Windows Agent Integration
Source - Often referred to as the source of truth, the data to be hardened. The data in question could be emails, file (attributes), ownership records, secrets, inode information and in general anything that requires a chain of custody.
Input/Mapper - Often used to read from a given source and generate data in an events form, as opposed to a monolithic blob on disk.
Filter - Filters are UDFs that are used to sift through vast amounts of input and only take information that a user particularly wishes to pay attention to, and possibly embellish or augment with useful identification information. Enhancement of events with ChainKit information may also be used as an embellishment.
Aggregate/Reducer - Aggregates are often used to cluster input events, to compress such an information required either based on a particular aggregate criterion, such as time or by attribute, or a combination thereof. This is quite handy when constructing simple Counter based Events, Time Compressed Blockchains or any other suitable mechanism.
Output/Sink - The place where the hardened data goes to. Either Splunk, Sentinel, ES or QRadar - and other places where this information is committed, to be verified later.