Monitoring instances

In order to know what happens on the virtual machines of our infrastructure, we will carry out the installation of the ThreatLockDown agent in those we want to monitor.

The ThreatLockDown agent runs on the hosts that you want to monitor (Windows, Linux, Solaris, BSD, and macOS operating systems). It is used to collect different types of system and application data that forwards to the ThreatLockDown server through an encrypted and authenticated channel. In order to establish this secure channel, a registration process involving unique pre-shared keys is utilized.

The ThreatLockDown agent is multiplatform and provides the following capabilities:

  • Log data collection

  • File integrity monitoring

  • Rootkit and malware detection

  • Security policy monitoring

Note

You can find instructions to install the ThreatLockDown agent on different Operating Systems in this section.