Welcome to Zentral
Zentral is an open-source hub for endpoint protection.
Extensions are available for many agents, to deploy and configure them, and to collect, normalize and process the events they generate.
Connectors exist for device management solutions, to track inventory changes, and if possible, dynamically change group assignments.
Events are stored in Elasticsearch. They can be forwarded to third party SIEMs.
Filters can be configured to display events, and trigger actions outside of Zentral.
Quick start
You can deploy it on your machine with Docker, or start a cloud instance from our custome Zentral all in one images on AWS or Google Cloud Platform.
Supported agents
- Jamf Protect
- Munki
- Osquery
- Santa
Inventory sources
- Jamf
- Puppet
- Workspace One
- Watchman
- Filewave
Event stores
- AWS Kinesis
- Azure log analytics
- DataDog
- Elasticsearch
- OpenSearch
- Panther
- Snowflake
- Splunk
- sumo logic
- Generic HTTP POST endpoint
Actions
- Inventory group change (for compatible inventory sources)
- Messaging (email, SMS, Slack, …)
- Tagging
- Tickets (Zendesk, Github, …)