uberAgent 6: Security, macOS, Experience Score, Networking
uberAgent 6 is the biggest and most important uberAgent release since version 1. Highlights include a new security product (uberAgent ESA), a new agent platform (macOS), a new network monitoring driver, a new experience score dashboard, agent architecture improvements including an even smaller agent footprint, web app monitoring with configurable URL detail, and support for the new Edge browser.
uberAgent ESA
uberAgent ESA is a new endpoint security analytics product. It is hosted in the same endpoint agent as the existing uberAgent UXM product (user experience monitoring). One agent, two products, minimal footprint!
One agent, two products, minimal footprint!
uberAgent ESA makes use of the fact that uberAgent UXM collects a wealth of important data about the configuration and activity of/on monitored endpoints. ESA complements UXM with additional metrics and capabilities focused on a security use case.
Threat Detection Engine
uberAgent ESA comes with a powerful Threat Detection Engine that helps businesses identify risky behavior, unusual communications, suspicious executables, and common vulnerabilities. The product ships with an extensive predefined ruleset covering some of the most significant endpoint security use cases.
With ESA, uberAgent’s monitoring capabilities are extended to include PE (executable) file hashing, registry change monitoring, and changes to Windows system services.
macOS Agent
Most organizations have a certain percentage of Macs. This number could be as low as 5% or as high as 20%, but it is always there. As soon as you have fantastic Windows monitoring, you want it for your Macs, too. A single product that spans all relevant platforms in end-user computing, collecting the same high-quality metrics for macOS as it does for Windows, providing visibility through a common set of dashboards.
How do you port a system-level agent to a new OS? You don’t. You start from scratch.
uberAgent 6 comes with the first production release of the macOS agent. Currently, there is still a feature gap between the macOS and Windows agents, but it will get smaller with every new version (details).
Experience Score Dashboard
A single view that shows the current and past status of all devices, applications, and users monitored by uberAgent.
The experience score dashboard is the new entry point of the uberAgent Splunk app. It calculates and visualizes experience scores for the entire estate, breaking the data down by category and component, highlighting components potential issues are originating from.
The dashboard also provides quick access to important KPIs like logon duration, application responsiveness, or application errors. Please see the announcement blog post for details.
Network Monitoring Driver
In the past, uberAgent’s network monitoring relied on ETW, a data source built into the Windows OS. That limited uberAgent’s capabilities to what is available through ETW.
A new network monitoring driver does away with these restrictions. uberAgent now calculates TCP latencies accurately and collects additional information like jitter and packet loss. Stay tuned for further innovations in upcoming versions.
Web Apps: Configurable URL Detail
The level of detail of uberAgent‘s browser monitoring is now configurable, making it possible to trace individual web apps in great detail while recording only basic information about others.
It is now possible to specify, by website, which URL components are to be stored. Some line-of-business applications might require close inspection of the user journey, for example.
New Edge Browser
uberAgent now supports web app monitoring in the new Chromium-based Microsoft Edge.
This extends uberAgent’s browser coverage to four: Chrome, Edge, Firefox, and Internet Explorer.
Agent Improvements
Footprint: Even Smaller Than Before
The agent now does (much) more with (a lot) less – uberAgent’s famously small footprint has become minuscule. You’ll be hard-pressed to find an endpoint monitoring tool that can match uberAgent’s minimal CPU and memory usage.
Efficiency is not just nice to have but essential. As a monitoring and analytics product, uberAgent’s job is to observe without interfering in any way. Typical enterprise desktops have too many agents already, many of which consume valuable system resources, slowing down the machine and causing issues for your users. This is where uberAgent can work wonders: not only does it not add any load to the endpoint, it actively points out which applications slow down the user most.
Architecture: Type-Safe Sourcetypes
A switch from a weakly-typed to a strongly-typed model for the data generated by uberAgent. This guarantees data type correctness for any backend platform.
The schema of (Splunk) sourcetypes and (Kafka) topics is now defined in only one place in the code. Wherever events are sent to a backend, they must adhere to the strictly defined schema. It is not possible to generate event schemas “on the fly” any more.
Miscellaneous
uberAgent 6 comes with dozens of additional improvements and fixes, e.g.:
- Compliance with the Splunk CIM
- Configuration flexibility improvements
- Reliability improvements
- Splunk HEC performance improvements
- Splunk lookup performance improvements by switching from CSV files to the KV store
- Splunk scheduled search performance improvements by switching from SPL to accelerated searches
About uberAgent
The uberAgent product family offers innovative digital employee experience monitoring and endpoint security analytics for Windows and macOS.
uberAgent UXM highlights include detailed information about boot and logon duration, application unresponsiveness detection, network reliability drill-downs, process startup duration, application usage metering, browser performance, web app metrics, and Citrix insights. All these varied aspects of system performance and reliability are smartly brought together in the Experience Score dashboard.
uberAgent ESA excels with a sophisticated Threat Detection Engine, endpoint security & compliance rating, the uAQL query language, detection of risky activity, DNS query monitoring, hash calculation, registry monitoring, and Authenticode signature verification. uberAgent ESA comes with Sysmon and Sigma rule converters, a graphical rule editor, and uses a simple yet powerful query language instead of XML.
About vast limits
vast limits GmbH is the company behind uberAgent, the innovative digital employee experience monitoring and endpoint security analytics product. vast limits’ customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.