Skip to main content

The RuSIEM Agent serves as the event provider for RuSIEM / RvSIEM for sources other than syslog.
Managed via the Web console of the RuSIEM / RvSIEM management server.
Allows you to collect events both locally and simultaneously from multiple remote sources without an agent-based method.

  • not limited by the number of copies to be installed (not licensed)
  •  works under Windows x64 / x86
  •  provides local and remote collection (without installation on remote sites) simultaneously from multiple sources with one agent
  •  bulk addition of collection sources with predefined parameters
  •  controlled via the web console RuSIEM / RvSIEM
  •  only works with RuSIEM / RvSIEM
  •  collection from MS SQL / Oracle / mysql databases (tables and views)
  •  collecting logs from the file system and network resources
  •  event collection with Checkpoint LEA
  •  event collection with Cisco SDEE
  •  gathering events from ftp resources
  •  event collection with WMI
  •  collecting information about installed Windows software
  •  collecting information about installed Windows patches
  •  collection of information about the processes launched and their hashes (only locally, where the agent is installed)
  •  event buffering in the local database (without the need to install any database)
  •  bandwidth shaping by day / hour of the week
  •  rotation of events in case of disk overflow and inability to send events to the management server
  •  sending events about their work and problems to the management server
  •  automatic update of the kernel and agent modules from the management server