This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

Bindplane agent and config

Posted on 03-28-2025 07:22 AM
secopskay
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

What is the difference between an agent and a configuration?

Solved Solved
0 3 180
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ashnaiku
Staff
Reply posted on --/--/---- --:-- AM

The agent is associated with the system (for example, a Windows machine P) that generates the logs. However, the presence of an agent alone does not mean that logs will be sent to the Security Operations (SecOps). Specific configurations are required to define which logs should be transmitted and what filters or labels should be applied to them.

For instance, Configuration A might be set up to collect Windows Event Logs and Windows Sysmon Logs. Conversely, Configuration B could be designed to gather Windows PowerShell Logs and Windows Defender Logs.

Furthermore, labels can be applied within a configuration to provide additional context. Configuration A, for example, might include labels such as "STAGING" or "DEV." On the other hand Configuration B, on the other hand, could use the "PRODUCTION" label.

You can also add filters to each configuration.

------------------------------

It is important to note that a configuration is applied to all machines with the agent assigned to that configuration. Therefore, Configuration A could be applied to machines P, X, and Z, while Configuration B might be applied to all production machines, such as F, L, and Q.

View solution in original post

Jump to Solution
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
cmorris
Staff
Reply posted on --/--/---- --:-- AM

You install the agent on a host to provide collection and transmission to SecOps. Then you configure the agent (manually or with the Bindplane console) with your customer ID, credentials, logs, etc - https://cloud.google.com/chronicle/docs/ingestion/use-bindplane-agent#configure_the_agent.

Jump to Solution

Posted on --/--/---- --:-- AM
ashnaiku
Staff
Reply posted on --/--/---- --:-- AM

The agent is associated with the system (for example, a Windows machine P) that generates the logs. However, the presence of an agent alone does not mean that logs will be sent to the Security Operations (SecOps). Specific configurations are required to define which logs should be transmitted and what filters or labels should be applied to them.

For instance, Configuration A might be set up to collect Windows Event Logs and Windows Sysmon Logs. Conversely, Configuration B could be designed to gather Windows PowerShell Logs and Windows Defender Logs.

Furthermore, labels can be applied within a configuration to provide additional context. Configuration A, for example, might include labels such as "STAGING" or "DEV." On the other hand Configuration B, on the other hand, could use the "PRODUCTION" label.

You can also add filters to each configuration.

------------------------------

It is important to note that a configuration is applied to all machines with the agent assigned to that configuration. Therefore, Configuration A could be applied to machines P, X, and Z, while Configuration B might be applied to all production machines, such as F, L, and Q.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
matthewnichols
Staff
Reply posted on --/--/---- --:-- AM

Hi @secopskay, we just embedded our Bindplane and Data Pipeline Management webinar. Check it out here. Hopefully it helps with some of your other uses cases as you leverage these features. 

Jump to Solution
Top Solution Authors
View all