To my mind agentM already summarized pretty well :
- Data gathering
- Data processing
- Result feeding
I would just add some features which could make this agent really versatile :
- A kind of scheduler to manage execution of the agents (make hem sleep, wait for another info...)
- Add a 'state' to the agent (beccause your log reader agent shouldn't read logs the same way when everything is normal as when there's an ongoing intrusion...) for managing behaviour AND/OR priority.
- The code of the Agent should be easily AND securely upgradable (to dynamically/remotely add new features)
|