Unauthenitcated Rapid 7 scans on Privileged Mangement on-prem appliances

Hey James.

I would assume that you have UVMs deployed as Virtual appliances to manage EPM.

The UVMs are to be considered “Black Box” and are not allowed to be tampered with, BeyondTrust tests and validate the updates, while they have also applied strict policies on those appliances.

I know that some have persisted to have them domain joined, but far from recommended as GPOs and other stuff can change the security posture on those UVMs and render them way less secure.

I would raise a ticket, but my expected results is your are not to tamper and or install Rapid 7 on them.

The best alternative, jump to PM Cloud if possible.

Jens

I would agree with Jens on this one. A former company I worked for went through getting Crowdstrike agent on these machines. The stipulation for this to be allowed, was zero support post installation on the UVM’s as it falls out of bounds from their standard installation. 

They may raise the same stipulations with your Rapid7 scan.

You are spot on Mike. No support or warranty will be available on those UVMs.

I will open a ticket.  But a little more clarification.  Sounds like the unathenticated scans are just a scan sniffing around the appliance not on it.  And these are not domain joined and are black box appliances.

Hey James.

Yes, do ask BT, it is a grey zone and I would strongly recommend against it.

https://docs.beyondtrust.com/bips/docs/u-series-best-practices

Added a few KB for reference of hardening etc. it should not be needed with scans initially.

https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0021093

https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0017407