Skip to main content

From agent upload to console row

Agent registration and upload

  • On start, EventUploader may register the agent with POST /agents/register so the cloud knows agentId, hostname, and status.
  • A timer runs on UploadIntervalSeconds; each tick tries to send unsent events from EventStorage (JSON files not in sent/failed folders).
  • Force upload in the WPF UI calls the same upload path immediately.
  • HTTPS uses HttpClient; API token / headers depend on AgentConfiguration (see agent README).

Event identity

  • The cloud typically assigns a unique eventId (UUID) when ingesting.
  • The dashboard may display a shorter uniqueId (numeric) for human-friendly reference on some screens.

Forensic payload

  • Rich structures (process tree, network, file metadata) may be stored in S3 with a key on the DynamoDB item; GET /events/{id}/details merges table + S3 for the modal.

Console refresh

  • Overview and Events use React Query with polling (e.g. events ~5s, agents ~30s), so the SOC view updates without manual refresh.

Time zones

  • API stores UTC timestamps; the dashboard formats times in IST for analysts in India (formatInIST, etc.).
  • The agent WPF UI uses IndianStandardTime helpers so local Status / Events / footer stay consistent with IST.