Is there any future development of the native RSA sasftpagent? This agent lacks alot of native functionality that a typically SIEM agent needs.
- Native windows log collection
- Bidirectional communication (pulling local agent logs for troubleshooting remotely, sending commands to agent like stopping,restarting agent, remotely updating configuration for agent to consume, upgrading agent remotely )
- Sending heartbeats to the SIEM for uptime natively and integrate into agent asset table
- Configuring silent agent alerts similar to event source monitoring alerts
- Agent asset table...similar to the asset table SA to show what version,agent,status,last heartbeat information
- Default local agent logging on installed system for troubleshooting
- ability to configure agent to send to multiple destinations for one log source
- ability to prefilter events that are sent to destination via regex
- Community Thread
- Forum Thread
- rsa agent
- RSA NetWitness
- RSA NetWitness Platform
- sftp agent
I was just wondering what your current version was? Also, if you can create a technical support case, we can then open a request for enhancement (RFE) for these requests.
I think part of the problem is that we have no visibility of what we currently have deployed with agents, as they do not beacon back in to the SIEM, and provide any intelligence regarding run state, version,etc...
Here are a couple of the sftp RFEs and associated dates submitted from us, I know there are more out there:
SATCE-1091 - 3-25-15
SATCE-1078 - 2-27-15
satce-706 - 1-16-15
satce-683 - 1-12-15