Configuration Library

The Sysdig configuration library lists all the major configurations supported by the Sysdig Windows Agent. This document is evolving and will be updated as new configurations are added to the product.

Sysdig Windows Agent

Generic Configuration

Configurationdragent.yamlDescriptionDefault
Access Keycustomerid

See Sysdig Agent Access Keys to learn how to retrieve the agent keys.

Agent TagstagsThe list of tags to identify the host where the agent is installed. For example: role:webserver, location:europe, role:webserver. See Quick Install Sysdig Windows Agent for more information.
Proxyhttp_proxy

Allows the agent to communicate with Sysdig collector through http_proxy. See Enable HTTP Proxy for Agents for more information.

HTTP Proxy Hosthttp_proxy.proxy_host

The host IP of the proxy server.

HTTP Proxy Porthttp_proxy.proxy_port

See Enable HTTP Proxy for Agents for more information.

HTTP Proxy Userhttp_proxy.proxy_user

See Enable HTTP Proxy for Agents for more information.

HTTP Proxy Passwordhttp_proxy.proxy_password

See Enable HTTP Proxy for Agents for more information.

Enable HTTP Proxyhttp_proxy.ssl

See Enable HTTP Proxy for Agents for more information.

HTTP Proxy SSL verificationhttp_proxy.ssl_verify_certificate

See Enable HTTP Proxy for Agents for more information.

HTTP Proxy CA certificatehttp_proxy.ca_certificate

See Enable HTTP Proxy for Agents for more information.

Collector endpointcollector

Enter the host name or IP address of the Sysdig collector service. Note that when used within dragent.yaml, must be lowercase collector.

See On-Premises Installation for more information.

Collector Portcollector_portOn-prem only. The port used by the Sysdig collector service.6443
Event capture settingswindowsControls various internal configuration knobs that influence the variety of captured events
Enable thread eventswindows.enable_threadControls if thread events are capturedtrue
Enable module eventswindows.enable_imageControls if image loading/unloading events are capturedtrue
Enable network eventswindows.enable_networkControls if network events are capturedtrue
Enable file eventswindows.enable_fileControls if file system events are capturedtrue
Enable registry eventswindows.enable_registryControls if registry events are capturedtrue
Enable handle eventswindows.enable_handleControls if object manager events are capturedfalse
Enable Audit API eventswindows.enable_audit_apiControls if Audit API events are capturedtrue
Enable AMSI eventswindows.enable_amsi_scan_interfaceControls if Antimalware Scan Interface events are capturedtrue