Device Profile Page - Aggregated Tab

The Aggregated tab on the Device Profile page displays consolidated and correlated data from all adapters about the device, on the Basic Info tab. A group of tabs show pre-defined highlighted/advanced sets of data from specific adapters. The tab name is shown in the left panel and the data on the right panel. The Advanced data tabs available depend on the data fetched on your system.

Basic Info

The Basic Info tab shows consolidated and correlated data from all adapters about the device. Hover over a field to display an arrow, then click the arrow next to the data to see the adapter or adapters that this information comes from.

Advanced Data Tabs

Each advanced data tab is displayed in a table. The first column displays the Adapter Connections column which lets you identify the source for each row, and the second column is sorted in ascending order. The tables consist of the following elements:

• Search bar - free text search on the table results
• Total results - the total number of displayed results is displayed on the top left side of the table
• Export CSV - export the displayed results to a CSV file. The functionality is as same as the Exporting Device and User Data to CSV.
• Navigation and pagination - by default, 20 results are displayed in each of the tables page. You can change the number of results per page and choose between 20, 50 or 100, by clicking the appropriate icon on the bottom left side of the table: .
  Moving between pages is done by the pagination bar on the bottom right side of the table:

The following tables may be displayed, depending on the collected data.

Agent Versions

The Agent Versions table lists the agents installed on the device.
Each agent details includes its name, its version and it status.

Connected Hardware

The Connected Hardware table lists registry logged connected hardware.

Firewall Rules

The Firewall Rules table lists firewall rules that define allowed or denied traffic to and from virtual machines.

Each rule consists of the following information:

• Name and Source - for example, AWS security group or GCP firewall rule.
• Allow / Deny - action is either allow or deny access.
• Direction - incoming (INGRESS) or outgoing (EGRESS) traffic, not both.
• Target – target subnet. Firewall rule applies to any IP address is displayed as “0.0.0.0/0” for IPv4 and as “::/0” for IPv6.
• Protocol – internet protocol for which the rule applies. If protocol value is ‘Any’, the firewall rule applies for all protocols.
• From Port, to Port – range of ports for which the rule applies. If ports values are not specified, the firewall rule applies for all ports.

For example:

• ‘Rule 1’ allows outgoing traffic to any IP address using any protocol.
• ‘Rule 2’ denies incoming traffic from a specific subnet (108.162.192.0/18) using TCP port 443.

Hard Drives

The Hard Drives table lists hard drives installed on the device, including their file system, total and free sizes.

Installed Software

The Installed Software table lists installed software on the device, including its version and vendor.

Local Admins

The Local Admins table lists admin users identities logged on to this device.

Network Interfaces

The Network Interfaces table lists network interfaces collected by the different adapters, including MAC addresses, IP addresses and subnet addresses.

Open Ports

The Open Ports table lists ports open to the world, including the access protocol and the service name.

OS Installed Security Patches

The OS Installed Security Patches table lists installed security patches on the device, for Windows devices.

OS Available Security Patches

The OS Available Security Patches table lists available security patches on the device, for Windows devices.

Qualys Vulnerabilities

The Qualys Vulnerabilities table lists vulnerabilities fetched from Qualys Cloud Platform adapter connections.

Rapid7 Vulnerabilities

The Rapid7 Vulnerabilities table lists vulnerabilities fetched from Rapid7 Nexpose and InsightVM adapter connections.

Running Processes

The Running Processes table lists running processes collected from the device.

Services

The Services table lists running and stopped services collected from the device.

Shares

The Shares table lists shared folders on the device, including the name, description and the path

Users

The Users table lists user identities logged on to this device, including SID, username, last use time and indications whether the user is local and/or active user.

Vulnerable Software

The Vulnerable Software table lists vulnerable software and vulnerability details, including:

• CVE ID - link to the CVE details in the NIST National Vulnerability Database (NVD).
• Software Name and Software Vendor - If the CVE is applicable for multiple software, these field are populated as "Multiple Software" and "Multiple Vendors".
• Common Vulnerability Scoring System (CVSS) - with a v2.0 or v3.0 rating as was fetched from source.
• CVE severity - LOW/MEDIUM/HIGH/CRITICAL value which is based on the CVSS rating.
• CVE description, synopsis and reference
• CVE Vector information

CISA Exploited Vulnerabilities

The CISA Exploited Vulnerabilities table displays additional details from the CISA catalog of existing CVEs of vulnerabilities detected in your software.

The details include:

• CVE ID - link to the CVE details in the NIST National Vulnerability Database (NVD).
• Vendor and Product - The vendor name and product name. If the CVE is applicable for multiple software, these fields are populated as "Multiple Software" and "Multiple Vendors".
• Action - Describes recommended action to mitigate the vulnerability.