USM Anywhere™

The AlienVault Agent

The AlienVault Agent is a lightweight endpoint agent based on osquery, the leading open-source operating system instrumentation framework for Microsoft Windows, Apple macOS, and Linux. It enables endpoint detection and monitoring with central management, contributing to complete and effective threat visibility, detection, and compliance.

The AlienVault Agent is easy to install on your host and endpoints, and has a small footprint. An installed agent provides continuous endpoint security monitoring, allowing USM Anywhere to quickly detect threats on your essential assets without the time-consuming manual configuration and setup tasks required to implement and integrate a third-party tool.

Agent Communications

The AlienVault Agent communicates over an encrypted Cryptographic transformation of data into a form that conceals the data's original meaning to prevent it from being known or used. channel to send data directly to the USM Anywhere service, bypassing the USM Anywhere Sensor, and buffers data locally when the connection to USM Anywhere is unavailable. These agents use two universally unique identifier (UUID)-formatted IDs to interact with USM Anywhere: a host identifier UUID and an asset identifier UUID. Understanding the two AlienVault Agent IDs is important when you deploy agents in virtual machines (VMs). See AlienVault Agent IDs for more information.

When a new agent is registered with your USM Anywhere service, the system checks its version. Subsequent updates are performed manually through the agent command script. To find out more about the most recent agent versions, see the AlienVault Agent updates on the USM Anywhere Product Announcements page.

Related Video Content

To view other related training videos, click here.