| Main configuration | |
|---|---|
| Name | Description |
| Global configuration | Global and remote settings |
| Cluster | Master node configuration |
| Registration service | Automatic agent registration using service |
| Main configuration | |
|---|---|
| Name | Description |
| Global configuration | Logging settings that apply to the agent |
| Client configuration | Settings related to the connection with the manager |
| Anti-flooding settings | Agent bucket parameters to avoid event flooding |
| Labels | User-defined information about the agent included in alerts |
| Alerts and output management | |
|---|---|
| Name | Description |
| Alerts | Settings related to the alerts and their format |
| Integrations | Slack, VirusTotal and PagerDuty integrations with external APIs |
| Auditing and policy monitoring | |
|---|---|
| Name | Description |
| Policy monitoring | Configuration to ensure compliance with security policies, standards and hardening guides |
| OpenSCAP | Configuration assessment and automation of compliance monitoring using SCAP checks |
| CIS-CAT | Configuration assessment using CIS scanner and SCAP checks |
| System threats and incident response | |
|---|---|
| Name | Description |
| Vulnerabilities | Discover what applications are affected by well-known vulnerabilities |
| Osquery | Expose an operating system as a high-performance relational database |
| Inventory data | Gather relevant information about system OS, hardware and packages |
| Active response | Active threat addressing by inmmediate response |
| Active response | Active threat addressing by inmmediate response |
| Commands | Configuration options of the Command wodle |
| Docker listener | Collects events on Docker containers such as starting, stopping or pausing. |
| Log data analysis | |
|---|---|
| Name | Description |
| Log collection | Log analysis from text files, Windows events or syslog outputs |
| Integrity monitoring | Identify changes in content, permissions, ownership and attributes of files |
| Agentless | Run integrity checks on devices such as routers, firewalls or switches |
| Cloud security monitoring | |
|---|---|
| Name | Description |
| Amazon S3 | Security events related to Amazon AWS services, collected directly via AWS API |
| Azure logs | Configuration options of Azure-logs Wodle |