Which Device Attributes are Captured in Device Intelligence?

Which Device Attributes are Captured in Device Intelligence?

Device Intelligence scans traffic continuously and captures device attributes for every individual device to work on them. This information is further used in different dashboards, charts, asset inventory, etc.

Following is the list of device attributes captured by Device Intelligence for your devices:

Attribute (A – Z)Description
Address TypeStates whether the MAC address is randomized or not
Alert CategoryGroup in which the alert belongs, which can be an incident or anomaly
Alert Signature Summary description of the alert which includes the timeframe for which it is calculated
AlertsNotification of a potential problem or an out-of-ordinary behavior of a device which could be usage of a port, creation of large number of connections, sending/receiving a large amount of data, etc.
Anomaly SignatureCVE description of the anomaly
BSS IDID of the WLAN for the device
CategoryMultiple device types which are grouped as a super set
CityCity of the network being monitored to which the device is connected
Co-ordinatesLongitude and latitude of the network being monitored to which the device is connected
ContinentContinent of the network being monitored to which the device is connected
ControlType of device whether user controlled or automated (IoT) device
CountryCountry of the network being monitored to which the device is connected
Cipher Attributes used by access point like Uptime, encryption (WPA,WPA2-PSK), etc.
Device FunctionSpecific to OT devices role either master or slave
Device IDUnique ID of the device
Device RiskRisk score of a device measured as per the behavior
DHCP FingerprintsCatalog of distinctive DHCP fingerprint patterns
DHCP VendorsTop most frequent manufacturers identified in Dynamic Host Configuration Protocol (DHCP) requests
External topologyConnectivity diagram of where around the world internal devices are connecting
First seenFirst logged UTC time when the device was seen
GroupsCustom grouping of devices
HealthStates the health of the device either alive or offline in network
Host NameHost name of a device
HTTP User-AgentsTop most frequently encountered HTTP user-agent strings
Wired / Wireless Mode of connectivity of the device is either Wi-Fi or wired connection
Integrations Collect asset information from different third party integration like CrowdStrike, Rapid7, etc.
InterfaceDevice interface used for communication over the network
Interface CountsNumber of interfaces that belong to a device
Internal topologyConnectivity diagram of the internal network being monitored.
IP addressIP address of the device or connected gateway
Last seenLast communication logged UTC time when the device was seen
MakeManufacturer of the device
Make ConfidenceProbability that the device make prediction for this device is correct
ManagementManagement state of the device either managed or unmanaged
Mandatory Service ComplianceCompliance with mandatory services that need to run on the device
ModelSpecific model of the device
OSOperating system used by the device
OS ConfidenceProbability that the device OS prediction for this device is correct
OS VersionOperating system version used by the device
OwnershipOwnership of the device depending on whether it is personal or corporate
Physical addressMAC address of the connected interface of the device
PortLast port on which communication from the device was observed
ProtocolProtocol that the device is using for communication
Serial numberSerial number of the device, e.g. for dnp3 “group”:0,”variation”:248 -> “device_serial_number”:”21.05.008″
ServicesThe field tracks compliance to the different rules mandated for the tenant
An example rule could be: devices with OS = ‘Linux’ in tenant T need to connect to an enterprise antivirus service every fifteen days to stay compliant
Site IDUnique ID of the Site the device is assigned which is based on physical sub-locations that the device is based out of
SSIDID of the Wi-Fi to which the device is connected
StateState of the network being monitored to which the device is connected
SubnetSubnet of the network to which the device is connected
TagsCustom context that the user wants to provide
TimezoneTime zone of the network where the device is active
Tunnel InformationIPSec tunnel information
TypeTaxonomy categorization of the device
Type ConfidenceProbability that the device type prediction for this device is correct
VerticalType of device regarding the group
VLANVLAN address of the device if it is part of a separate broadcast domain
Vulnerability (CVEIDs)Any vulnerability which is found on the device
Share this Doc

Which Device Attributes are Captured in Device Intelligence?

Or copy link

In this topic ...