Guide

Create Device Posture report

Suggest Edits

Create an inventory report

You can generate configurable device inventory reports and narrow down the displayed information to specific devices.

  1. In the Enterprise Center navigation menu, select Application Access > Reports > Device Inventory.

  2. On the report page, you can see the complete unfiltered inventory data. To apply filters to your inventory report, click the filter icon, and, next, click Add Report Filter (+).

  3. From the list of criteria, select, for example, OS. Next, select macOS and Windows.

📘

When you select more than one entry for the same criterion, the report includes devices that match any of the selected entries. Based on the following values, the report contains devices running either Windows or macOS.

  1. To add more criteria, click Add to Filter. From the list of criteria, select, for example, Firewall, and select Poor.
    With those filtering settings, the inventory report includes devices that match both - the OS and the firewall -criteria. If you do not specify any criteria values, the inventory is not be filtered.

📘

Make sure multiple selections are not mutually exclusive. For example, if one criterion specifies that biometrics is enabled, make sure that any added criteria are applicable to mobile devices.

  1. To save the report, enter a report name, and click Save.

  2. To view details about the selected device in the report, click the device's name.
    This opens the Device Details report that contains the following sections:

    • Details. Displays signal data collected from the device.

    • Posture. Displays a list of tiers and tags that a given device is part of. In other words, the selected device meets the conditions of tiers and tags that you can find in this tab. In the Posture tab, you can also check remediation hints.

    • Integrations. Displays information about 3rd party integrations.
      This tab displays for devices that have installed EAA Client, Carbon Black or CrowdStrike anti-malware software.

📘

Note

Make sure your Carbon Black or CrowdStrike credentials are not expired, otherwise devices belonging to those integrations will have stale data.

For CrowdStrike integration, if the device was successfully reporting status to Crowdstrike before the credentials expire, EAA will mark it as healthy for up to 50 minutes after the last time EAA saw that the device reported to Crowdstrike (40 minutes for Crowdstrike and 10 minutes for EAA).

For Carbon Black integration, if the device was successfully reporting status to Carbon Black before the credentials expired, EAA will mark it as healthy for up to 20 minutes after the last time EAA saw that the device reported to Carbon Black (up to 10 minutes each for Carbon Black and EAA).

  • Threats. Displays vulnerabilities existing in the network.
    This tab displays for devices that run both EAA Client and ETP Client.
  1. Click Close to exit the device details.

Create an inventory report for devices matching certificate profiles

You can use device inventory reports to identify devices that match configured certificate profiles.

Prerequisites:

  1. In the Enterprise Center navigation menu, select Application Access > Reports > Device Inventory.

  2. On the report page, you can see the complete unfiltered inventory data. To apply filters to your inventory report, click the filter icon, and, next, click Add Report Metric (+).

  3. From the list of criteria, select Certificate Profile(s).

  4. From the Certificate Profile(s) list, select the previously configured certificate profile or profiles.
    You may select up to three certificate profiles.

  5. Click View report.
    The inventory report returns devices that match any of the selected certificate profiles.

Create a device history report

To monitor the history of signal changes (for example for troubleshooting) create a device signal history report for a given device and see when it sent signals to the Device Posture server for the list time. For example, see when firewall status changed from good to poor.

  1. In the Enterprise Center navigation menu, select Application Access > Reports > Device Inventory.

  2. Search for and copy the device ID for which you want to see the history data.

  3. In the Enterprise Center navigation menu, select Application Access > Reports > Device History.

  4. In Device ID, paste the previously copied Device ID value and select Show History.
    A device history report corresponding to the selected Device ID displays. Each entry represents time and date when the signal for the selected device changed.

  5. To find out when the firewall status changed, scroll through the paginated report results.

  6. To view an application access report, click View Device Access Logs.

  7. To save the report, enter a report name, and click Save.

Create a Device Posture blocked report

Two preset Device Posture Blocked reports provide information about access denials due to the Device Posture rules added to application ACLs:

  • The Top Device Posture Blocked Applications report shows the applications to which access was denied and the number of access denials.

  • The Top Device Posture Blocked Users reports shows the users that were denied access and the number of times they were denied access.

  1. In the Enterprise Center navigation menu, select Application Access > Reports > Preset Access Reports.

  2. To select a date range click the calendar or select a predefined time frame (from Yesterday to Last month).

  3. Click Apply.

  4. Open the provided report menu, and select Top Device Posture Blocked Applications or Top Device Posture Blocked Users.
    The report displays a filtered list of results based on the provided report profile.

  5. To save the report, enter a report name and click Save.

Create an application access denial report

You can create an access denial report to troubleshoot access problems. In situations when you are investigating security incidents, especially if there is a pattern of access denials, you can use this type of report to check device compliance with the application access controls rules. See Troubleshoot access denied issues for more information.

  1. In the Enterprise Center navigation menu, select Application Access > Reports > Application Access.

  2. On the report page, you can see the complete unfiltered application access data.

  3. To enter criteria for the report, click the filter icon, and, next, click Add Report Metric (+).

  4. In the criteria list, click Application, and select application or applications for which you want to generate the report.

  5. Click Add Metric and, from the criteria list, select one or both of the following criteria entries:

CriteriaValues
Device TypeSelect the device types to include in the report:

  • Managed: devices running the EAA Client.

  • Unmanaged: devices not running the EAA Client.

Device Posture DenySelect the device posture rule (or rules) that caused access denial.

Tip: If you select multiple rules, the report contains devices that match any of the rules.

  1. To select a date range click the calendar or select a predefined time frame (from Yesterday to Last month).

  2. Click Apply.

  3. Click View Report to display the report.
    The report displays a filtered list of results based on the provided report profile.

  4. To save the report, enter a report name, and click Save.

Updated about 1 year ago