What is StegoSOC Agent?

StegoSOC agent is a piece of software that you install on your servers. It sends logs from files under /var/log/ folder to StegoSOC. StegoSOC scans and learns from your logs and keeps you informed about security issues.

Requirements:

stegosoc-agent can run on any type of Linux machine. It has no dependencies. The size of agent is approximately 25 MB on disk. When at MAX StegoSOC will use 15% of your CPU and 15% of Memory. For example if you're using a t2.medium instance with 4 GB RAM and 2 VPCU's. StegoSOC will only use 15% of 1 VPCU and 600 MB out of 4096 MB Memory.

Unique hostname

StegoSOC Agent uses the hostname / private IP to uniquely identify each server. This helps us identify if any of your instances gets compromised. StegoSOC Agent helps you take actions against those instances from StegoSOC Dashboard.  If you are combining multiple servers under a single hostname, ensure that each monitored server has a unique hostname / private IP. Or, use the optional display_name setting to override the default hostname.

 Servers using the name localhost will not be reported by the agent since that is a default name and inherently non-unique.

Outbound Connections:

StegoSOC Agent uses port 9093 and 80 for outbound connections. You need to make sure you have these port opened.