Preintegrated query packs
- Juan Tomás Alonso Nieto (Deactivated)
Devo Endpoint Agent works based on packs—a defined set of queries that will be executed periodically in the targeted endpoints existing in the Devo EA. While the user can create their own queries in the EA Manager interface, the following table shows the preconfigured packs delivered with the default package. These will be parsed properly in Devo:
Pack name | Queries | Type | Description |
|---|---|---|---|
DevoConfigurationPack | configuration_disk_info | Snapshot | Physical disks of the system |
configuration_windows_software | Snapshot | List of installed software (Windows) | |
configuration_windows_software_choco | Snapshot | Software installed using Choco (Windows) | |
existing_users | Incremental | User list (incremental) | |
existing_users_snapshot | Snapshot | User list (snapshot) | |
existing_groups | Incremental | Group list (incremental) | |
existing_groups_snapshot | Snapshot | Group list (snapshot) | |
existing_users_groups | Incremental | Correspondence between users and groups | |
existing_users_groups_snapshot | Snapshot | Correspondence between users and groups (snapshot) | |
system_info | Snapshot | Computer identification and hardware info | |
configuration_network | Snapshot | Information about networks in the system | |
operating_system | Snapshot | Operating system information | |
DevoEventsPack | all_windows_events | Incremental | List of Windows Events, tagged by type |
powershell_win_operational_events | Incremental | Powershell (Windows) events, tagged | |
other_sources_win_events | Incremental | Other Windows events tagged as other_sources. These events will show up in box.devo_ea.events_windows | |
all_linux_syslog_events | Incremental | Events gathered in syslog for linux-based systems | |
DevoStatusPack | logged_in_users | Incremental | Users logged in the system (incremental) |
logged_in_users_snapshot | Snapshot | Users logged in the system (snapshot) | |
running_process_snapshot | Snapshot | Running processes list (snapshot) | |
running_process | Incremental | Running processes (incremental) | |
running_process_metrics | Incremental (no removals) | Details about running processes | |
listening_ports | Snapshot | Open network ports in the system | |
process_open_sockets | Snapshot | Open sockets by processes | |
DevoPerformancePack | devo_systat_cpu | Snapshot | CPU and memory load information |
devo_systat_iodisk | Snapshot | Disk read/write load | |
devo_systat_network | Snapshot | Network sent/receive traffic | |
devo_systat_usagedisk | Snapshot | Disk capacity used and free | |
DevoFetchFilesPack | files_content | Snapshot | Last file contents read by fetchfiles |
ffext_files_info | Snapshot | Files and folders to process by fetchfiles | |
ffext_files_config | Snapshot | Fetchfiles configuration |
Packs created outside of this table may not be parsed properly and information will end up in the table box.devo_ea.unknown (in versions up to 1.2.0, box.devo_ua.unknown)
Â