We only see network metadata, which means that we do not see any confidential information like passwords. The information that we see are IPs and hostnames. All other information is discarded. To run Continuous Compromise Assessment, we do not need to know the content of the communication between your company and the infrastructure of the adversary, we only need to know that there is communication that should not be happening in the first place.
For the Lumu Agent, we also collect information regarding the devices and its users to help us to provide more details on who is being affected by compromises and to troubleshoot issues. Such information includes, but is not limited to username, device name, Windows installation ID, operating system version, proxy and firewall configuration, antivirus in use, memory and disk sizes, processor type, computer manufacturer and model, network interfaces, and agent usage statistics.