Because collecting data from endpoints can sometimes be a pain (to say the least), SEKOIA.IO provides its own agent allowing to collect all relevant logs, from your workstations and servers, with a minimal configuration overhead. It is currently available for Windows and Linux.
The agent has been designed to be as easy to install and use as possible, allowing for rapid deployment on a maximum number of machines, be they desktops, application servers, Kubernetes, etc.
Once installed, the Agent is immediately operational and you’ll be receiving security-related events directly in SEKOIA.IO platform in no time. This telemetry data is essential for analysts to correlate, investigate and trace all actions and operations that have been recorded, such as process executions, file changes, network communications, etc.
No more hard to build and maintain configurations, simply deploy the SEKOIA.IO endpoint Agent on all workstations or servers you want to protect. As the detection intelligence is provided centrally on our platform, the agent has been optimised to use the least amount of hardware resources possible.
The Endpoint Detection Agent is easy to install on Windows or Linux systems once you created a dedicated intake key on XDR platform. Just follow the steps below to install the Agent and simplify Windows and Linux log collection!
How to install the SEKOIA.IO Agent?
- Create a new intake associated to the SEKOIA.IO Agent
- Download the last version of the agent for your OS
- Install the agent on all your machines
- That’s all!
Once installed, the agent collects event logs, normalizes them and sends them to SEKOIA.IO.
See full installation instructions in the documentation.
Thanks for reading this tutorial. Other similar content you might be interested in on our blog:
- How to use SEKOIA.IO indicators in Microsoft Sentinel?
- Crafting detection rules for SecOps efficiency.
- Improve your threat detection with Sigma correlations.