...
Breeze runs as a scheduled task on Windows and Linux hosts every 15 minutes. Breeze agent retrieves list of plugins to execute from the breeze Breeze server and then executes these plugins every time it runs. Each plugin includes additional logic.
...
Extensive logging is enabled by default on the breeze Breeze server. All agent communications are logged and stored for 18 months. Agent supports 3 levels of logging verbosity which can be configured in agent.conf.
...
Cloudaware maintains separate version for each Breeze Plugin, Breeze Agent Installer and Breeze Server. We cryptographically sign each new version of breeze Breeze plugin and the agent. Cloudaware maintains separate teams with isolated privileges and responsibilities in order to ensure secure operation and distribution of Breeze software.
...
Three development teams work on various components of the breeze Breeze architecture and are able to commit new code towards a release. Security review engineers do not have the ability to commit new code but do inspect each release for potential backdoors and other security vulnerabilities. They perform both manual code review as well as algorithmic scan using Checkmarx tool. CA Trust Team upon recommendation for from the security engineers will cryptographically sign each plugin, installer and version of the Breeze Server. Technical account managers configure which plugins are available to which customer based on specific customer requirements.
...
Agent can run on the operating system either as root or under specific identity selected by the user. However if customer wishes to use Breeze Agent to deploy security plugins, the agent must run under root or Administrator privileges. For discovery purposes alone, breeze Breeze agent does not need to operate under root.
...