Extended Software Inventory for Endpoints

In addition to normal software and hardware inventory information of an endpoint, its better that we also collect some other critical information for endpoint analysis,threat and security breach detection.

Extended Software Inventory

Users

 Collect information about user accounts on the endpoint.
 Information to collect  :
 
 1. User Name
 2. Domain to which the user is registered to
 3. Password Required or not
 4. Has Password expired or not
 5. Account Disabled or not
 6. User's group and quota details
 7. Status ? Account blocked due to bad password attempts etc.
 8. Last logged user
 

Services


 Service is a long-running executable that performs specific functions
 which is designed not to require user intervention.

 Information to collect :
 
 1. Display Name
 2. Service Name
 3. Path to Service executable
 4. Service type. ( eg. own process or share process )
 5. isStarted
 6. Start Mode (Manual or Automatic)
 7. State (running , paused , stopped)
 8. OwnerUserName (System , administrator)
 9. Service using maximum resources ( CPU , RAM )

CPU Meter 

 Information to collect :
 
 1. CPU Speed 
 2. Idle Time in %
 3. User Time in %
 4. Privileged Time in %
 5. Processor Time in %
 6. Total number of Processes
 7. Processor Queue Length

  Anti-virus Protection 

 Information to collect :
 
 1. Name of Anti-Virus Software Installed
 2. Service Names for the Anti-Virus
 3. Latest Definitions
 4. Last Scan Date
 5. Is Auto-scan enabled
 6. Is Auto-update enabled
 7. Health Status - Healthy , Need Update , Not Running ,
     Not Installed 
  Operating System Info.  


 Information to collect :
 
 1. Full OS Name and Service Pack Level
 2. OS Version Number
 3. OS Type
 4. Product ID
 5. Product Key (Win95, Win98, WinME only)
 6. Installation Date
 7. Uptime (days)
 8. OS Language (Language of the installed OS)
 9. System Language

 
  
Adobe Product Info.  


 Information to collect :
 
 1. Adobe Reader
 2. Adobe Acrobat
 3. Adobe Photoshop
 4. Adobe Photoshop Elements
 5. Adobe Illustrator
 6. Adobe InDesign
 7. Adobe GoLive
 8. Adobe ColdFusion
 9. Adobe Flash Player (IE)
 10. Adobe Flash Player (Mozilla)
 11. Adobe Shockwave Player
 12. Adobe Director

 
 Microsoft Remote Desktop  

 Information to collect :
 
 1. Remote Desktop - Enabled Status
 2. Remote Assistance Offering - Enabled Status
 3. Remote Assistance Offering - Helper Control Level
 4. Remote Assistance Offering - Authorized Assistance Users
     (users or groups who are authorized to offer remote assistance)
 5. ScreenSaver enabled in Remote Desktop Session
 6. Maximum Remote Desktop Connections




Related Article : Collecting Extended Inventory Data

0 comments:

Post a Comment

+