Which Device Attributes are Captured in Device Intelligence?
Which Device Attributes are Captured in Device Intelligence?
Device Intelligence scans traffic continuously and captures device attributes for every individual device to work on them. This information is further used in different dashboards, charts, asset inventory, etc.
Following is the list of device attributes captured by Device Intelligence for your devices:
Attribute (A – Z) | Description |
---|---|
Address Type | States whether the MAC address is randomized or not |
Alert Category | Group in which the alert belongs, which can be an incident or anomaly |
Alert Signature | Summary description of the alert which includes the timeframe for which it is calculated |
Alerts | Notification of a potential problem or an out-of-ordinary behavior of a device which could be usage of a port, creation of large number of connections, sending/receiving a large amount of data, etc. |
Anomaly Signature | CVE description of the anomaly |
BSS ID | ID of the WLAN for the device |
Category | Multiple device types which are grouped as a super set |
City | City of the network being monitored to which the device is connected |
Co-ordinates | Longitude and latitude of the network being monitored to which the device is connected |
Continent | Continent of the network being monitored to which the device is connected |
Control | Type of device whether user controlled or automated (IoT) device |
Country | Country of the network being monitored to which the device is connected |
Cipher | Attributes used by access point like Uptime, encryption (WPA,WPA2-PSK), etc. |
Device Function | Specific to OT devices role either master or slave |
Device ID | Unique ID of the device |
Device Risk | Risk score of a device measured as per the behavior |
DHCP Fingerprints | Catalog of distinctive DHCP fingerprint patterns |
DHCP Vendors | Top most frequent manufacturers identified in Dynamic Host Configuration Protocol (DHCP) requests |
External topology | Connectivity diagram of where around the world internal devices are connecting |
First seen | First logged UTC time when the device was seen |
Groups | Custom grouping of devices |
Health | States the health of the device either alive or offline in network |
Host Name | Host name of a device |
HTTP User-Agents | Top most frequently encountered HTTP user-agent strings |
Wired / Wireless | Mode of connectivity of the device is either Wi-Fi or wired connection |
Integrations | Collect asset information from different third party integration like CrowdStrike, Rapid7, etc. |
Interface | Device interface used for communication over the network |
Interface Counts | Number of interfaces that belong to a device |
Internal topology | Connectivity diagram of the internal network being monitored. |
IP address | IP address of the device or connected gateway |
Last seen | Last communication logged UTC time when the device was seen |
Make | Manufacturer of the device |
Make Confidence | Probability that the device make prediction for this device is correct |
Management | Management state of the device either managed or unmanaged |
Mandatory Service Compliance | Compliance with mandatory services that need to run on the device |
Model | Specific model of the device |
OS | Operating system used by the device |
OS Confidence | Probability that the device OS prediction for this device is correct |
OS Version | Operating system version used by the device |
Ownership | Ownership of the device depending on whether it is personal or corporate |
Physical address | MAC address of the connected interface of the device |
Port | Last port on which communication from the device was observed |
Protocol | Protocol that the device is using for communication |
Serial number | Serial number of the device, e.g. for dnp3 “group”:0,”variation”:248 -> “device_serial_number”:”21.05.008″ |
Services | The field tracks compliance to the different rules mandated for the tenant An example rule could be: devices with OS = ‘Linux’ in tenant T need to connect to an enterprise antivirus service every fifteen days to stay compliant |
Site ID | Unique ID of the Site the device is assigned which is based on physical sub-locations that the device is based out of |
SSID | ID of the Wi-Fi to which the device is connected |
State | State of the network being monitored to which the device is connected |
Subnet | Subnet of the network to which the device is connected |
Tags | Custom context that the user wants to provide |
Timezone | Time zone of the network where the device is active |
Tunnel Information | IPSec tunnel information |
Type | Taxonomy categorization of the device |
Type Confidence | Probability that the device type prediction for this device is correct |
Vertical | Type of device regarding the group |
VLAN | VLAN address of the device if it is part of a separate broadcast domain |
Vulnerability (CVEIDs) | Any vulnerability which is found on the device |