⚠️ Important ⚠️

A list of important considerations when using the Kikimora Agent

Scanning third-party infrastructure is generally frowned upon (or illegal)

If you are planning to use the Kikimora agent on a third-party infrastructure, you should first ask for permission. Unauthorised scanning/monitoring can be considered a crime, based on local law and regulations.

Doesn't apply to publicly available assets and infrastructure!

Initiating a scan will require access to the underlying infrastructure

While using the agent you are likely to receive this message when you try to scan a new asset. This is a protection mechanism to protect against unauthorised access. If you just want to test how the agent works you can use the examples in Testing Data [Vulnerable Website].

Once you have updated the domain DNS settings you will be able to perform all functions. For smaller or personal projects we have also enabled domain relevance - eg. by design you will be able to scan the infrastructure if your domain originates from the organization -> angel@example.inc CAN scan example.inc.

Deploying an endpoint agent requires direct access to the asset.

Due to the precise details and monitoring features of the Wazuh agents, the only way to test the ednpoint features inside the Kikimora Agent will be to deploy an agent manually on the asset itself.

Deploying an endpoint agent requires administrative acces.

Context Window & Limitation

We have experimented a lot with the agent, and based on the current implementation, it is expected to run out of memory in longer queries. This doesn't interupt the train of thought, just stops the active reply until you type 'Continue'.

This is an intentional choice during Early Access to ensure the performance and resource spending are optimized rather than abused.