Hey ​@mj15! As I understand it, for Detailed Discovery scans this requires TCP/445 or TCP/139 to be open on the scan target, and once connected to the target host the agent will communicate with the BTExecService over this port. All sessions originate from the BT Discovery Agent (BDA) so there aren’t any inbound port requirements on the BDA host machine. KB0017022 has all of the requirements for staging a Windows system for discovery scans (KB linked below).

Here are a couple of helpful KB articles on the topic:

• KB0016963: BeyondTrust Remote Execution Service
• KB0017022: Configuring Windows hosts for Discovery scanning

Hi the below article list the ports and protocols 

https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0019381

-Communication and port list for Password Safe Cloud Resource Brokers and tenant (instance)

Thanks Nik and Glenn for the response. 

The articles does not mention anything about directions for these ports, whether it will be unidirectional or bi-directional. Can you please throw some light on it or if I have missed out to locate it in the articles? 

Thanks in advance.  

Regards,

Mahendra

Hi ​@mj15,

let me give you some examples. Always one direction. You can find them in the KB article Glenn posted:

General communication

Resource Broker(s) → PScloud (your tenant) Port 443

Discovery

Resource Broker(s) → Windows device Port 445

Resource Broker(s) → SSH Device Port 22

Session

Resource Broker(s) → Windows device Port 3389 (RDP)

Resource Broker(s) → SSH device Port 22

Ports for Password Safe Users

User Client → PS Cloud interface Port 443

User Client → Resource Broker(s) Port 4489, 4422 (to start RDP and SSH sessions)

I have updated the article so the port direction is more clear:  Communication and port list for Password Safe Cloud Resource Brokers and tenant (instance)