Inventory

Used in conjunction with custom inventory attributes.

These are very useful to record static data for a device e.g., when it was purchased.

It is possible to edit existing tables to create new functionality. This is done by creating custom fields:

• From the table of interest, select the Edit button.
• Then, select the ‘Add Custom Field’ to add a new field to the existing table, or double click an existing field to change its content.

Remember to click 'Save' when finished.

Used to import mass amounts of custom inventory attributes.

Only CSV files are supported, and the device import must contain the Device Name in the first column to allow the record to match.

The computer attribute table provides basic information concerning the currently selected endpoint. Below are a few of the key attributes associated with this table:

• Device Name: The device name provided by hostname.
• Directory Location: The Active Directory CN of the device.
• Manufacturer: Who built/licensed the hardware.
• Serial Number: Hardware Asset information provided by the Manufacturer.
• Time Zone: General Location information.
• Is Reboot Required: Does the system have pending changes which need to be applied?
• Last Bootup Time: Provides uptime information for the endpoint.
• OU Path: Detailed Active Directory information.

Provides information about the status and activity of the Syxsense agent installed on the endpoint.

Below are a few of the most important attributes in this table:

• Device ID: A GUID set by the Syxsense Agent which distinguishes this device from other endpoints. The Device ID is generally intended to be unique.  

When cloning an endpoint from a Gold Image with the Syxsense agent pre-installed, the Device ID can be recreated by Setting the Gold Image Device ID as a Duplicate Device ID. This is done by going to Settings > Device ID Config > Add New.  

• Site: Which Syxsense Site container this endpoint belongs to. By default, all new endpoints belong to the Default Site unless specific IP rules are configured.
• Agent Version: The current installation of the Syxsense Agent on the endpoint. The agent is self-updating.
• Last Upload: The last time that the agent checked in with the Console. This attribute increments frequently.
• System Active Date: The timestamp when the agent was first first connected to the console on this endpoint. This value will not increment ever.

Drop-down TitleDrop-down Title

The Health Table is a top-level table.

Within the Health Table are multiple subtables containing their own attributes.

The Health Table provides the overall status of the device in relationship to its patch status and active vulnerabilities (if a Syxsense Secure License is Active on the console). This table directly relates to the Patch Table.

The Health table is not populated by running an inventory scan on an endpoint but is instead populated by performing a patch scan on the endpoint.

Below are the most valuable attributes in the Health Table:

• Severity: A measure of the current health of the device, determined by the number and severity of current missing patches found on the device.
• Last Scanned: Delineates the last time that a patch scan was performed on this endpoint.
• Last Patched: Delineates the last time that a patch deployment was performed on this endpoint.
• Security Severity: A measure of the current device health, determined by the number and severity of found vulnerabilities on the device.

In addition to the primary attributes for the Health table, there are multiple sub tables which represent the information which makes up the Severity and Security Severity scores.

The inventory data for Zero Trust will not be populated until the policy is assigned to that device.

Drop-down TitleDrop-down Title

The Patch Table shows an in-depth view of the currently pending, applied, and not-scanned patches available for the endpoint.

As with the Health table, the Patch table is managed not through an inventory scan, but instead through patch scanning.

Also, like the Health Table, the Patch Table contains sub-tables with additional context based on the status of the patches it associates with the endpoint.

The top-level Patch Table does not contain any attributes, but the three sub-tables contain vital information as shown below:

• Detected: Displays the currently pending patches on the endpoint.
• Installed: Displays the installed patches on the endpoint.
• Not Required: Displays patches that are available but not relevant to the endpoint.

This table contains information about the architecture of the operating system, and OS version specific information for the endpoint.

The OS Table is also a top-level table containing subtables with attributes for bios configurations, .Net Framework status, and User specific settings and sessions. The primary attributes of the OS Table are listed below:

• OS Name: Provides the Operating System identifier associated with the endpoint. • Last Boot Time: Provides Uptime Information about the endpoint.
• Architecture: Delineates 32-bit and 64-bit Operating Systems • Language: The localization of the endpoint.
• Version: The revision number of the Operating System
• Win 10 Feature Version: If the endpoint is a Windows Device, this will show the Windows 10 version number.
• OS Type: Shows the Operating System Family, e.g. Windows for Microsoft, Linux for UNIX, MacOS for Apple. If the device is a Linux endpoint, this table will also contain information specific to the Kernel revision of the endpoint.

The Network Table is a parent table containing attributes related to the networking devices discovered by Syxsense.

If you have more than one Networking adapter attached to the endpoint, this table will show each networking device listed in a separate attribute group on the table. Below are the attributes tracked by the Network Table:

• IP Address: Displays the currently detected (as of last inventory) local IP address of the endpoint.
• Subnet Mask: Displays the detected network mask associated with the local network.
• Gateway: Displays the network gateway for the endpoint’s current network.
• MAC Address: Displays the MAC address of the associated network adapter.
• External IP Address: Shows the global IP Address of the endpoint, or the external IP address at the perimeter of the network if traffic is restricted behind a NAT gateway.

Drop-down TitleDrop-down Title

The Disks Table is a parent table with sub-tables relating to the physical and virtual disks attached to the endpoint. 

Below are a few of the most important sub-tables associated with the Disks Table:

• Disk Drives: Shows the capacity, status, and health of the hardware drives attached to the endpoint. 
• Logical Disks: Shows the Windows Drive Mounts 
• Volumes: Shows the hard drive partitions attached to the endpoint. On a Linux endpoint, this will be the only registered sub-table.

Boot History data is collected information about the system's uptime and operational patterns. Understanding when a system was last booted and how frequently it reboots can be vital for various purposes, including troubleshooting, performance analysis, and system maintenance.

When the agent is initiated, it immediately collects the system's LastBootTime, marking the beginning of a boot cycle. This information is then stored in a designated database (LogonSessionDb) in the format: LastBootTime - CurrentTime.

As the agent continues to run, it periodically updates the boot record in LogonSessionDb every minute. This ongoing monitoring ensures that the system's boot history remains up to date and reflective of its current state.

During each update, if the current LastBootTime differs from the one stored in LogonSessionDb, indicating a new boot cycle, the agent creates a new record in the database. This new record is then updated regularly, while the previous record remains unchanged to maintain an accurate historical log.