USM Anywhere includes out-of-the-box agent configuration profiles to manage the queries that it runs for an assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. associated with a deployed AlienVault Agent. For each profile, you can view the list of queries, along with a description of the collected logs and the query frequency. Depending on your needs, you can change the default profile so that you will be collecting the log data and generating the eventsAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall. that you need for newly deployed agents.
If you want to specify the profile for some assets, you can set the profile at the asset level. For more information about changing the profile setting at the asset level, see Assigning AlienVault Agent Configuration Profiles.
USM Anywhere provides two configuration profiles for each of the AlienVault Agent deployment types.
Optimized — The optimized profile reduces data consumption by modifying the query behavior in the following ways.
- Optimized — The optimized profile reduces data consumption by modifying the Windows Events query to retrieve only the event types that impact threat detection.
Full — The full (verbose) profile collects and stores all Windows event types.
Important: Using this profile could have a significant impact on your data consumption. For more information about how USM Anywhere manages data consumption and storage, see Subscription Management.
To view detailed information about the agent configuration profiles and change the defaults, navigate to DATA SOURCES > AGENTS and click the Configuration Profiles tab.
To display detailed information about the queries and the collected log information included for a profile, click the profile name. If you are looking for a specific type of log information, enter text in the search box and click the Search icon () to filter the query list.
If you want to see the specific file paths included in the profile's file integrity monitoring (FIM), click the File Integrity tab to display these paths by category.