Claroty Edge v1.4.12 Installation Guide 20230402
Claroty Edge v1.4.12 Installation Guide 20230402
Claroty Edge v1.4.12 Installation Guide 20230402
Guide
Edge Version 1.4.12
Confidential & Proprietary | Copyright © 2023 Claroty Ltd. All rights reserved
02-Apr-2023
Edge Installation Guide
TABLE OF CONTENTS
Claroty Edge is designed to bring fast, easy, and simple visibility into the OT environment. Claroty
has used all of its deep knowledge of OT, IT, and IOT environments to design a probe that gathers
rich information from assets, in a safe and secure manner. From a high level, Claroty Edge will
install onto Windows hosts throughout the OT / IT / IOT environment, and gather the following
data:
All of this data is then sent to an upstream CTD site, where this data will be aggregated from
multiple Edges to give the following:
2. System Requirements
Claroty Edge is designed to be a low-impact and efficient process. For any of the deployment
scenarios above, see the CTD Architecture Guide CTD Server for the minimum specifications for the
CTD Site Server.
2.1. Dependencies
JavaScript is required to be enabled on the browser to successfully run Edge.
3. Configuration Options
The Edge system has a simple configuration setup, designed to allow for quick execution. There is
both a UI execution method and a command line execution method.
By default, the system is pre-configured to perform local host discovery for Windows information,
and network discovery for neighboring asset discovery. The general configuration options here
are as follows:
• Host Discovery
• This identifies local Windows configuration information.
• Network Discovery
This will by default perform the following series of discoveries:
• IT/OT/IoT Broadcast Discovery
• This will perform UDP broadcast discoveries for assets in the environment. This will capture
initial information about these devices, and identify equipment that can be queried directly
for more information
• Subnet Identification (ICMP)
• This will perform a ping sweep of the local network, looking for any neighboring devices
• IT/OT/IoT Direct Discovery
• These are more direct queries based on the information captured in the broadcast discov-
ery and ICMP discoveries, which will capture detailed information on IT, OT, and IoT equip-
ment
By default the system will send results directly to a CTD site, and requires the following informa-
tion:
• CTD address
• The IP address of the upstream CTD
• User (default admin)
• Username of the built-in administrator account
NOTE
User created administrator accounts are not supported.
If data cannot be sent directly to an upstream CTD, the results can be saved to a file for later
ingestion:
After selecting Run Now, the scan will be performed, and the user will be presented with the
completion screen:
• Download Log
• This will download the logs from the previous Edge execution through the web-browser
• View in CTD
• This will automatically connect to the upstream CTD to see the results of the successful
execution
If the user has a file from a previous Edge execution that they wish to upload to a CTD, they can
select the Upload File to CTD menu from the top of the Edge user interface:
The user can then choose the appropriate .ctd file from their local system, and input the
following information:
• CTD address
• The IP address of the upstream CTD
• User (default admin)
• Username of the built-in administrator account
NOTE
User created administrator accounts are not supported.
After selecting Upload to CTD, Edge will process the file and send it to the upstream CTD, and the
completion screen will be shown:
The user can then use the View in CTD option to see the results.
If the user wants to perform an advanced user configuration option, they can click the Settings
button under Host Discovery or Local Network Discovery to customize the Edge configuration.
Options:
• If the user wants to select which specific discoveries will be run, they can select Edit to see the
following to enable / disable specific discoveries:
For more information about these discovery methods, see Appendix A of the CTD Reference
Guide.
• If the user wants to select which specific discoveries will be run, they can select Edit to see the
following to enable / disable specific discoveries:
For more information about these discovery methods, see Appendix A of the CTD Reference
Guide.
If the user wishes to configure advanced runtime parameters for the entire Edge process, they
can uncheck the Use default EDGE parameters checkbox to present the following advanced
configuration screen:
• Vlan
• This will add the entered VLAN tag into all of the data captured by this Edge run
• Local discovery, including all active methods. Sending the results to a CTD at my_ctd.claroty.com.
Limiting RAM utilization to 1024MB, and not applying the firewall rule:
Claroty_Edge.exe --command discover --allowed-methods active host_in-
fo app_db active_broadcast active_subnet_id active_unicast --ctd-ip
my_ctd.claroty.com --ctd-user admin --ctd-password CTD_PASSWORD --memory-
limit 1024000000 --dont-apply-firewall-rule --accept-eula
• Token-based Edge execution:
Claroty_Edge.exe --accept-eula --command discover --ctd-ip my_ctd.claro-
ty.com --static-token <token>
• Host-only Edge execution:
Claroty_Edge.exe --command discover --allowed-methods host_info app_db --
ctd-ip my_ctd.claroty.com --ctd-user admin --ctd-password CTD_PASSWORD --
accept-eula
IMPORTANT
The token is displayed upon creation and is never shown again!
• The token is encrypted and stored in the configuration under the key workers.authentica-
tion.edge_token.
• The token is passed to Edge and is used to communicate with CTD.
NOTE
You can “revoke“ the token by running the same command again. This creates a new
token and invalidates the old one.
To share a token between multiple sites, you must sync the token and the secret between the
sites.
4. Deployment Instructions
• Running manually and sending the results directly to a CTD site (page 16)
• Running manually and capturing the results to a file, to upload to a CTD site later (page 16)
• Running through an automated means, such as Group Policy or SCCM (page 17)
The system will then automatically run the selected queries on the local host and network, and
send the results directly to the CTD server for processing.
The system will then automatically run the selected queries on the local host and network, and
generate a file that can be downloaded directly from the User Interface. Once this file is available,
this can be uploaded to a CTD server for processing from another Edge session that has direct
connectivity to the CTD server. To complete this upload, perform the following:
1. Start the application on a host that has connectivity to the CTD server
2. Select the Upload EDGE to CTD menu option
The system will then process the file that was loaded in and send the results to the CTD server.
The following is an example of how to run this through a standard GPO implementation.
Assumptions:
• There is an OU that contains the Windows hosts that Edge will run on·
• These Windows hosts have access to an open network share with the Edge executable on it
• These Windows hosts have SSL access to a CTD server
NOTE
BOLD sections must be configured with the appropriate information for the envi-
ronment.
@echo off
set FILEPATH=""
set CTDIP=""
set CTDUSER=""
set CTDPASS=""
set TASKNAME=""
:run
:task
:exit
exit
:error
Exit
Then simply create a .bat file with this script, and place that and the Edge executable file in a
share location that is available to all of the Windows hosts.
Once this script is created, GPO can be configured to execute the script using the following steps: