Arctic Wolf Agent
Updated Oct 4, 2023Arctic Wolf Agent
Arctic Wolf® Agent is an endpoint security management tool that functions as a component of the following solutions:
-
Managed Detection and Response (MDR) — Agent forwards security-relevant event and audit logs from endpoint devices in your network to Arctic Wolf to support continuous threat monitoring.
-
Managed Risk — Agent creates an inventory of endpoint devices in your network and performs routine host vulnerability scans and security control benchmark scans to identify security risks. For more information, see Arctic Wolf Agent Scans.
Arctic Wolf Agent scans
Agent uses Arctic Wolf Risk Scan Engine (formerly Joval) to run these types of scans:
- Benchmark scans — These scans report when software or configuration best practices are not followed.
- Vulnerability scans — These scans report exploitable vulnerabilities.
Note: If you encounter any issues with benchmark or vulnerability scans, contact your Concierge Security Team®.
Agent scan details
| Scan type | Scan operation | Scan run time | Scan performance |
|---|---|---|---|
| Benchmark | Agent runs scans using Center for Internet Security (CIS) Benchmarks. | Benchmark scans take a few minutes to complete. | While active, benchmark scans typically use about 30% of a 2.5 GHz single-core CPU, and 1 GB of memory. Note: During highly intensive activities, you may see up to 100% of CPU utilization. |
| Vulnerability | Agent runs scans using Open Vulnerability and Assessment Language (OVAL) vulnerability definitions. | Vulnerability scans take approximately 10 minutes to complete. | While active, vulnerability scans typically use about 30% of a 2.5 GHz single-core CPU, and 1 GB of memory. Note: During highly intensive activities, you may see up to 100% of CPU utilization. |