RunZero
About
Overview
Key Characteristics
| Key | Value |
|---|---|
| Name | RunZero |
| Documentation | https://help.runzero.com/docs/ |
| Author | HD Moore and RunZero team |
| Category | #service |
Description
RunZero provides active scanning, passive discovery, and API integrations unite in one powerful platform to deliver complete visibility into managed and unmanaged assets across IT, OT, IoT, cloud, mobile, and remote environments.
Components
- A SaaS-based console
- One or more Explorers, which is some agent software installed on a computer or in a virtual environment.
Learning RunZero
Some resources for quickly learning or practicing RunZero usage:
- Platform documentation
- Once you sign up, there is a help icon in the upper right, with a “getting started” option that will guide new users through deploying an explorer and reviewing the scan results
Setup
Simply install the binary on the host with the parameters provided in the console.
Configuration
Configuration is managed on the console level and there is very little agent-specific configuration to make, as the configuration revolves around the scan timing, intensity, the plugins or additional services that will be invoked, and the scope of the IP space to be scanned.
Updating
Usage
Getting Started
How RunZero fits in an Intel workflow
RunZero provides the analyst with an impressively-detailed level of situational awareness for their own environment. With this knowledge, threat hunters can get an overview of the distribution of asset types, so they can quickly correlate against known targeting or even identify assets that were previously unknown and look for exploitable services among them.