Document toolboxDocument toolbox

Activeboard: Endpoint Agent Monitoring

Owned by Former user (Deleted)
Last updated: May 25, 2023 by Borja Moro Moreno
2 min read
[ 1 Purpose ] [ 2 Prerequisites ] [ 3 Open Activeboard ] [ 4 Use Activeboard ]

Purpose

The Endpoint Agent Monitoring Activeboard provides visibility of the data received from the Endpoint Agent fleet deployed in your environment. This Activeboard builds on top of Osquery and FleetDM, and provides real-time visibility and information that span through configuration, execution status, or performance. The Endpoint Agent Monitoring Activeboard implements four use cases:

  • Fleet overview: Active endpoints and managers, configuration, and status.

  • Data retrieval processes: Configured packs, queries, and associated ingestions data (events, volumes, etc.)

  • Alerts: Summary of alerts triggered on Endpoint Agent Data.

  • Endpoints status drill-down: Latest events and configuration details.

General (filter by)

EAM hostname: Select input

EA host IP: Select input

Query packs: Select input

EAM host IP: Select input

Endpoint OS: Select input

Queries: Select input

EA hostname: Select input

Endpoint tags: Select input

 

Section 1: Fleet overview

Active EAMs: Simple value widget

EAM modes by # of endpoints: Donut chart widget

Endpoints by OS: Donut chart widget

Active Endpoint Agents: Simple value widget

EAM nodes by # of events: Donut chart widget

Endpoints by tags: Donut chart widget

Endpoints and events count: Column chart widget

Endpoints by geolocation: Markers map widget

 

Section 2: Data Ingestion, queries, and pack details

Events count: Simple value widget

Clone of Packs by number of events: Donut chart widget

Avg. event size: Simple value widget

Max EPS in interval: Simple value widget

Events breakdown analysis: Voronoi widget

Queries by number of events: Donut chart widget

Packs by number of events: Donut chart widget

 

Events volume: Simple value widget

Queries by type: Donut chart widget

Section 3: Alerts on Endepoint Agent data tables

Total domain alerts: Simple value widget

Endpoint Agent alerts: Simple value widget

EA alerts over time: Column chart widget

Section 4: Agents' activity details

Ednpoints activity details: Table widget

 

 

Prerequisites

To use this Activeboard, you must have the following data sources available in your domain:

Open Activeboard

Once you have installed the Activeboard, you can use the Open button at the top right of the card in Exchange to access it and see the different widgets populated with the relevant data. You can also access the Activeboard area via the Navigation pane.

Data loading takes too long?

Sometimes some widgets take time to upload the data, it is possible to speed up the process by creating aggregation tasks. Refer to the Aggregation tasks article to learn how to do it.

Use Activeboard

After installing and opening the Activeboard, you can use its widgets to visualize and monitor data. To do this, each widget offers a variety of customization and visualization options. Refer to Using widgets and Using inputs to know them all.