6.1.6. Agent Tags
This section features a list of the tags generated from the data collected by the Agent.
Prefix |
Tag Name |
Comment |
Samples |
|---|---|---|---|
BDA |
BLUETOOTH DEVICES AVAILABLE |
Tag with the list of devices available |
BDA_PXC_550 |
BDC |
BLUETOOTH DEVICE CONNECTED |
Tag with the current connected device |
BDC_CAR |
CBE |
CHROME BROWSER EXTENSION |
Tag with the list of chrome extensions |
CBE_GMAIL_8.3, CBE_YOUTUBE_4.2.8 |
CAI |
CA CERTIFICATE ISSUER |
Tag with the issuer of a ca cert |
CAI_DIGICERT_ASSURED_ID_ROOT_CA |
DDI |
DEVICE DOMAIN INFO |
Tag that displays Windows Domain information based on Agent payloads (Full, SessionChanges and Recover). |
DDI_JOINED_DOMAIN, DDI_STATE_DOMAINJOINED, DDI_DOMAIN_NAME_ACME |
DDP |
DEVICE DESTINATION PORT |
Ports to which the device is attempting to connect |
DDP_TCP_80, DDP_TCP_22, DDP_UDP_53 |
DOP |
DEVICE OPEN PORT |
Open ports on devices |
DOP_TCP_443, DOP_TCP53, DOP_TCP_80 |
DOS |
DEVICE OPERATING SYSTEM |
Device os name |
DOS_WINDOWS_10, DOS_WINDOWS_8 |
EBE |
EDGE BROWSER EXTENSION |
Tag with the list of edge extensions |
EBE_MCAFEE_WEBADVISOR_4.1.0.0 |
FBE |
FIREFOX BROWSER EXTENSION |
Tag with the list of firefox extensions |
FBE_WIKIPEDIA_EN_1.1, FBE_BING_1.3 |
HDT |
HARDWARE DEVICE TYPE |
Hardware type definition physical or virtual |
HDT_VMGUEST, HDT_BAREMETAL, HDT_MACRANDOM |
IAI |
INTERNAL APPLICATION INSTALLATION |
Device installed applications |
IAI_EDGE, IAI_FIREFOX |
ISS |
INTERNAL SECURITY STATUS |
Device security status |
ISS_AV_ENABLED, ISS_ACTIVE_ADMIN_USER, ISS_AV_PRODUCT_CROWDSTRIKE_FALCON_SENSOR, ISS_FW_PRODUCT_FIREWALL_DE_WINDOWS, ISS_WINDOWS_PENDING_UPDATES, ISS_SYSTEM_UPDATES_UNKNOWN, ISS_SYSTEM_UPDATES_ENABLED, ISS_SYSTEM_UPDATES_DISABLED, ISS_WINDOWS_UPDATED, ISS_BITLOCKER, ISS_BITLOCKER_DRIVE_C |
NCA |
NON COMPLIANCE APPLICATION |
Applications under required version |
NCA_ACROBAT_READER, NCA_TEAMVIEWER |
NCS |
NON COMPLIANCE SECURITY FEATURES |
Security features non compliant |
NCS_AVUPDATE, NCS_FWUPDATE, NCS_BITLOCKER, NCS_BITLOCKER_DRIVE_D |
ONC |
openNAC TAGS |
Tag defined by openNAC |
ONC_ARCH_X64, ONC_AGENT, ONC_WIN_AGENT |
RDI |
RELEASE DATE ID |
Device os release date id |
RDI_WINDOWS_10_1703, RDI_WINDOWS_10_1803 |
ROS |
ROOT OPERATING SYSTEM |
Root device os name |
ROS_WINDOWS, ROS_MACOS, ROS_LINUX |
UCD |
USB CONNECTED DEVICE |
USB connected device |
UCD_80EE_0030 |
UIP |
UPDATE INSTALLATION PENDING |
Pending updates |
UIP_KB2267602 |
UIS |
UPDATE INSTALL STATUS |
Tags that indicate the update status of a system |
UIS_AMOUNT_UPDATES_PENDING_2, UIS_OLDEST_UPDATE_PENDING_15, UIS_SEVERITY_UPDATES_PENDING_UNKNOWN, UIS_SEVERITY_UPDATES_PENDING_CRITICAL, UIS_SEVERITY_UPDATES_PENDING_IMPORTANT, UIS_SEVERITY_UPDATES_PENDING_MODERATE, UIS_SEVERITY_UPDATES_PENDING_LOW |
VOS |
VERSION OPERATING SYSTEM |
Device version os name |
VOS_WINDOWS_10_PRO, VOS_WINDOWS_10_ENT |
WSA |
WIFI SSID AVAILABLE |
Tag with the list of ssid available |
WSA_WLAN_3021 |
WCS |
WIFI CURRENT SSID |
Tag with the current connected ssid |
WCS_CASA |