This repository is the home for the uberAgent configuration. This repository contains UXM configuration settings (timers, metrics, etc.) as well as ESA Threat Detection rules and Security & Compliance Inventory tests.
- Select the Git branch that matches your installed uberAgent version.
- Clone this repository to your machine.
- Update the files in your uberAgent configuration
- Choose either the files from the
config
orconfig-dist
folders of this repository, depending on your uberAgent version (see uberAgent Versions & Git Branches). - The process can be automated. See Automating uberAgent Configuration Updates.
- Choose either the files from the
This repository is organized in such a way that uberAgent releases are represented by Git branches. Each Git branch contains rules that are compatible with the matching uberAgent release.
uberAgent version | Git branch |
---|---|
development (beta) |
develop |
7.2.x |
version/7.2 |
7.1.x |
version/7.1 |
7.0.x |
version/7.0 |
6.2.x |
version/6.2 |
Folder | Description |
---|---|
config |
Compiled configuration as individual source files. Use the contents of this folder for your deployment with any uberAgent version. |
config-dev |
Contains files that cannot be used without further processing, such as transpilation. Do not use the contents of this folder on your endpoints unless you know what you're doing. |
config-dist |
Compiled configuration as configuration archive (*.uAConfig ). Use the contents of this folder for your deployment with uberAgent 7.1+. |
While the configuration for uberAgent UXM remains relatively static, the configuration for uberAgent ESA changes daily due to regular updates to the included Sigma rules.
To make your life easier, we provide a PowerShell script that automates the configuration file pulling, filtering, and bundling. You can find more information in Tools/InvokeuberAgentConfigDownload.
Please see the uberAgent documentation portal for docs, help and support options.