In addition to normal software and hardware inventory information of an endpoint, its better that we also collect some other critical information for endpoint analysis,threat and security breach detection.
Extended Software Inventory
Extended Software Inventory
 Users | Collect information about user accounts on the endpoint. Information to collect : 1. User Name 2. Domain to which the user is registered to 3. Password Required or not 4. Has Password expired or not 5. Account Disabled or not 6. User's group and quota details 7. Status ? Account blocked due to bad password attempts etc. 8. Last logged user |
 | Service is a long-running executable that performs specific functions which is designed not to require user intervention. Information to collect : 1. Display Name 2. Service Name 3. Path to Service executable 4. Service type. ( eg. own process or share process ) 5. isStarted 6. Start Mode (Manual or Automatic) 7. State (running , paused , stopped) 8. OwnerUserName (System , administrator) 9. Service using maximum resources ( CPU , RAM ) |
 CPU Meter | Information to collect : 1. CPU Speed 2. Idle Time in % 3. User Time in % 4. Privileged Time in % 5. Processor Time in % 6. Total number of Processes 7. Processor Queue Length |
 Anti-virus Protection | Information to collect : 1. Name of Anti-Virus Software Installed 2. Service Names for the Anti-Virus 3. Latest Definitions 4. Last Scan Date 5. Is Auto-scan enabled 6. Is Auto-update enabled 7. Health Status - Healthy , Need Update , Not Running , Not Installed |
 Operating System Info. | Information to collect : 1. Full OS Name and Service Pack Level 2. OS Version Number 3. OS Type 4. Product ID 5. Product Key (Win95, Win98, WinME only) 6. Installation Date 7. Uptime (days) 8. OS Language (Language of the installed OS) 9. System Language |
 Adobe Product Info. | Information to collect : 1. Adobe Reader 2. Adobe Acrobat 3. Adobe Photoshop 4. Adobe Photoshop Elements 5. Adobe Illustrator 6. Adobe InDesign 7. Adobe GoLive 8. Adobe ColdFusion 9. Adobe Flash Player (IE) 10. Adobe Flash Player (Mozilla) 11. Adobe Shockwave Player 12. Adobe Director |
 | Information to collect : 1. Remote Desktop - Enabled Status 2. Remote Assistance Offering - Enabled Status 3. Remote Assistance Offering - Helper Control Level 4. Remote Assistance Offering - Authorized Assistance Users (users or groups who are authorized to offer remote assistance) 5. ScreenSaver enabled in Remote Desktop Session 6. Maximum Remote Desktop Connections |
Related Article : Collecting Extended Inventory Data
0 comments:
Post a Comment