Device Profile Page - Aggregated Tab
  • 19 Jun 2022
  • 4 Minutes to read
  • Dark
    Light
  • PDF

Device Profile Page - Aggregated Tab

  • Dark
    Light
  • PDF

The Aggregated tab on the Device Profile page displays consolidated and correlated data from all adapters about the device, on the Basic Info tab. A group of tabs show pre-defined highlighted/advanced sets of data from specific adapters. The tab name is shown in the left panel and the data on the right panel. The Advanced data tabs available depend on the data fetched on your system.

Basic Info

The Basic Info tab shows consolidated and correlated data from all adapters about the device. Hover over a field to display an arrow, then click the arrow next to the data to see the adapter or adapters that this information comes from.

LastSEenBasicInfo

Advanced Data Tabs

Each advanced data tab is displayed in a table. The first column displays the Adapter Connections column which lets you identify the source for each row, and the second column is sorted in ascending order. The tables consist of the following elements:

  • Search bar - free text search on the table results
  • Total results - the total number of displayed results is displayed on the top left side of the table
  • Export CSV - export the displayed results to a CSV file. The functionality is as same as the Exporting Device and User Data to CSV.
  • Navigation and pagination - by default, 20 results are displayed in each of the tables page. You can change the number of results per page and choose between 20, 50 or 100, by clicking the appropriate icon on the bottom left side of the table: image.png.
    Moving between pages is done by the pagination bar on the bottom right side of the table: image.png



The following tables may be displayed, depending on the collected data.

Agent Versions

The Agent Versions table lists the agents installed on the device.
Each agent details includes its name, its version and it status.
AgentVersions.png

Connected Hardware

The Connected Hardware table lists registry logged connected hardware.

image.png

Firewall Rules

The Firewall Rules table lists firewall rules that define allowed or denied traffic to and from virtual machines.
DEvice-FirewallRules.png

Each rule consists of the following information:

  • Name and Source - for example, AWS security group or GCP firewall rule.
  • Allow / Deny - action is either allow or deny access.
  • Direction - incoming (INGRESS) or outgoing (EGRESS) traffic, not both.
  • Target – target subnet. Firewall rule applies to any IP address is displayed as “0.0.0.0/0” for IPv4 and as “::/0” for IPv6.
  • Protocol – internet protocol for which the rule applies. If protocol value is ‘Any’, the firewall rule applies for all protocols.
  • From Port, to Port – range of ports for which the rule applies. If ports values are not specified, the firewall rule applies for all ports.



For example:

  • ‘Rule 1’ allows outgoing traffic to any IP address using any protocol.
  • ‘Rule 2’ denies incoming traffic from a specific subnet (108.162.192.0/18) using TCP port 443.
Name Source Allow/Deny Direction Target Protocol From Port To Port
Rule 1 AWS Instance Security Group Allow EGRESS 0.0.0.0/0 Any
Rule 2 AWS Instance Security Group Deny INGRESS 108.162.192.0/18 TCP 443 443

Hard Drives

The Hard Drives table lists hard drives installed on the device, including their file system, total and free sizes.

HardDrives.png

Installed Software

The Installed Software table lists installed software on the device, including its version and vendor.

InstalledSW.png

Local Admins

The Local Admins table lists admin users identities logged on to this device.

image.png

Network Interfaces

The Network Interfaces table lists network interfaces collected by the different adapters, including MAC addresses, IP addresses and subnet addresses.

NWInterces.png

Open Ports

The Open Ports table lists ports open to the world, including the access protocol and the service name.

Note:
The table is displayed only if collected from 'Enrich Device Data with Shodan' or from the following adapters: Amazon Web Services (AWS) with Shodan, Censys, Forescout CounterACT, CyCognito CyCAST Platform, Nmap Security Scanner, Qualys Cloud Platform.

OpenPorts.png

OS Installed Security Patches

The OS Installed Security Patches table lists installed security patches on the device, for Windows devices.

image.png

OS Available Security Patches

The OS Available Security Patches table lists available security patches on the device, for Windows devices.

image.png

Qualys Vulnerabilities

The Qualys Vulnerabilities table lists vulnerabilities fetched from Qualys Cloud Platform adapter connections.

Rapid7 Vulnerabilities

The Rapid7 Vulnerabilities table lists vulnerabilities fetched from Rapid7 Nexpose and InsightVM adapter connections.

Running Processes

The Running Processes table lists running processes collected from the device.

Services

The Services table lists running and stopped services collected from the device.

Shares

The Shares table lists shared folders on the device, including the name, description and the path

image.png

Users

The Users table lists user identities logged on to this device, including SID, username, last use time and indications whether the user us local and/or active user.

image.png

Vulnerable Software

The Vulnerable Software table lists vulnerable software and vulnerability details, including:

  • CVE ID - link to the CVE details in the NIST National Vulnerability Database (NVD).
  • Software Name and Software Vendor - If the CVE is applicable for multiple software, these field are populated as "Multiple Software" and "Multiple Vendors".
  • Common Vulnerability Scoring System (CVSS) - with a v2.0 or v3.0 rating as was fetched from source.
  • CVE severity - LOW/MEDIUM/HIGH/CRITICAL value which is based on the CVSS rating.
  • CVE description, synopsis and reference

image.png



First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.