The Panopta Agent performs all of its monitoring and reporting without opening any inbound ports from the outside. When the Agent needs to report monitoring data to Panopta, a HTTPS call is initiated from the Agent to one of Panopta’s secure servers, the data is exchanged, and then the connection is closed. Furthermore, all traffic exchanged between the Agent and Panopta is encrypted with SSL/TLS to keep your monitoring data safe
Linux Agent: Supports TLS 1.1, 1.2 if OpenSSL version is 1.0.1 or higher.
Windows Agent: Supports TLS 1.1, 1.2 on DotNet versions 4.0 or higher.
The agent communicates with secure Panopta endpoints which are listed below. If you are whitelisting access, please allow the below addresses to ensure proper agent function.
aggregator2-secondary.panopta.com (regional failover)
The Panopta Agent only collects data and metrics which are specific to the health and performance of the systems. No customer information, PII data or log files are gathered and sent to the cloud. The Panopta agents uses a plugin based model for metric collection and each plugin uses the appropriate system command, utility or API to pull only the data required to evaluate the necessary thresholds for alerting and event management. On Windows, the plugins leverage the standard Perfmon counters which the OS maintains to measure the various resource levels and health metrics.
On Linux, the agent itself consists of a set of Python scripts. Feel free to take a look at the code in /usr/lib/panopta-agent after installing and let us know if you have any questions or concerns.
The agent is run on the server as a non administrative user. On Linux, the installation creates a user account with limited privileges and does not have any shell access. All actions which require higher permissions need to be explicitly elevated by an admin. On Windows, the agent runs the service as the "LOCAL SYSTEM" user and is primarily leveraging PerfMon counters to facilitate the monitoring.