Oso integrates with your EDR (Endpoint Detection and Response) platform to discover what AI agent software is installed across your fleet. This lets you find unsanctioned agents before they’re used, without waiting for network traffic to appear.Documentation Index
Fetch the complete documentation index at: https://www.osohq.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
How it works
- Connect your EDR: provide a read-only API key to your EDR platform. Oso uses this to pull data from your endpoints.
- Scanning: Oso queries your EDR for managed devices and looks for known agent software from the agent catalog, including desktop apps, CLI tools, and background processes. The first scan starts shortly after the integration is connected, and Oso re-scans every 12 hours. Scans can also be triggered on demand from the Oso settings page.
- Inventory updates: discovered agents appear in the inventory after each scan.
What it detects
Oso scans for agent binaries, NPM packages, and OS-packaged software across known installation paths:Desktop apps
Claude Desktop, Cursor, Antigravity, OpenClaw, Microsoft Copilot, GitHub Copilot, Kiro, WindsurfCLI tools
Claude Code, Codex, Gemini CLISupported platforms
EDR
MDM
- JAMF
Support for additional EDR and MDM platforms is planned. If you use a platform not listed here, reach out to us to discuss your needs.
What appears in the inventory
Agents discovered via EDR appear in the same agent inventory as browser and proxy-discovered agents:| Column | Description |
|---|---|
| Agent | The agent name and environment type (Terminal, Desktop) |
| Devices | Which devices the agent was found on |
| Users | Users associated with those devices |
| Last Seen | When the agent was last detected on the endpoint |