Main configurations

Global configuration

Global and remote settings

Cluster

Master node configuration

Registration service

Automatic agent registration service

Global configuration

Logging settings that apply to the agent

Communication

Settings related to the connection with the manager

Anti-flooding settings

Agent bucket parameters to avoid event flooding

Labels

User-defined information about the agent included in alerts

Alerts and output management

Alerts

Settings related to the alerts and their format

Integrations

Slack, VirusTotal and PagerDuty integrations with external APIs

Auditing and policy monitoring

Policy monitoring

Configuration to ensure compliance with security policies, standards and hardening guides

OpenSCAP

Configuration assessment and automation of compliance monitoring using SCAP checks

CIS-CAT

Configuration assessment using CIS scanner and SCAP checks

System threats and incident response

Vulnerabilities

Discover what applications are affected by well-known vulnerabilities

Osquery

Expose an operating system as a high-performance relational database

Inventory data

Gather relevant information about system OS, hardware, networking and packages

Active response

Active threat addressing by inmmediate response

Active response

Active threat addressing by inmmediate response

Commands

Configuration options of the Command wodle

Log data analysis

Log collection

Log analysis from text files, Windows events or syslog outputs

Integrity monitoring

Identify changes in content, permissions, ownership, and attributes of files

Agentless

Run integrity checks on devices such as routers, firewalls and switches

Cloud security monitoring

Amazon S3

Security events related to Amazon AWS services, collected directly via AWS API