AlienVault Agent Now Has Improved Filtering Capabilities

On July 31st, we publicly launched new endpoint detection and response (EDR) capabilities in USM Anywhere, AlienVault’s unified solution for complete threat detection, response, and compliance. With EDR built into USM Anywhere, users can centralize security monitoring of their endpoint and network activities across cloud and on-premises environments, without the need to deploy, integrate, and manage a separate solution. The platform automatically correlates security events from across their IT infrastructure using continuous threat intelligence from the AlienVault Labs Security Research Team, helping security teams quickly detect, prioritize, and respond to threats.

Customers have been excited to use the new capabilities, which are enabled by the AlienVault Agent, a lightweight endpoint agent based on osquery that performs continuous endpoint monitoring as part of the unified platform. Amidst the positive feedback for the Agent, we’ve also asked customers to share the most important ways we can continue to improve its functionality. More granular control over the data the Agent collects has been the most requested enhancement

Today, we’re pleased to deliver the ability to filter events from the AlienVault Agent for added control over your data consumption. Now, you can create a filtering rule directly from any agent-based event in USM Anywhere, making it fast and easy to customize the data you collect.

Filtering rules aren’t the only way to regulate your data consumption with the AlienVault Agent. When you deploy the Agent, you immediately leverage the expertise of the AlienVault Labs Security Research Team to manage your data usage with the “optimized” configuration profile, which is selected by default. The Labs Team designed this configuration profile to collect only the security-relevant data from your endpoints, enabling you to get up and running quickly without consuming more data than you need. Alternatively, you can choose to collect additional endpoint data, including syslog events, by switching to the “full” profile. With either configuration profile, you can add filtering rules for additional control over the type of data the agent collects.

Deploying the AlienVault Agent extends USM Anywhere’s powerful threat detection and response capabilities to the endpoint, enabling you to detect modern threats and monitor critical files (FIM) on your Windows and Linux endpoints. Continuous threat intelligence from the AlienVault Labs Security Research Team ensures the AlienVault Agent’s queries are always up-to-date to detect the latest threats.

Unlike point security solutions, USM Anywhere combines multiple security capabilities into a unified cloud platform, including EDR, SIEM, IDS, vulnerability assessment, and more, giving you the essential security capabilities you need in a single pane of glass, drastically reducing cost and complexity.

Learn more about the AlienVault Agent and the new EDR capabilities in USM Anywhere:


Article Link: