Sources

Edit online

A source is a location where IBM Security® Randori conducts activities. The types of sources are Local, Network, and External Worker.

The sources that you create can help expand your knowledge of your internal attack surface, so you gain a deeper understanding of your organization's internal security landscape. Both local and network sources are implants that an authorized security team installs to call back to the Randori infrastructure. Depending on the type of source that you create, the infrastructure is used to run activities through the implant either locally or on your entire network.

Each source is assigned a perspective that indicates the point of view of that source and defines the scope of the network entities that it can access. The entities that are discovered from the source inherit the source’s assigned perspective. For more information, see Perspectives.

Source types
System requirements
Network source requirements

Source types

The following table outlines the different types of sources and their capabilities.

Table 1. Types of sources
Source type	Description	Use case	User generated?	Perspective types
Local	Runs activities only on the device that the source is installed on.	Run to check the responsiveness in your EDR solution and verify that the designed configuration controls are working as expected.	Yes	Internal only
Network	Runs activities on multiple entities within your network, not just the device that it is installed on. After the source is installed, it runs reconnaissance activities across your internal network to see what it can discover. If you allow and authorize the discovered entities, you can run validation activities against them.	When you run network activities, you can see whether your network segmentation is working as expected. You can also test your internal devices against known vulnerabilities.	Yes	Internal only
External Worker	A cloud node that runs externally to a customer environment. An external worker is part of the Randori infrastructure.	This source runs the Randori activities externally.	No	External only

System requirements

To run local and network sources, your target system needs to meet the following requirements.

Table 2. System requirements for local and network sources
Requirement	Description
Internet connection	Yes
Supported OS versions	Windows 10 or later Important: Windows systems are supported for local sources only, not network sources. Linux® Kernel 4.0.0 or later
Architecture requirements	`x86` `x86_64`

Network source requirements

The system where the source is installed must have internet access. Specifically, your system must be able to access the Randori Redirector IP, which is found on the Source Details page. Configure your firewall rule to allow outbound access.

The following rules need to be present to allow access to Randori infrastructure:

Rule	Source IP	Destination IP	Destination port or protocol
Redirector	The asset's IP address that exits to the internet	The Randori Redirector IP address. Tip: This IP address is on the inspection pane for a source. The information can take a few minutes to generate in the pane.	Any port over TCP.
Callback	The asset's IP address that exits to the internet	35.224.165.87 35.223.164.15	Any port over TCP and UDP.

Rule

Source IP

Destination IP

Destination port or protocol

Redirector

The asset's IP address that exits to the internet

The Randori Redirector IP address.

Tip: This IP address is on the inspection pane for a source. The information can take a few minutes to generate in the pane.

Any port over TCP.

Callback

The asset's IP address that exits to the internet

35.224.165.87

35.223.164.15

Any port over TCP and UDP.