AlienVault Agent Now Has Improved Filtering Capabilities

October 3, 2018 | Julia Kisielius
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

On July 31st, we publicly launched new endpoint detection and response (EDR) capabilities in USM Anywhere, AlienVault’s unified solution for complete threat detection, response, and compliance. With EDR built into USM Anywhere, users can centralize security monitoring of their endpoint and network activities across cloud and on-premises environments, without the need to deploy, integrate, and manage a separate solution. The platform automatically correlates security events from across their IT infrastructure using continuous threat intelligence from the AlienVault Labs Security Research Team, helping security teams quickly detect, prioritize, and respond to threats.

Customers have been excited to use the new capabilities, which are enabled by the AlienVault Agent, a lightweight endpoint agent based on osquery that performs continuous endpoint monitoring as part of the unified platform. Amidst the positive feedback for the Agent, we’ve also asked customers to share the most important ways we can continue to improve its functionality. More granular control over the data the Agent collects has been the most requested enhancement

Today, we’re pleased to deliver the ability to filter events from the AlienVault Agent for added control over your data consumption. Now, you can create a filtering rule directly from any agent-based event in USM Anywhere, making it fast and easy to customize the data you collect.

Filtering rules aren’t the only way to regulate your data consumption with the AlienVault Agent. When you deploy the Agent, you immediately leverage the expertise of the AlienVault Labs Security Research Team to manage your data usage with the “optimized” configuration profile, which is selected by default. The Labs Team designed this configuration profile to collect only the security-relevant data from your endpoints, enabling you to get up and running quickly without consuming more data than you need. Alternatively, you can choose to collect additional endpoint data, including syslog events, by switching to the “full” profile. With either configuration profile, you can add filtering rules for additional control over the type of data the agent collects.

Deploying the AlienVault Agent extends USM Anywhere’s powerful threat detection and response capabilities to the endpoint, enabling you to detect modern threats and monitor critical files (FIM) on your Windows and Linux endpoints. Continuous threat intelligence from the AlienVault Labs Security Research Team ensures the AlienVault Agent’s queries are always up-to-date to detect the latest threats.

Unlike point security solutions, USM Anywhere combines multiple security capabilities into a unified cloud platform, including EDR, SIEM, IDS, vulnerability assessment, and more, giving you the essential security capabilities you need in a single pane of glass, drastically reducing cost and complexity.

Learn more about the AlienVault Agent and the new EDR capabilities in USM Anywhere:

Julia Kisielius

About the Author: Julia Kisielius, AlienVault
Julia joined AlienVault as a Product Marketing Manager in February 2017. Previously, she was a product manager at Giving Docs, an early-stage startup that makes fundraising software for nonprofits. Before that, she worked on data products and processes to help Tufts University fundraisers raise more than $80M per year. Julia started her career at an asset management firm with $200M under management, where she researched, edited, fact-checked, and promoted financial literacy resources such as books and columns. She graduated from the University of Connecticut with a B.A. in English.
Read more posts from Julia Kisielius ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL