The Drata agent is a lightweight, read-only application that lives in your computer's toolbar. It's built with ElectronJS following their best practices for architecture and security. The application uses OSQuery (open source project by Facebook) to read your system information to help ensure proper security configurations are set - such as hard drive encryption, screensaver locking, antivirus software, password manager, and automatic updates are enabled. These security configurations are recommended for SOC 2.
Note, to locate antivirus and password manager details, the agent does pull a list of apps and Chrome, Firefox, and Internet Explorer browser extensions from the employee's device. The agent also recognizes the operating system and serial number of the machine for asset management purposes.
The application runs every day on your employees' computers. The agent does not modify any files or folders on your employees' machines.
The Drata agent is now opened sourced starting from June 16, 2023. You can conduct your own security assessments on the agent and the code if needed. Refer to the Drata agent's repository for more information.