USM Anywhere™

The AlienVault Agent

The AlienVault Agent is a lightweight endpoint agent based on osquery, the leading open-source operating system instrumentation framework for Windows, Apple macOS, and Linux. It enables endpoint detection an visibility, file integrity monitoring (FIM), and rich endpoint telemetry capabilities that are essential for complete and effective threat visibility, detection, and compliance.

This agent is easy to install on your host and endpoints, and has a small footprint. An installed agent provides continuous endpoint security monitoring, allowing USM Anywhere to quickly detect threats on your essential assets without the time-consuming manual configuration and setup tasks required to implement and integrate a third-party tool.

Agent Communication

The installed AlienVault Agent communicates over an encryptedCryptographic transformation of data into a form that conceals the data's original meaning to prevent it from being known or used. channel to send data directly to the USM Anywhere service, bypassing the USM Anywhere Sensor, and buffers data locally when the connection to USM Anywhere is unavailable. When a new agent is registered with your USM Anywhere service, the system checks the AlienVault Agent version. Subsequent updates after the initial install are performed manually through the agent command script. To find out more about the most recent Agent versions, see the AlienVault Agent updates on the Product Announcements page.

Related Video Content

To view other related training videos, click here.