Configurations

Configurations house a set of grouped configuration options in a reusable object that can be applied one or more profiles. The settings included have been groups to help give a clear understanding of the implications of all of those settings and to help with reusability. Every profile must have a configuration associated for each of the available types even if this is the default provided by Cyberhaven.

Default Configuration Settings

Default Cyberhaven configurations are under the control of Cyberhaven. Updates to the default configurations will be documented in release notes but will be applied automatically when environments are updated.

To prevent unexpected changes to default configurations it may be recommended to make copies of these configurations for use and then review release notes and updates to understand if new settings or defaults should be applied.

Configurations can be created to have a 1 to many relationship with profiles giving predictable behaviour over wider groups of devices when required. As an example it may be preferable to have a single performance configuration used in an environment to provide a predictable expectation of the impact of deploying the Cyberhaven agent.

In contrast the protection configuration applied to profiles may be different for every profile as policy requires more specific configurations and applicability can be very specific. The separation of configurations allows for the possibility of both a simple and complex matrix of conenctivity to support configuration requirements while still allowing for reusability and standardisation when possible.

The following configuration types are available.

Performance

The performance configuration includes all settings related to the performance and impact of an endpoint sensor. These settings include those related to CPU, Disk and memory utilisation and will help tune the endpoint sensor to help either increase performance of given functionality to allow the tuning of resources used by the endpoint to ensure the sensor runs inside allowed resource utilisation expectations. Sensor performance settings may have an ipact on the ability of the sensor to perform actions and may be used in conjunction with settings in the detection configuration to limit impact of sensor activity.

Detection

Detection settings provide control over the ability of the sensor to collect telemetry or act apon the events that are recorded. Some settings will include information as to the portential impact of enabling a feature as they may or may not have performance or utilisation implications.

Inspection

The configuration for Inspection allows control over the content inspection capability for a profile. This includes the ability to enable or disbale specific functionality as well as create configurations for inspection of content related to both Data in Motion via content inspection policies and Data at Rest by defining the file types and locations that are of interest.

Protection

The protection configuration allows for the selection of applicable policies to use with profiles. Selection of the list of active policies allows for specific policy applicability for groups of devices as well as a mechanism to evaluate changes to policy in specific groups to validate performance before rolling out to the entire environmnet.

Software

Software configuration allows control over the various software components associated with the endpoint sensors. Utilising a software configueration allows for gradual deployment of