Inventory

• 7 min to read •

Inventory includes a complete description of the system endpoints from different hardware and software aspects. It is stored on the server, and updated once a day, in response to a device request to the server. So even if a particular device is sent to quarantine, access to its inventory remains, and due to this, malicious software can be detected and deleted.

Checking inventory history for a specified period, it is possible to track changes on specific devices and in the system. Based on the inventory data, you can generate various reports compliant with different regulations to present them to senior management and external auditors.

You can also use inventory to group devices based on different parameters, save these device sets and automatically launch any checks and processes, for example, automatic installation or removal of programs, for a specific set of devices.

Typical scenarios for using inventory are:

  • checking how old the hardware is and planning its replacement based on the received data
  • examining current OS and third-party software versions for creation of a patching baseline
  • BitLocker status check
  • examination of the reboot regularity on different devices
  • antivirus status check
  • detection of prohibited software installed on the system endpoints
  • Windows 11 readiness check

Important Information

Inventory scans are performed every day automatically but can be run manually at any time.

On Windows, the hardware and software information is collected via WMI and anything installed from the Microsoft Store.

On Linux, the inventory is collected using the Secure Shell (SSH) protocol.

Inventory can be useful to enable dynamic software deployment such as devices that have an old piece of software installed.

Prerequisites 

An online device

Discovery: View Inventor Toolbar Discovery: View Inventor Toolbar 

Is the device connected to the instance.

Used in conjunction with custom inventory attributes.

These are very useful to record static data for a device e.g., when it was purchased.

It is possible to edit existing tables to create new functionality. This is done by creating custom fields:

  • From the table of interest, select the Edit button.
  • Then, select the ‘Add Custom Field’ to add a new field to the existing table, or double click an existing field to change its content.

Remember to click 'Save' when finished.

Used to import mass amounts of custom inventory attributes.

Only CSV files are supported, and the device import must contain the Device Name in the first column to allow the record to match.

Used to export inventory data from the device to a .txt file.

Discovery: View Inventory AttributesDiscovery: View Inventory Attributestt

The information contained in the tables making up the inventory of the device joined to the Syxsense console is populated through an inventory scan. Inventory Scans are by default set to run once per day. This value can be changed by visiting Settings Inventory Frequency, and then modifying the value found there. In addition to the daily (unless configured to a different schedule) scan, the inventory of a device will be updated whenever the device communicates with the Syxsense console when running a task sequence.

 It is possible to edit existing tables to create new functionality. This is done by creating custom fields. From the table of interest, select the Edit button. Custom field name and value can also be edited with double click. Select the 'Add Custom Field' to add a new field to the existing table, or double click an existing field to change its content. Once the content has been added or changed, save the changes. The field will now have an asterisk next to it, denoting that it was manually changed.

Computer Table

The computer attribute table provides basic information concerning the currently selected endpoint. Below are a few of the key attributes associated with this table:

  • Device Name: The device name provided by hostname.
  • Description: A brief description of the device or its purpose.
  • Directory Location: The Active Directory CN of the device.
  • Manufacturer: Who built/licensed the hardware.
  • Model: The specific model name or number of the hardware.
  • Serial Number: Hardware Asset information provided by the Manufacturer.
  • Chassis Type: The type of enclosure for the device (e.g., desktop, laptop, rack-mount).
  • OU Path: Detailed Active Directory information, specifying the exact path of the device within the directory.
  • FQDN: The Fully Qualified Domain Name of the device. This attribute is collected on Windows and Linux devices and matches the values that the devices return when checked for FQDN.
  • Time Zone: General Location information.
  • Is Reboot Required: Does the system have pending changes which need to be applied?
  • Last Bootup Time: Provides uptime information for the endpoint.
Drop-down TitleDrop-down Title
Syxsense Table

Provides information about the status and activity of the Syxsense agent installed on the endpoint.

Below are a few of the most important attributes in this table:

  • Device ID: A GUID set by the Syxsense Agent which distinguishes this device from other endpoints. The Device ID is generally intended to be unique.  

When cloning an endpoint from a Gold Image with the Syxsense agent pre-installed, the Device ID can be recreated by Setting the Gold Image Device ID as a Duplicate Device ID. This is done by going to Settings > Device ID Config > Add New.  

  • Site: Which Syxsense Site container this endpoint belongs to. By default, all new endpoints belong to the Default Site unless specific IP rules are configured.
  • Agent Version: The current installation of the Syxsense Agent on the endpoint. The agent is self-updating.
  • Last Upload: The last time that the agent checked in with the Console. This attribute increments frequently.
  • System Active Date: The timestamp when the agent was first first connected to the console on this endpoint. This value will not increment ever.

Drop-down TitleDrop-down Title

Health Table

The Health Table is a top-level table.

Within the Health Table are multiple subtables containing their own attributes.

The Health Table provides the overall status of the device in relationship to its patch status and active vulnerabilities (if a Syxsense Secure License is Active on the console). This table directly relates to the Patch Table.

The Health table is not populated by running an inventory scan on an endpoint but is instead populated by performing a patch scan on the endpoint.

Below are the most valuable attributes in the Health Table:

  • Severity: A measure of the current health of the device, determined by the number and severity of current missing patches found on the device.
  • Last Scanned: Delineates the last time that a patch scan was performed on this endpoint.
  • Last Patched: Delineates the last time that a patch deployment was performed on this endpoint.
  • Security Severity: A measure of the current device health, determined by the number and severity of found vulnerabilities on the device.

In addition to the primary attributes for the Health table, there are multiple sub tables which represent the information which makes up the Severity and Security Severity scores.

The inventory data for Zero Trust will not be populated until the policy is assigned to that device.

Drop-down TitleDrop-down Title

Patch Table

The Patch Table shows an in-depth view of the currently pending, applied, and not-scanned patches available for the endpoint.

As with the Health table, the Patch table is managed not through an inventory scan, but instead through patch scanning.

Also, like the Health Table, the Patch Table contains sub-tables with additional context based on the status of the patches it associates with the endpoint.

The top-level Patch Table does not contain any attributes, but the three sub-tables contain vital information as shown below:

  • Detected: Displays the currently pending patches on the endpoint.
  • Installed: Displays the installed patches on the endpoint.
  • Not Required: Displays patches that are available but not relevant to the endpoint.
Drop-down TitleDrop-down Title
OS Table

This table contains information about the architecture of the operating system, and OS version specific information for the endpoint.

The OS Table is also a top-level table containing subtables with attributes for bios configurations, .Net Framework status, and User specific settings and sessions. The primary attributes of the OS Table are listed below:

  • OS Name: Provides the Operating System identifier associated with the endpoint. • Last Boot Time: Provides Uptime Information about the endpoint.
  • Architecture: Delineates 32-bit and 64-bit Operating Systems • Language: The localization of the endpoint.
  • Version: The revision number of the Operating System
  • Win 10 Feature Version: If the endpoint is a Windows Device, this will show the Windows 10 version number.
  • OS Type: Shows the Operating System Family, e.g. Windows for Microsoft, Linux for UNIX, MacOS for Apple. If the device is a Linux endpoint, this table will also contain information specific to the Kernel revision of the endpoint.
Drop-down TitleDrop-down Title
Network Table

The Network Table is a parent table containing attributes related to the networking devices discovered by Syxsense.

If you have more than one Networking adapter attached to the endpoint, this table will show each networking device listed in a separate attribute group on the table. Below are the attributes tracked by the Network Table:

  • IP Address: Displays the currently detected (as of last inventory) local IP address of the endpoint.
  • Subnet Mask: Displays the detected network mask associated with the local network.
  • Gateway: Displays the network gateway for the endpoint’s current network.
  • MAC Address: Displays the MAC address of the associated network adapter.
  • External IP Address: Shows the global IP Address of the endpoint, or the external IP address at the perimeter of the network if traffic is restricted behind a NAT gateway.

Drop-down TitleDrop-down Title

Disk Table

The Disks Table is a parent table with sub-tables relating to the physical and virtual disks attached to the endpoint. 

Below are a few of the most important sub-tables associated with the Disks Table:

  • Disk Drives: Shows the capacity, status, and health of the hardware drives attached to the endpoint. 
  • Logical Disks: Shows the Windows Drive Mounts 
  • Volumes: Shows the hard drive partitions attached to the endpoint. On a Linux endpoint, this will be the only registered sub-table.
Drop-down TitleDrop-down Title
Boot History

Boot History data is collected information about the system's uptime and operational patterns. Understanding when a system was last booted and how frequently it reboots can be vital for various purposes, including troubleshooting, performance analysis, and system maintenance.

When the agent is initiated, it immediately collects the system's LastBootTime, marking the beginning of a boot cycle. This information is then stored in a designated database (LogonSessionDb) in the format: LastBootTime - CurrentTime.

As the agent continues to run, it periodically updates the boot record in LogonSessionDb every minute. This ongoing monitoring ensures that the system's boot history remains up to date and reflective of its current state.

During each update, if the current LastBootTime differs from the one stored in LogonSessionDb, indicating a new boot cycle, the agent creates a new record in the database. This new record is then updated regularly, while the previous record remains unchanged to maintain an accurate historical log.

Drop-down TitleDrop-down Title 

Last Update: July, 2024

Copyright ©2024 by Syxsense, Inc. All Rights Reserved