Advanced Data Collector

Background

Xylok's data collection typically uses human-readable scripts generated in a native scripting language of the target machine, such as BASH or PowerShell. This strategy runs commands just like a system administrator might and works very well for most DISA-produced STIGs. In addition, the scripts are produced from Xylok are machine-specific, tailored to the exact benchmarks selected for each device.

However, some devices need more control to collect all the needed data. For example, a firewall which offers its configuration via a REST API might need many related queries to collect all the required data. For these cases, Xylok offers the "advanced collector," a binary written in Go which allows for more advanced data collection. This binary is offered for a variety of target platforms. Because it is a compiled binary, we create a single binary for each Xylok release, rather than binaries customized to your machines. The exact benchmarks run by the collector are instead controlled via a configuration file which Xylok will help you generate.

Security Information

Because the collector is offered as a binary that will be introduced onto your network, Xylok offers the following reports below use in evaluating its security. All reports are automatically generated for every Xylok release.

• Static lint reports
• SBOM
  • CycloneDX JSON
  • CycloneDX XML
  • Go module file
  • Go module lock file

Downloads

The following binaries are included in this release. If you have a machine that does not work with these, contact [email protected].

• Windows x64
• Linux x64
• MacOS x64
• MacOS ARM64

Configuration

note

The advanced collector is still under heavy development. It's possible that the configuration format will change over time.

When the collector starts, it looks for a configuration file to control its operation. The following search is performed at the start:

• ./collect.toml (current working directory, not the directory where the collector itself is located)
• $XDG_CONFIG_HOME/xylok/collect.toml (typically this is ~/.config/xylok/collect.toml)
• /etc/xylok/collect.toml

The first configuration file found is used and the search stops.

Configuration is in TOML. A configuration file with all valid options is below, modify for your system:

[general]
# Enable more verbose logging during execution
verbose = true
# Machine PK from Xylok. All data collected via this configuration file will be added to the given machine
# PKs can be retrieved from the URL of the Machine Details page. IE, in this URL, the PK is the last part
# https://xylok.local/client/machine/f89c5f7a-a13d-45c4-96ba-80563ef6edd3/
targetPK = "f89c5f7a-a13d-45c4-96ba-80563ef6edd3
disable-detection = false

[collectors.cisco-fmc]
enable = true
target = "https://fmc.example.com"
username = "fmcapiuser"
password = "fmcapipassword"