uberAgent 3.6: Experimental Support for Elasticsearch
In uberAgent 3.6 we have added experimental support for sending data directly to Elasticsearch. In addition to that, uberAgent now generates unique GUIDs for each process and user session. These can optionally be logged at process start along with the full path and command line. Being able to identify process instances by GUID is relevant particularly for security use cases because Windows reuses process and session IDs. This new release also contains several other improvements and bugfixes. As always, upgrading is highly recommended.
Elasticsearch is a search server based on Lucene. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents. Elasticsearch is developed in Java and is released as open-source under the terms of the Apache License. Elasticsearch is the most popular enterprise search engine followed by Apache Solr, also based on Lucene.
uberAgent can now send data to Elasticsearch. To make that happen we added HTTP(S) data transport capabilities along with the necessary JSON formatting to enable Elasticsearch to correctly parse uberAgent data. At this point, that is it. Most notably, there are no dashboards. If you want to work with uberAgent for Elasticsearch, you need to create your own. Hint: most people use Kibana, but you probably know that already.
Elasticsearch has made great progress in the past few years. It certainly is not as polished and perfectly integrated as Splunk, but it seems to be capable of handling uberAgent’s data quite well. With this experimental feature, we want to gauge interest. Is this something people want? Please let us know. Play with it, build upon it, use it!
Here is a guide to help you get started installing and configuring Elasticsearch & Kibana.
uberAgent is an innovative Windows and macOS user experience monitoring (UXM) and endpoint security analytics (ESA) product. UXM highlights include detailed information about boot and logon duration, application unresponsiveness detection, network reliability drill-downs, process startup duration, application usage metering, browser performance, web app metrics, and Citrix insights. ESA comes with a sophisticated activity monitoring engine, the uAQL query language, detection of risky activity, DNS query monitoring, hash calculation, registry monitoring, and Authenticode signature verification.
About vast limits
vast limits GmbH is the company behind uberAgent, the innovative user experience monitoring and endpoint security analytics product. vast limits’ customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.