Secagentd is a daemon responsible for detecting and reporting security related events through ERP (Encrypted Reporting Pipeline) for forensic analysis.
It only works on Linux Kernel >= 5.10, in which the Berkeley Packet Filter syscalls are available.
Secagentd logs are located in /var/log/secagentd.log.