMTP Settings
Certificates
Outbound Proxy
Authentication Providers
Users
Tags
Integrations Guide
Vulnerability Sources
CrowdStrike Spotlight
SentinelOne
Carbon Black Cloud
Microsoft Defender for Endpoint
Wazuh
Lansweeper Cloud
Nessus API
Tenable.io API
Security Center/Tenable.sc API
Rapid7 InsightVM API
Qualys API
Nozomi Guardian
Eclypsium
AWS Inspector
Remediation
Jira Software
Tanium (BETA)
Authentication Providers
LDAP (Active Directory)
SAML (Azure Active Directory)
SAML (Google)
SAML (Okta)
PAM
CyberArk
Delinea (Thycotic)
Microsoft LAPS
Security Guide
Firewall Configuration
Base Network Requirements
Agent Network Requirements
Credentialed Scanning Network Requirements
API Network Requirements
How DeepSurface Scans Work
Domain (LDAP) Scanning
Host Scanning Routine
Reasons for the Administrative Access Requirement
Endpoint Protection Considerations
Other Items
Scope of Data Storage and Retention
IPS/IDS Considerations
Logging
Resetting the DSADMIN password
Product Information
Changelogs
Open source Licenses
End User License Agreement (EULA)

Using Microsoft Endpoint Configuration Manager (MECM) with DeepSurface RiskAnalyzer

There are many ways for DeepSurface RiskAnalyzer to gather the data on the hosts in your environment. Two of these ways can use automated tools, such as MECM, to either run a script remotely (user managed scan) or install the DeepSurface agent. Below is a guide for both methods depending on which method will work best for your given environment.

Before deciding on which method to use for a given host or group of hosts, consider what may make the most sense from a maintenance, access rights, and/or system loading perspective. Should you have any questions about how to decide on a method, don’t hesitate to reach out to DeepSurface support for further guidance.

Prerequisites

Obtain the Relevant Script

The first step to installing a DeepSurface Agent or running a User-Managed Scan with RiskAnalyzer is to configure the associated endpoints, and then obtain the script related to the specific deployment method.

DeepSurface Agent

  1. In the RiskAnalyzer console, navigate to: *Scanning > Agents > Edit Agent Configuration

  2. Ensure the endpoint configuration and blackout settings are correct. For more information on these settings, refer to the embedded product manual. Once finished, save this configuration.

  3. Upon returning from the Edit Agent Configuration screen, you will be presented with instructions on how to download and run the installation script. Download this script. Finally, copy the command and arguments presented on the page for later use.

User-Managed

  1. In the RiskAnalyzer console, navigate to: *Scanning > User Managed> Edit User Managed Configuration

  2. Ensure the endpoint configuration settings are correct. For more information on these settings, refer to the embedded product manual. Once finished, save this configuration.

  3. Upon returning from the Edit User Managed Configuration screen, you will be presented with instructions on how to download and run the installation script. Download this script.

  4. Finally, copy the command and arguments presented on the page for later use.

The command and arguments presented on the page should resemble this:

User Managed Configuration

NOTE: The name of the script varies depending on deployment method and will be referred to as “<deployment-script>” throughout the rest of this document.

Deploying with MECM

Prepare the installer

  1. Launch the Configuration Manager Console and select Software Library
  2. Select Overview > Right-Click Scripts > Create Script
  3. Specify script details with a name and description, leaving the script language defaulted to PowerShell
  4. Paste the modified <deployment-script> file into the script box
  5. Click Next
  6. Click inside the Default Value box for the thumbprint, registration_code, and endpoint parameters, entering the appropriate value for each. (Refer to the Obtain the Relevant Script section above if you are unsure of the required values for these parameters.)
  7. Select Next and confirm the details
  8. Upon completion, click Close to exit the wizard

Running the installation script

  1. Right-click the script and click Approve/Deny. Click through the wizard and verify that the thumbprint, registration_code, and endpoint parameter fields are correct.
  2. Click on Assets and Compliance. Select the agent installation target devices.
  3. Right-click your selection and click Run Script. Select the script you created and hit Next.

Verify your installation

  1. The script status will be displayed on the next screen
  2. Log into the DeepSurface appliance console and check the Scanning > Status > Agent/User Managed section. Your DeepSurface agents will show up here as they check-in.