DescriptionHow does ZoneFox collect data
Key Concepts
SolutionZoneFox agents are installed on “endpoints” (Windows desktops or servers, Linux desktops or servers, Mac desktops, and Microsoft SQL Server). These agents collect endpoint activity data, and push this data to the ZoneFox Collector Server at the back-end, where it is stored and analysed by the ZoneFox system.
The activity data sent by the agent is in the form of 'events'. These are system level activities, such as machine on/off, user logon/off, process start/stop, file read/write/delete/rename/move, etc. and are collected and sent as they happen in real-time on the endpoint. Any endpoint which is off network (i.e. cannot connect to the ZoneFox back-end), shall cache activity data locally and then upload this to the collector server as soon as connectivity is re-established.
