uberAgent

When it comes to the analysis and security of application services, uberAgent is the perfect complement to Splunk. The uberAgent tool collects data at the endpoint and transfers it to Splunk.

User experience monitoring

uberAgent supplies information on all aspects of the user experience and application service at every Windows endpoint. Detailed inventory information shows which applications are used when, and how often, how reliable the application is, where problems exist with network connectivity, and much more.

The following screenshots show some of the most important features: 

uberAgent-Screenshot zur Anmeldedauer - Logon duration
Logon duration

-> Is the user profile slow to load?
-> Has the logon script become too big?
-> Is the group policy being processed efficiently?

uberAgent zeigt Überlastungen im Backend Service auf
Network latency time by application

When applications perform poorly, the main cause is often an overloaded backend server. Such problems are difficult to diagnose. uberAgent makes it easier by showing how much data has been transferred to which backend service and exactly how long this took.

uberAgent zeigt wieviele Anwendungen tatsächlich im Unternehmen genutzt werden
Application usage

-> How many licenses are required for application X?
-> How many applications exist in total in the company?
-> Which applications are suitable for virtualization?

Endpoint security analytics

A data record on system activity as extensive as the one uberAgent generates is also highly relevant in terms of security. This is precisely why uberAgent ESA was developed. It prepares data specifically for security purposes.

uberAgent ESAG works purely in the area of applications and hardware, and monitors the technical parameters that occur during operation of the Windows client.

By hooking up to the client monitoring via Splunk, uberAgent ESA enables targeted monitoring of the data collected.

Process tree dashboard

The uberAgent ESA process tree dashboard enables simple navigation through complex hierarchies consisting of millions of parent-child process relationships and offers analysts a high-performance tool that allows them to make sense of process activities via interactive visualization.

uberAgent Endpoint Security Analytics Dashboard Process Tree

Tagging of event groups

A high-performance, flexible rule definition language enables companies to identify risky processes. Matching processes are given a tag and a risk assessment, both of which can be selected freely Process labeling rules can be organized in reusable blocks. All recognition elements support regular expressions and some even support a combination of regular expressions and environment variables.

uberAgent ESA contains predefined rules for many frequently occurring threats, including the identification of subordinate Microsoft Office processes. It is possible to label processes that are started by standard users of directories, in particular processes with low integrity that can be written to. Extended directory authorizations and SDDL analyses are also immediately available.

uberAgent tag Screenshot

Your contact

Florian Baitz

Florian Baitz

Sales Manager IT Security

phone: +49 431 3993-567

mobile: +49 173 2836768

e-mail: baitz@consist.de