Is there any future development of the native RSA sasftpagent? This agent lacks alot of native functionality that a typically SIEM agent needs.
Native windows log collection
Bidirectional communication (pulling local agent logs for troubleshooting remotely, sending commands to agent like stopping,restarting agent, remotely updating configuration for agent to consume, upgrading agent remotely )
Sending heartbeats to the SIEM for uptime natively and integrate into agent asset table
Configuring silent agent alerts similar to event source monitoring alerts
Agent asset table...similar to the asset table SA to show what version,agent,status,last heartbeat information
Default local agent logging on installed system for troubleshooting
ability to configure agent to send to multiple destinations for one log source
ability to prefilter events that are sent to destination via regex
I think part of the problem is that we have no visibility of what we currently have deployed with agents, as they do not beacon back in to the SIEM, and provide any intelligence regarding run state, version,etc...
Here are a couple of the sftp RFEs and associated dates submitted from us, I know there are more out there: