Security Inventory

uberAgent periodically runs security inventory tests that check the configuration of operating systems and applications.

Details

• Source type: uberAgentESA:System:SecurityInventory
• Used in dashboard: Security Score
• Enabled through configuration setting: SecurityInventory
• Related configuration settings: SecurityInventoryTest
• Supported platform: Windows

List of Fields in the Raw Agent Data

Field	Description	Data type	Unit	Example
SecurityInventoryName	The name of the test.	String		Daily antivirus check
SecurityInventoryCategory	The name of the test category.	String		Antivirus
SecurityInventoryScore	The resulting test score on a scale from 0 (very bad) to 10 (excellent).	Number		7
SecurityInventoryResultData	Configuration information determined by the test.	String		“AntivirusEnabled”=true “AntivirusName”=”Windows Defender” “AntivirusUpToDate”=true
SecurityInventoryRiskScore	The severity of the test (how risky is the tested thing) on a scale from 0 (low risk) to 100 (high risk).	Number		50
SecurityInventoryErrorCode	An error code returned by the test. 0 is interpreted as success.	Number		0
SecurityInventoryErrorMessage	Optional error message returned by the test.	String		PowerShell commandlet not found.
SecurityInventoryScope	The scope of the script. Possible values: 1, 2. Also see the field SecurityInventoryScopeDisplayName.	Number		1
SecurityInventoryScopeEntity	The user name if the test was run in the user scope.	String		Domain\JohnDoe

List of Calculated Fields

Field	Description	Data type	Unit	Example	Where available
SecurityInventoryDisplayName	The display name of the test to improve readability.	String		Protected root certificates	Splunk data model, Splunk SPL
SecurityInventoryNameDescription	The description of a test.	String		Checks if root certificates can be installed by users.	Splunk data model, Splunk SPL
SecurityInventoryScopeDisplayName	Scope display name. Possible values: Machine, User.	String		Machine	Splunk data model, Splunk SPL