What information do the sidecars send to the Cyral control plane?
Cyral sidecars send only non-sensitive information to the Cyral control plane as required for administration and governance. The sidecar never sends the contents of your repositories to the control plane. Below, we list the types of data the sidecar shares with the control plane.
- Data repository connection metrics. The sidecar's connection
interceptor sends information about attempts—both successful and
unsuccessful—to connect to each repository:
- Number of active client connections
- Number of closed client connections
- Number of data repository reachability errors
- Data repository usage metrics. This is the core of the security
monitoring and enforcement information the sidecar collects for use
by your security team. This information includes:
- Number of authentication failures
- Number of repository catalog requests
- Number of slow requests
- Number of connections using a cleartext password
- Number of policy violations
- Number of port scans
- Number of requests with errors
- Average request execution time
- Average result set size
- Average request analysis time
- Average policy evaluation time
- Average redaction time
- Average request parse time
- Connecting client information. The sidecar sends information
describing who connects to—and who attempts to connect to—your data
- Connecting client's host and port
- Client application name
- End user email address
- End user SSO group
- Number SSL/TLS connections
- Number of requests
- Sidecar operating metrics. The sidecar sends information about its
health and activity to the control plane, including:
- The instance id of the sidecar, its name, version, uptime, and endpoint address.
- Cloud deployment details for each sidecar node, namely the cloud provider, region, and availability zone it's running in.
- Sidecar health details, including memory usage, garbage collector statistics, and counts of active processes and threads of the sidecar.