This documentation does not apply to the most recent version of uberAgent. Click here for the latest version.
Security & Compliance Inventory Metrics
Security Inventory
uberAgent periodically runs security inventory tests that check the configuration of operating systems and applications.
Details
- Source type:
uberAgentESA:System:SecurityInventory
- Used in dashboard: Security Score
- Enabled through configuration setting:
SecurityInventory
- Related configuration settings:
SecurityInventoryTest
- Supported platform: Windows
List of Fields in the Raw Agent Data
Field | Description | Data type | Unit | Example |
---|---|---|---|---|
SecurityInventoryName | The name of the test. | String | Daily antivirus check | |
SecurityInventoryCategory | The name of the test category. | String | Antivirus | |
SecurityInventoryScore | The resulting test score on a scale from 0 (very bad) to 10 (excellent). |
Number | 7 | |
SecurityInventoryResultData | Configuration information determined by the test. | String | “AntivirusEnabled”=true “AntivirusName”=”Windows Defender” “AntivirusUpToDate”=true | |
SecurityInventoryRiskScore | The severity of the test (how risky is the tested thing) on a scale from 0 (low risk) to 100 (high risk). |
Number | 50 | |
SecurityInventoryErrorCode | An error code returned by the test. 0 is interpreted as success. |
Number | 0 | |
SecurityInventoryErrorMessage | Optional error message returned by the test. | String | PowerShell commandlet not found. | |
SecurityInventoryScope | The scope of the script. Possible values: 1 , 2 . Also see the field SecurityInventoryScopeDisplayName . |
Number | 1 | |
SecurityInventoryScopeEntity | The user name if the test was run in the user scope. | String | Domain\JohnDoe |
List of Calculated Fields
Field | Description | Data type | Unit | Example | Where available |
---|---|---|---|---|---|
SecurityInventoryDisplayName | The display name of the test to improve readability. | String | Protected root certificates | Splunk data model, Splunk SPL | |
SecurityInventoryNameDescription | The description of a test. | String | Checks if root certificates can be installed by users. | Splunk data model, Splunk SPL | |
SecurityInventoryScopeDisplayName | Scope display name. Possible values: Machine , User . |
String | Machine | Splunk data model, Splunk SPL |