The RuSIEM Agent serves as the event provider for RuSIEM / RvSIEM for sources other than syslog.
Managed via the Web console of the RuSIEM / RvSIEM management server.
Allows you to collect events both locally and simultaneously from multiple remote sources without an agent-based method.
- not limited by the number of copies to be installed (not licensed)
- works under Windows x64 / x86
- provides local and remote collection (without installation on remote sites) simultaneously from multiple sources with one agent
- bulk addition of collection sources with predefined parameters
- controlled via the web console RuSIEM / RvSIEM
- only works with RuSIEM / RvSIEM
- collection from MS SQL / Oracle / mysql databases (tables and views)
- collecting logs from the file system and network resources
- event collection with Checkpoint LEA
- event collection with Cisco SDEE
- gathering events from ftp resources
- event collection with WMI
- collecting information about installed Windows software
- collecting information about installed Windows patches
- collection of information about the processes launched and their hashes (only locally, where the agent is installed)
- event buffering in the local database (without the need to install any database)
- bandwidth shaping by day / hour of the week
- rotation of events in case of disk overflow and inability to send events to the management server
- sending events about their work and problems to the management server
- automatic update of the kernel and agent modules from the management server