| Table of Contents | ||||
|---|---|---|---|---|
|
| Note |
|---|
Devo is deprecating the current Devo Endpoint Agent to replace it with Snare. We will cease to provide product support as of July 31, 2024. If you are an existing Devo Endpoint Agent user, we suggest you contact your CSM to discuss migrating to Snare. |
Overview
The Devo Endpoint Agent (Devo EA) is a multi-platform and multi-purpose endpoint monitoring solution that allows Devo customers to recollect a variety of datasets sitting in their infrastructure, process them in an efficient way, and create a comprehensive view that spans multiple applications and use cases in areas such as security monitoring, IT health and performance monitoring or capacity planning.
...
Application
Powershell
Setup
Security
System
| Note |
|---|
Current versions of Devo Endpoint Agent might not behave correctly when handling 200~300 Windows Events per second in a single Windows Server. |
File logging
Osquery's vanilla version does not implement the capabilities to scan the contents of arbitrary log files and folders, and expose these logged events as the result of queries. To fill that gap, a new Osquery extension has been created that allows for some files and folders to be parsed and uploaded. This feature enables the Endpoint Agent to gather the log information for virtually any application running on the host.
...
Osquery exposes a set of stats and lists of events of its own status, such as scheduled queries query info, Osquery events, extensions running, configuration loaded, and so on. The EA gathers this information and saves it in Devo.