Windows Agent Overview
The Lacework Windows agent provides threat detection, file and Windows registry integrity monitoring, and host-based intrusion detection for your cloud or on-premises Windows Server OS-based workloads.
After you install the agent on a Windows host, the agent and the Lacework server (API endpoint) communicate with each other. The agent scans your host and streams select metadata to the Lacework server to build a baseline of normal behavior. From this, Lacework provides alerts for anomalous behavior.