Data querying in Devo
- Anthony Shevlin (Deactivated)
- Juan Tomás Alonso Nieto (Unlicensed)
All data structures defined for the Universal Agent use the following tagging structure: box.devo_ua.category.subcategory. It is, therefore, the root tag from which all subtables are made accessible.
The following table summarizes the current implementation of data structures and their associated tagging.
Module | Root data structure | Data tables |
|---|---|---|
Configuration audit | box.devo_ua.configuration | box.devo_ua.configuration.system_info box.devo_ua.configuration.users box.devo_ua.configuration.groups box.devo_ua.configuration.user_groups box.devo_ua.configuration.disk_info box.devo_ua.configuration.network box.devo_ua.configuration.win_software |
Performance monitoring | box.devo_ua.performance | box.devo_ua.performance.cpu_mem box.devo_ua.performance.disk_io box.devo_ua.performance.disk_usage box.devo_ua.performance_network |
Status monitoring | box.devo_ua.status | box.devo_ua.status.listening_ports box.devo_ua.status.process_open_sockets box.devo_ua.status.processes box.devo_ua.status.users_loggedin |
Events - Windows | box.devo_ua.events_windows | box.devo_ua.events_windows.application box.devo_ua.events_windows.powershell box.devo_ua.events_windows.security box.devo_ua.events_windows.system |
Events - Unix | box.devo_ua.events_linux | box.devo_ua.events_linux |
Files logger | box.devo_ua.files | Custom |
Custom queries | box_devo_ua.unknown | Custom |
Besides that, the Universal Agent solution sends real-time analytics and diagnostics information of the managers, agents, and extensions deployed in a given environment. The targeted data structures are the following:
Module | Root data structure | Data tables |
|---|---|---|
Manager telemetry and diagnostics | devo.ua.manager | devo.ua.manager.status |
Agent telemetry and diagnostics | devo.ua.agent | devo.ua.agent.status |
Extensions telemetry and diagnostics | devo.ua.extensions | devo.ua.extensions.fetchfiles_config devo.ua.extensions.fetchfiles_info |