Inventory
• 7 min to read •
Inventory includes a complete description of the system endpoints from different hardware and software aspects. It is stored on the server, and updated once a day, in response to a device request to the server. So even if a particular device is sent to quarantine, access to its inventory remains, and due to this, malicious software can be detected and deleted.
Checking inventory history for a specified period, it is possible to track changes on specific devices and in the system. Based on the inventory data, you can generate various reports compliant with different regulations to present them to senior management and external auditors.
You can also use inventory to group devices based on different parameters, save these device sets and automatically launch any checks and processes, for example, automatic installation or removal of programs, for a specific set of devices.
Typical scenarios for using inventory are:
- checking how old the hardware is and planning its replacement based on the received data
- examining current OS and third-party software versions for creation of a patching baseline
- BitLocker status check
- examination of the reboot regularity on different devices
- antivirus status check
- detection of prohibited software installed on the system endpoints
- Windows 11 readiness check
Important Information Inventory scans are performed every day automatically but can be run manually at any time. On Windows, the hardware and software information is collected via WMI and anything installed from the Microsoft Store. On Linux, the inventory is collected using the Secure Shell (SSH) protocol. Inventory can be useful to enable dynamic software deployment such as devices that have an old piece of software installed. |
Prerequisites An online device |
Discovery: View Inventor Toolbar Discovery: View Inventor Toolbar
Is the device connected to the instance. | |
Used in conjunction with custom inventory attributes. These are very useful to record static data for a device e.g., when it was purchased. It is possible to edit existing tables to create new functionality. This is done by creating custom fields:
Remember to click 'Save' when finished. |
|
Used to import mass amounts of custom inventory attributes. Only CSV files are supported, and the device import must contain the Device Name in the first column to allow the record to match. |
|
Used to export inventory data from the device to a .txt file. |
Discovery: View Inventory AttributesDiscovery: View Inventory Attributestt
The information contained in the tables making up the inventory of the device joined to the Syxsense console is populated through an inventory scan. Inventory Scans are by default set to run once per day. This value can be changed by visiting Settings Inventory Frequency, and then modifying the value found there. In addition to the daily (unless configured to a different schedule) scan, the inventory of a device will be updated whenever the device communicates with the Syxsense console when running a task sequence.
It is possible to edit existing tables to create new functionality. This is done by creating custom fields. From the table of interest, select the Edit button. Custom field name and value can also be edited with double click. Select the 'Add Custom Field' to add a new field to the existing table, or double click an existing field to change its content. Once the content has been added or changed, save the changes. The field will now have an asterisk next to it, denoting that it was manually changed.
Computer Table |
The computer attribute table provides basic information concerning the currently selected endpoint. Below are a few of the key attributes associated with this table:
|
Syxsense Table |
Provides information about the status and activity of the Syxsense agent installed on the endpoint. Below are a few of the most important attributes in this table:
When cloning an endpoint from a Gold Image with the Syxsense agent pre-installed, the Device ID can be recreated by Setting the Gold Image Device ID as a Duplicate Device ID. This is done by going to Settings > Device ID Config > Add New.
|
Health Table |
The Health Table is a top-level table. Within the Health Table are multiple subtables containing their own attributes. The Health Table provides the overall status of the device in relationship to its patch status and active vulnerabilities (if a Syxsense Secure License is Active on the console). This table directly relates to the Patch Table. The Health table is not populated by running an inventory scan on an endpoint but is instead populated by performing a patch scan on the endpoint. Below are the most valuable attributes in the Health Table:
In addition to the primary attributes for the Health table, there are multiple sub tables which represent the information which makes up the Severity and Security Severity scores. The inventory data for Zero Trust will not be populated until the policy is assigned to that device. |
Patch Table |
The Patch Table shows an in-depth view of the currently pending, applied, and not-scanned patches available for the endpoint. As with the Health table, the Patch table is managed not through an inventory scan, but instead through patch scanning. Also, like the Health Table, the Patch Table contains sub-tables with additional context based on the status of the patches it associates with the endpoint. The top-level Patch Table does not contain any attributes, but the three sub-tables contain vital information as shown below:
|
OS Table |
This table contains information about the architecture of the operating system, and OS version specific information for the endpoint. The OS Table is also a top-level table containing subtables with attributes for bios configurations, .Net Framework status, and User specific settings and sessions. The primary attributes of the OS Table are listed below:
|
Network Table |
The Network Table is a parent table containing attributes related to the networking devices discovered by Syxsense. If you have more than one Networking adapter attached to the endpoint, this table will show each networking device listed in a separate attribute group on the table. Below are the attributes tracked by the Network Table:
|
Disk Table |
The Disks Table is a parent table with sub-tables relating to the physical and virtual disks attached to the endpoint. Below are a few of the most important sub-tables associated with the Disks Table:
|
Boot History |
Boot History data is collected information about the system's uptime and operational patterns. Understanding when a system was last booted and how frequently it reboots can be vital for various purposes, including troubleshooting, performance analysis, and system maintenance. When the agent is initiated, it immediately collects the system's LastBootTime, marking the beginning of a boot cycle. This information is then stored in a designated database (LogonSessionDb) in the format: LastBootTime - CurrentTime. As the agent continues to run, it periodically updates the boot record in LogonSessionDb every minute. This ongoing monitoring ensures that the system's boot history remains up to date and reflective of its current state. During each update, if the current LastBootTime differs from the one stored in LogonSessionDb, indicating a new boot cycle, the agent creates a new record in the database. This new record is then updated regularly, while the previous record remains unchanged to maintain an accurate historical log. Drop-down TitleDrop-down Title |
Last Update: July, 2024
Copyright ©2024 by Syxsense, Inc. All Rights Reserved