Versions Compared

Old Version 1

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
typeflat
Note

Devo is deprecating the current Devo Endpoint Agent to replace it with Snare. We will cease to provide product support as of July 31, 2024. If you are an existing Devo Endpoint Agent user, we suggest you contact your CSM to discuss migrating to Snare.

Overview

The Devo Endpoint Agent (Devo EA) is a multi-platform and multi-purpose endpoint monitoring solution that allows Devo customers to recollect a variety of datasets sitting in their infrastructure, process them in an efficient way, and create a comprehensive view that spans multiple applications and use cases in areas such as security monitoring, IT health and performance monitoring or capacity planning.

...

  • Application

  • Powershell

  • Setup

  • Security

  • System

Note

Current versions of Devo Endpoint Agent might not behave correctly when handling 200~300 Windows Events per second in a single Windows Server.

File logging

Osquery's vanilla version does not implement the capabilities to scan the contents of arbitrary log files and folders, and expose these logged events as the result of queries. To fill that gap, a new Osquery extension has been created that allows for some files and folders to be parsed and uploaded. This feature enables the Endpoint Agent to gather the log information for virtually any application running on the host.

Osquery allows for an almost unlimited number of scenarios and use cases combining the supported data schemas with standard capabilities (for example, trigger http requests via curl and retrieve the results). For that reason, the solution has been conceived to pass through any custom configuration and upload the results of it to the provisioned data structures. Needless to say, a bespoke parsing process might be needed in those cases (with a customer-specific synthesis table).

Agent monitoring

Osquery exposes a set of stats and lists of events of its own status, such as scheduled query info, Osquery events, extensions running, configuration loaded, and so on. The EA gathers this information and saves it in Devo.