Endpoint Agent Monitoring
Purpose
The Endpoint Agent Monitoring Activeboard provides visibility of the data received from the Endpoint Agent fleet deployed in your environment. This Activeboard builds on top of Osquery and FleetDM, and provides real-time visibility and information that span through configuration, execution status, or performance. The Endpoint Agent Monitoring Activeboard implements four use cases:
Fleet overview: Active endpoints and managers, configuration, and status.
Data retrieval processes: Configured packs, queries, and associated ingestions data (events, volumes, etc.)
Alerts: Summary of alerts triggered on Endpoint Agent Data.
Endpoints status drill-down: Latest events and configuration details.
Pre-requisites
To use the Endpoint Agent Monitoring Activeboard, you must have the following data sources available in your domain:
box.devo-ea
siem.logtrust.alert.info
learn more
Open Endpoint Agent Monitoring
Once you have installed the application, you can access the Activeboard in the following ways:
Go to Exchange in the navigation pane and look for the Activeboard you want to open. Click Open.
Â
Go to Activeboards in the navigation pane and use the filter to open the Activeboard you downloaded.
Â
Refer to Manage and filter Activeboards article to know how to work with Activeboards.
Exploring the Activeboard
When opening the Endpoint Agent Monitoring Activeboard, the following info displays:
Â
The Activeboard is divided into four sections:
Section 1: Fleet Overview.
Section 2: Data Ingestion, queries, and pack details.
Section 3: Alerts on Endpoint Agent data tables.
Section 4: Agents' activity details.