Security Inventory
uberAgent periodically runs security inventory tests that check the configuration of operating systems and applications.
Details
- Source type:
uberAgentESA:System:SecurityInventory
- Used in dashboard: Security Score
- Enabled through configuration setting:
SecurityInventory
- Related configuration settings:
SecurityInventoryTest
- Supported platform: Windows
List of Fields in the Raw Agent Data
Field |
Description |
Data type |
Unit |
Example |
SecurityInventoryName |
The name of the test. |
String |
|
Daily antivirus check |
SecurityInventoryCategory |
The name of the test category. |
String |
|
Antivirus |
SecurityInventoryScore |
The resulting test score on a scale from 0 (very bad) to 10 (excellent). |
Number |
|
7 |
SecurityInventoryResultData |
Configuration information determined by the test. |
String |
|
“AntivirusEnabled”=true “AntivirusName”=”Windows Defender” “AntivirusUpToDate”=true |
SecurityInventoryRiskScore |
The severity of the test (how risky is the tested thing) on a scale from 0 (low risk) to 100 (high risk). |
Number |
|
50 |
SecurityInventoryErrorCode |
An error code returned by the test. 0 is interpreted as success. |
Number |
|
0 |
SecurityInventoryErrorMessage |
Optional error message returned by the test. |
String |
|
PowerShell commandlet not found. |
SecurityInventoryScope |
The scope of the script. Possible values: 1 , 2 . Also see the field SecurityInventoryScopeDisplayName . |
Number |
|
1 |
SecurityInventoryScopeEntity |
The user name if the test was run in the user scope. |
String |
|
Domain\JohnDoe |
List of Calculated Fields
Field |
Description |
Data type |
Unit |
Example |
Where available |
SecurityInventoryDisplayName |
The display name of the test to improve readability. |
String |
|
Protected root certificates |
Splunk data model, Splunk SPL |
SecurityInventoryNameDescription |
The description of a test. |
String |
|
Checks if root certificates can be installed by users. |
Splunk data model, Splunk SPL |
SecurityInventoryScopeDisplayName |
Scope display name. Possible values: Machine , User . |
String |
|
Machine |
Splunk data model, Splunk SPL |