Skip to main content

Security & Compliance Inventory Metrics

In this article

Security Inventory

uberAgent periodically runs security inventory tests that check the configuration of operating systems and applications.

Details

  • Source type: uberAgentESA:System:SecurityInventory
  • Used in dashboard: Security Score
  • Enabled through configuration setting: SecurityInventory
  • Related configuration settings: SecurityInventoryTest
  • Supported platform: Windows

List of Fields in the Raw Agent Data

Field Description Data type Unit Example
SecurityInventoryName The name of the test. String Daily antivirus check
SecurityInventoryCategory The name of the test category. String Antivirus
SecurityInventoryScore The resulting test score on a scale from 0 (very bad) to 10 (excellent). Number 7
SecurityInventoryResultData Configuration information determined by the test. String “AntivirusEnabled”=true “AntivirusName”=”Windows Defender” “AntivirusUpToDate”=true
SecurityInventoryRiskScore The severity of the test (how risky is the tested thing) on a scale from 0 (low risk) to 100 (high risk). Number 50
SecurityInventoryErrorCode An error code returned by the test. 0 is interpreted as success. Number 0
SecurityInventoryErrorMessage Optional error message returned by the test. String PowerShell commandlet not found.
SecurityInventoryScope The scope of the script. Possible values: 1, 2. Also see the field SecurityInventoryScopeDisplayName. Number 1
SecurityInventoryScopeEntity The user name if the test was run in the user scope. String Domain\JohnDoe

List of Calculated Fields

Field Description Data type Unit Example Where available
SecurityInventoryDisplayName The display name of the test to improve readability. String Protected root certificates Splunk data model, Splunk SPL
SecurityInventoryNameDescription The description of a test. String Checks if root certificates can be installed by users. Splunk data model, Splunk SPL
SecurityInventoryScopeDisplayName Scope display name. Possible values: Machine, User. String Machine Splunk data model, Splunk SPL

Comments

Your email address will not be published. Required fields are marked *