Configuration Library
Sysdig Windows Agent
Generic Configuration
Configuration | dragent.yaml | Description | Default |
Access Key | customerid | See Sysdig Agent Access Keys to learn how to retrieve the agent keys. | |
Agent Tags | tags | The list of tags to identify the host where the agent is installed. For example: role:webserver , location:europe , role:webserver . See
Quick Install Sysdig Windows Agent for more information. | |
Proxy | http_proxy | Allows the agent to communicate with Sysdig collector through | |
HTTP Proxy Host | http_proxy.proxy_host | The host IP of the proxy server. | |
HTTP Proxy Port | http_proxy.proxy_port | See Enable HTTP Proxy for Agents for more information. | |
HTTP Proxy User | http_proxy.proxy_user | See Enable HTTP Proxy for Agents for more information. | |
HTTP Proxy Password | http_proxy.proxy_password | See Enable HTTP Proxy for Agents for more information. | |
Enable HTTP Proxy | http_proxy.ssl | See Enable HTTP Proxy for Agents for more information. | |
HTTP Proxy SSL verification | http_proxy.ssl_verify_certificate | See Enable HTTP Proxy for Agents for more information. | |
HTTP Proxy CA certificate | http_proxy.ca_certificate | See Enable HTTP Proxy for Agents for more information. | |
Collector endpoint | collector | Enter the host name or IP address of the Sysdig collector service. Note that when used within See On-Premises Installation for more information. | |
Collector Port | collector_port | On-prem only. The port used by the Sysdig collector service. | 6443 |
Event capture settings | windows | Controls various internal configuration knobs that influence the variety of captured events | |
Enable thread events | windows.enable_thread | Controls if thread events are captured | true |
Enable module events | windows.enable_image | Controls if image loading/unloading events are captured | true |
Enable network events | windows.enable_network | Controls if network events are captured | true |
Enable file events | windows.enable_file | Controls if file system events are captured | true |
Enable registry events | windows.enable_registry | Controls if registry events are captured | true |
Enable handle events | windows.enable_handle | Controls if object manager events are captured | false |
Enable Audit API events | windows.enable_audit_api | Controls if Audit API events are captured | true |
Enable AMSI events | windows.enable_amsi_scan_interface | Controls if Antimalware Scan Interface events are captured | true |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.