- Get Started with Attack Surface Insights
- View Entities in Attack Surface Insights
- Search for Entities in Attack Surface Insights
- Edit Entities in Attack Surface Insights
- Entity Attributes
Device Entity Attributes
Review all attributes available in Attack Surface Insights for device entities.
Some of these attributes are searchable only and are not available in entity details.
Entity Attribute | Definition | Example | Source |
|---|---|---|---|
Host Name | The name of the device. | Barbaras-MacBook-Pro | Event |
IP Address | A list of IP addresses for the device. Can include IPv4, IPv6, and external or local addresses. | 123.4.567.890 | Context |
Security Criticality | The level of potential organizational risk if the entity becomes compromised. | High | Attack Surface Insights |
Tags | Labels or keywords you create and add to entities to categorize them or indicate they have a certain characteristic. | Critical Device | Attack Surface Insights |
Owner | The user assigned to manage the device. May not represent the user with administrator privileges on the device. | Barbara Salazar | Context |
Network Zone | The local zone or network segment in which the device is located. | Event | |
Location | The manually-entered, physical location for the device, not based on a geographic location. | Eng Lab 301 | Context |
Platform | The virtual environment or application in which an associated event occurred. | MacOS | Event |
Current User | The user currently logged into the device. | Barbara Salazar | Context |
Last Failed Login | The time when someone or something last failed to log in to the device. | 10/26/2023, 3:37:23 PM | Context |
Failed Logon Count | The number of times someone or something failed to log in to the device. | 20 | Context |
MAC Address | The MAC address of the device. | 01-23-45-67-89-ab | Context |
Read Only | Whether the device is an Active Directory read-only computer object stored on a Read-Only Romain Controller (RODC). | Context | |
Description | A description of the device. | Computer123ABC | Context |
Patch Info | The last build number or patch version installed on the device. | 10.10.2 | Context |
Event ID | The ID of the event associated with the device entity. | 12a34567-b8c9-01de-2fgh-3i45i6j7k89l | Event |
Last Logged User | The last user who was logged into the device. | Event | |
Netboot Path | The default boot path for a diskless workstation. |
| Context |
Organization Unit | The Active Directory organizational unit to which the device belongs and its location in the directory hierarchy. | Application Platform:Engineering | Context |
Device OS | The operating system of the device. | MacOS | Context |
Device OS Version | The version of the device operating system. | Sequoia | Context |
Endpoint Group | Groups to which the device belongs. | Cert Publishers:Users:Pre-Windows 2000 Compatible Access:BuiltinCert Publishers:Users:Pre-Windows 2000 Compatible Access:Builtin | Context |
Endpoint Purpose | The role of the device. | Domain Controller | Context |
Disabled Status | Whether the device is enabled or disabled. | Enabled | Context |
Rule Name | The Attack Surface Insights rule that determined the security criticality and tags for the user entity. | Privileged Devices | Attack Surface Insights |