Inventory

Inventory includes a complete description of the system endpoints from different hardware and software aspects. It is stored on the server, and updated once a day, in response to a device request to the server. So even if a particular device is sent to quarantine, access to its inventory remains, and due to this, malicious software can be detected and deleted.

Checking inventory history for a specified period, it is possible to track changes on specific devices and in the system. Based on the inventory data, you can generate various reports compliant with different regulations to present them to senior management and external auditors.

You can also use inventory to group devices based on different parameters, save these device sets and automatically launch any checks and processes, for example, automatic installation or removal of programs, for a specific set of devices.

Typical scenarios for using inventory are:

checking how old the hardware is and planning its replacement based on the received data
examining current OS and third-party software versions for creation of a patching baseline
BitLocker status check
examination of the reboot regularity on different devices
antivirus status check
detection of prohibited software installed on the system endpoints
Windows 11 readiness check

Important Information

Inventory scans are performed every day automatically but can be run manually at any time.

On Windows, the hardware and software information is collected via WMI and anything installed from the Microsoft Store.

On Linux, the inventory is collected using the Secure Shell (SSH) protocol.

Inventory can be useful to enable dynamic software deployment such as devices that have an old piece of software installed.

Discovery: View Inventor Toolbar Discovery: View Inventor Toolbar

Connection State	Is the device connected to the instance.
+ Add Custom Field	Used in conjunction with custom inventory attributes. These are very useful to record static data for a device e.g., when it was purchased. It is possible to edit existing tables to create new functionality. This is done by creating custom fields: From the table of interest, select the Edit button. Then, select the 'Add Custom Field' to add a new field to the existing table, or double click an existing field to change its content. Remember to click 'Save' when finished.
Import	Used to import mass amounts of custom inventory attributes. Only CSV files are supported, and the device import must contain the Device Name in the first column to allow the record to match.
Export	Used to export inventory data from the device to a .txt file.

Discovery: View Inventory AttributesDiscovery: View Inventory Attributestt

The information contained in the tables making up the inventory of the device joined to the Absolute console is populated through an inventory scan. Inventory Scans are by default set to run once per day. This value can be changed by visiting Settings Inventory Frequency, and then modifying the value found there. In addition to the daily (unless configured to a different schedule) scan, the inventory of a device will be updated whenever the device communicates with the Absolute console when running a task sequence.

It is possible to edit existing tables to create new functionality. This is done by creating custom fields. From the table of interest, select the Edit button. Custom field name and value can also be edited with double click. Select the 'Add Custom Field' to add a new field to the existing table, or double click an existing field to change its content. Once the content has been added or changed, save the changes. The field will now have an asterisk next to it, denoting that it was manually changed.

Accessories	Provides a list of peripheral devices connected to the endpoint. This may include external drives, printers, webcams, and other accessories recognized by the system during the inventory scan.
Activation Key	Stores licensing and activation key information detected on the endpoint, particularly for Microsoft Windows or Office products. Useful for software compliance and auditing.
Add Remove Programs	Lists all applications currently installed on the endpoint. Information may include: Application name Version Publisher Installation date, source, location
Boot History	Boot History data is collected information about the system's uptime and operational patterns. Understanding when a system was last booted and how frequently it reboots can be vital for various purposes, including troubleshooting, performance analysis, and system maintenance. When the agent is initiated, it immediately collects the system's LastBootTime, marking the beginning of a boot cycle. This information is then stored in a designated database (LogonSessionDb) in the format: LastBootTime - CurrentTime. As the agent continues to run, it periodically updates the boot record in LogonSessionDb every minute. This ongoing monitoring ensures that the system's boot history remains up to date and reflective of its current state. During each update, if the current LastBootTime differs from the one stored in LogonSessionDb, indicating a new boot cycle, the agent creates a new record in the database. This new record is then updated regularly, while the previous record remains unchanged to maintain an accurate historical log.
Computer	The computer attribute table provides basic information concerning the currently selected endpoint. Below are a few of the key attributes associated with this table: Device Name: The device name provided by hostname. Description: A brief description of the device or its purpose. Directory Location: The Active Directory CN of the device. Manufacturer: Who built/licensed the hardware. Model: The specific model name or number of the hardware. Serial Number: Hardware Asset information provided by the Manufacturer. Chassis Type: The type of enclosure for the device (e.g., desktop, laptop, rack-mount). OU Path: Detailed Active Directory information, specifying the exact path of the device within the directory. FQDN: The Fully Qualified Domain Name of the device. This attribute is collected on Windows and Linux devices and matches the values that the devices return when checked for FQDN. Time Zone: General Location information. Is Reboot Required: Does the system have pending changes which need to be applied? Last Bootup Time: Provides uptime information for the endpoint.
Computer System	Includes detailed specifications and performance-related information of the computer hardware.
Variables	Stores environmental and conditional data used in Automated Workflows
Customer Support Agreement	Captures contract or support details relevant to the endpoint or organization.
Disks	The Disks Table is a parent table with sub-tables relating to the physical and virtual disks attached to the endpoint. Below are a few of the most important sub-tables associated with the Disks Table: Disk Drives: Shows the capacity, status, and health of the hardware drives attached to the endpoint. Logical Disks: Shows the Windows Drive Mounts Volumes: Shows the hard drive partitions attached to the endpoint. On a Linux endpoint, this will be the only registered sub-table.
Display Configurations	Details the graphical output settings and devices attached to the endpoint.
Groups	Displays Active Directory or custom group memberships assigned to the endpoint. Helps track organizational structure or policy-based groupings.
Hardware	Detailed information on the physical hardware components of the endpoint.
Health	Within the Health Table are multiple subtables containing their own attributes. The Health Table provides the overall status of the device in relationship to its patch status and active vulnerabilities. This table directly relates to the Patch Table. The Health table is not populated by running an inventory scan on an endpoint but is instead populated by performing a patch scan on the endpoint. Below are the most valuable attributes in the Health Table: Severity: A measure of the current health of the device, determined by the number and severity of current missing patches found on the device. Last Scanned: Delineates the last time that a patch scan was performed on this endpoint. Last Patched: Delineates the last time that a patch deployment was performed on this endpoint. Security Severity: A measure of the current device health, determined by the number and severity of found vulnerabilities on the device. In addition to the primary attributes for the Health table, there are multiple sub tables which represent the information which makes up the Severity and Security Severity scores.
Network	The Network Table is a parent table containing attributes related to the networking devices discovered by Absolute. If you have more than one Networking adapter attached to the endpoint, this table will show each networking device listed in a separate attribute group on the table. Below are the attributes tracked by the Network Table: IP Address: Displays the currently detected (as of last inventory) local IP address of the endpoint. Subnet Mask: Displays the detected network mask associated with the local network. Gateway: Displays the network gateway for the endpoint’s current network. MAC Address: Displays the MAC address of the associated network adapter. External IP Address: Shows the global IP Address of the endpoint, or the external IP address at the perimeter of the network if traffic is restricted behind a NAT gateway.
OS	This table contains information about the architecture of the operating system, and OS version specific information for the endpoint. The OS Table is also a top-level table containing subtables with attributes for bios configurations, .Net Framework status, and User specific settings and sessions. The primary attributes of the OS Table are listed below: OS Name: Provides the Operating System identifier associated with the endpoint. Last Boot Time: Provides Uptime Information about the endpoint. Architecture: Delineates 32-bit and 64-bit Operating Systems Language: The localization of the endpoint. Version: The revision number of the Operating System Win 10 Feature Version: If the endpoint is a Windows Device, this will show the Windows 10 version number. OS Type: Shows the Operating System Family, e.g. Windows for Microsoft, Linux for UNIX, MacOS for Apple. If the device is a Linux endpoint, this table will also contain information specific to the Kernel revision of the endpoint.
Power Management	Contains information about device’s capability to manage power states. It helps assess whether specific power-saving features are available or enabled. Attributes; Can Suspend: Indicates whether the system supports entering a suspend (sleep) state. A value of False means the device cannot enter sleep mode. Can Hibernate: Indicates whether the system supports hibernation. False means hibernation is not supported or disabled in system settings.
Security	This table tracks the security configurations and tools on the endpoint, focused on malware protection, disk encryption, and firewall status. Each subtable offers visibility into key protective technologies.
Server Features	Lists roles and features installed on Windows Server endpoints.
SQL Information	Provides details about installed SQL Server instances.
Syxsense	Provides information about the status and activity of the Absolute agent installed on the endpoint. Below are a few of the most important attributes in this table: Device ID: A GUID set by the Absolute Agent which distinguishes this device from other endpoints. The Device ID is generally intended to be unique. When cloning an endpoint from a Gold Image with the Absolute agent pre-installed, the Device ID can be recreated by Setting the Gold Image Device ID as a Duplicate Device ID. This is done by going to Settings > Device ID Config > Add New. Site: Which Absolute Site container this endpoint belongs to. By default, all new endpoints belong to the Default Site unless specific IP rules are configured. Agent Version: The current installation of the Absolute Agent on the endpoint. The agent is self-updating. Last Upload: The last time that the agent checked in with the Console. This attribute increments frequently. System Active Date: The timestamp when the agent was first first connected to the console on this endpoint. This value will not increment ever.
Vulnerabilities	The Vulnerabilities Table shows the currently detected, remediated, unpatched, and failed vulnerability deployments associated with the endpoint. This data is not populated through a regular inventory scan, but instead through a security scan performed on the device. Vulnerabilities Table contains multiple sub-tables, each providing context based on the status of the vulnerabilities identified during the scan: Detected: Displays the currently identified vulnerabilities present on the endpoint. Installed: Displays vulnerabilities that have been successfully remediated. Not Installed: Displays vulnerabilities that are still present and have not been patched. Failed to Deploy: Displays vulnerabilities where remediation attempts were unsuccessful. Not Required: Displays vulnerabilities that are known but not relevant to the specific configuration of the endpoint. Security: A subtable offering detailed vulnerability metadata, such as CVE identifiers, severity, exploitability, and affected components.
Warranty Information	Displays warranty details retrieved from the manufacturer.