Skip to main content
Red Canary help

Agent: Health and Performance

  • Updated .

Overview

The agent was built to be safe, performant and reliable, irrespective of workload size on the endpoint.

This article highlights specific investments we have made in health and performance to ensure you're getting the best threat detection capabilities possible, without compromising on endpoint performance and stability.

Performance metrics

We continuously collect performance metrics for the agent, including CPU and memory utilization.

We also collect detailed information about overall system performance utilization.

Example of raw data that is collected and sent to our engine:

  {
   "ResourceUtilization": {
     "timestamp": "2019-08-26T16:34:20.125630Z",
     "cpu_usage": 0.6107562168318557,
     "mem_private_bytes": 10412032,
     "mem_working_set_bytes": 21295104,
     "load_avg": ...
   }
 },
 {
   "SystemMemoryUsageProfile": {
     "timestamp": "2019-08-26T16:34:20.125640Z",
     "info": {
        "total": 0,
        "free": 0,
        "available": 0,
        "buffers": 0,
        "cached": 0,
        "kernel_total": 0,
        "kernel_reclaimable": 0,
        "kernel_unreclaimable": 0,
        ...
     }
   }
 },
...

 

What this means for you

  • We're able to proactively identify performance issues in your environment. We aren't reliant on you noticing an issue and filing a support case.
  • We're able to identify if performance issues are a result of existing system performance degradation issues


Robust error handling

We continuously collect any errors or warnings that occur during runtime.  

Example of raw data that is collected and sent to our engine:

 {
   "Warning": {
   "timestamp": "2019-08-26T16:34:45.685172Z",
   "failure": {
     "IoFailure": {
       "context": "DNS parser fail: dns_message parse: Incomplete(Size(556)), first four bytes of header: [\"00\", \"00\", \"84\"]"
     }
   },
   "context": "Error parsing PcapDns from PcapDnsSubscriber"
   }
 },

What this means for you

  • We're able to proactively identify bugs in the agent in your environment. We aren't reliant on you noticing an issue and filing a support case.
  • As a result, issues are quickly identified and addressed.

 

Transparent, Granular & Flexible Reporting

We don't hide behind artificial performance benchmarks. To best empower you and your team, we provide executive reporting of performance metrics and errors for your environment.

In the Portal, under Endpoints -> Sensor health, you can view aggregate health and performance details for all of your endpoints.

CPU and memory are graphed based on percentiles. If you're new to percentiles, P50 represents the median (50% of endpoints were better, 50% were worse) and P99 represents the highest utilization identifies (99% of endpoints were performing better)

Example:

mceclip0.png

 

Comments

0 comments

Please sign in to leave a comment.