Configuration Library
Sysdig Windows Agent
Generic Configuration
| Configuration | dragent.yaml | Description | Default |
| Access Key | customerid | See Sysdig Agent Access Keys to learn how to retrieve the agent keys. | |
| Agent Tags | tags | The list of tags to identify the host where the agent is installed. For example: role:webserver, location:europe, role:webserver. See
Quick Install Sysdig Windows Agent for more information. | |
| Proxy | http_proxy | Allows the agent to communicate with Sysdig collector through | |
| HTTP Proxy Host | http_proxy.proxy_host | The host IP of the proxy server. | |
| HTTP Proxy Port | http_proxy.proxy_port | See Enable HTTP Proxy for Agents for more information. | |
| HTTP Proxy User | http_proxy.proxy_user | See Enable HTTP Proxy for Agents for more information. | |
| HTTP Proxy Password | http_proxy.proxy_password | See Enable HTTP Proxy for Agents for more information. | |
| Enable HTTP Proxy | http_proxy.ssl | See Enable HTTP Proxy for Agents for more information. | |
| HTTP Proxy SSL verification | http_proxy.ssl_verify_certificate | See Enable HTTP Proxy for Agents for more information. | |
| HTTP Proxy CA certificate | http_proxy.ca_certificate | See Enable HTTP Proxy for Agents for more information. | |
| Collector endpoint | collector | Enter the host name or IP address of the Sysdig collector service. Note that when used within See On-Premises Installation for more information. | |
| Collector Port | collector_port | On-prem only. The port used by the Sysdig collector service. | 6443 |
| Event capture settings | windows | Controls various internal configuration knobs that influence the variety of captured events | |
| Enable thread events | windows.enable_thread | Controls if thread events are captured | true |
| Enable module events | windows.enable_image | Controls if image loading/unloading events are captured | true |
| Enable network events | windows.enable_network | Controls if network events are captured | true |
| Enable file events | windows.enable_file | Controls if file system events are captured | true |
| Enable registry events | windows.enable_registry | Controls if registry events are captured | true |
| Enable handle events | windows.enable_handle | Controls if object manager events are captured | false |
| Enable Audit API events | windows.enable_audit_api | Controls if Audit API events are captured | true |
| Enable AMSI events | windows.enable_amsi_scan_interface | Controls if Antimalware Scan Interface events are captured | true |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.