Zentral - what's new? - MacDevOps:YVR 2017
1 like152 views
This document discusses Zentral, an open source tool for collecting and analyzing event data from devices. It can integrate with tools like Munki, OSQuery, and Santa to collect both internal device events and external events from systems like syslog. The collected event data can be filtered and sent to notification services or used to trigger actions. Support options for Zentral include community support on GitHub or paid support contracts.
Zentral - what's new? - MacDevOps:YVR 2017
- 2. Zentral - what's new? open hub for monitoring Henry Stamerjohann Apfelwerk GmbH & Co. KG, Germany @henry @head_min
- 6. event processing + filtering
- 7. • collect structured information • ready to analyze • act on • time-sensitive decisions Event data
- 8. Observe Orient Decide Act https://en.wikipedia.org/wiki/OODA_loop
- 12. zentral
- 20. Syslog Event store / backends Elastic Search KinesisStore
- 21. Jira Slack SMS Zendesk Email Trello Actions Notification / actions Jss API
- 22. Probes = events + filters
- 23. Events (filter only) Probe types
- 28. Event types
- 29. Probe feeds
- 30. Feeds (samples to start with) Probe types
- 31. Probe feeds
- 32. Probe feeds
- 33. Probe + config
- 34. Probe types Config + Events filter
- 40. Monolith = munki config
- 51. Client events
- 52. Inbound events
- 54. aggregate system events + build audit trails
- 55. SRSLY ?
- 56. Google Santa
- 65. SAML, and, and…
- 66. SSO / SAML
- 67. SimpleMDM
- 68. Ad hoc signed .pkg
- 69. Ad hoc signed .pkg
- 74. • community support via GitHub (free) • support contract, paid tier (on request) • SaaS (cloud based service) • Professional services, custom development • Integration support (on premise) Support
- 75. Deployment simple Zentral all-in-one (to get started) • Amazon AWS (prod. / eval.) • GoogleCloudServices (prod. / eval.) • Vagrant box (evaluation) • VMware .ova (evaluation) • docker-compose (dev. / eval.)
- 77. thank you ! twitter: @head_min slack: henry