How it works
To monitor endpoints without an agent, ThreatLockDown requires an SSH connection between the ThreatLockDown server and the endpoint to be monitored. The ThreatLockDown agentless monitoring module can perform the following actions:
Monitor files, directories, or configuration of an endpoint
Run commands on an endpoint
Monitor files, directories, or configuration of an endpoint
You can configure the ThreatLockDown agentless monitoring module to monitor files, directories, and Cisco PIX firewall and router configurations. If there is a change to the monitored files and directories or the configuration of the firewall or router, this triggers an alert.
Run commands on an endpoint
You can specify commands to be run on the monitored endpoint, and the agentless monitoring module detects the output of these commands. When the output of executed commands changes, it detects them and triggers an alert.