This post is part of a series of articles that highlight and explain specific aspects of uberAgent’s functionality.
What is uberAgent?
uberAgent is a Splunk agent for Windows end-user computing analytics focused on user experience and application performance. It provides deep insights into the user logon process, helps identify bottlenecks caused by slow backend systems and very much more. But how does inventory data fit in?
Why Update Inventory?
Knowing exactly which patches and updates are installed is critical for security. There cannot be any doubt as to whether your machines are patched correctly or not. Update inventory data provides a solid foundation to base decisions on and helps answer questions like these:
- What is the state of our security?
- Are we vulnerable?
- Is our patching process working correctly?
- Do all systems have the required updates?
- Are functionality updates available on all machines?
- Are bugfixes deployed throughout?
Software update inventory data is available in two different places: on the Single Machine Inventory dashboard, which is accessible by clicking a machine’s entry on the Machine Inventory dashboard, and on the Update Inventory dashboard, which can be found in the Applications menu. The former provides detailed information about one machine’s operating system, installed applications and installed updates. The latter gives you an overview of the installed updates on all your machines.
uberAgent collects the following information for each patch and update:
- Update name
- Associated product name
- Update GUID
- Install state
- Install date
A full list of all metrics collected by uberAgent can be found here.
The software update inventory functionality does not have to be configured specifically, just install uberAgent and it will immediately start collecting all this great data.
In case you want to modify the default configuration, e.g. in order to change the data collection frequency, take a look at the first article in this series.