Argus2026.01
Connector & Coverage Health
What Argus can see —
and what it can't.
Deployment-readiness snapshot: which data sources are connected and flowing, and how much of the estate has defensive instrumentation Argus can reason over.
Deployment readiness
Signal health
Connectors active
5 / 7
Events ingested (24h)
80.6k
Hosts assessed
226 / 248
No-coverage hosts
2
Pull connectors & receivers
Data source status
| Source | Type | Status | Last sync | Events (24h) | Mode |
|---|---|---|---|---|---|
| Wazuh | EDR & vulnerability | Connected | 2m ago | 12,400 | Agent |
| Microsoft 365 | Identity & mailbox | Connected | 6m ago | 3,100 | OAuth · read-only |
| AWS | Security Hub · GuardDuty | Connected | 4m ago | 880 | IAM role · read-only |
| GCP | Audit · IAM | Connected | 9m ago | 420 | SA key · read-only |
| Nginx / Apache | Web access logs | Connected | live | 63,800 | File tail |
| Syslog (UDP/TCP) | Generic receiver | Idle | — | 0 | Listening |
| CEF / LEEF | Firewall & appliance | Not configured | — | — | — |
Action for deployment. Point the firewall's CEF/LEEF syslog at the listening receiver (:15140) to light up the perimeter signal — the only configured-but-idle source. All pull connectors are healthy and read-only.
Instrumentation
Coverage distribution
226 of 248 hosts have been assessed for defensive instrumentation. 159 are well covered; 2 have no coverage at all — including one crown-jewel datastore.
22 hosts remain unassessed pending their first full scan in the new segment.
Priority gaps
Blind spots that matter most
| Host | Hostname | Coverage | Gap | AFS |
|---|---|---|---|---|
| 10.30.9.2 | db-finance-01 | None | No EDR, no log forwarding — crown jewel | 79.3 |
| 10.20.4.7 | stg-app-07 | None | No endpoint telemetry detected | 84.0 |
| 10.10.2.40 | file-srv-09 | Low | Syslog only; no EDR | 41.0 |