The Endpoints page of the OneView console improves efficiency and reduces time to perform actions across multiple sites. To navigate to the Endpoints page, on the left navigation pane, click Manage > Endpoints.
Endpoints
For different actions you can perform in the Endpoints page, see the following:
To add endpoints, click the Add Endpoints button to take you to OneView's Downloads page.
Connection status
View the endpoint's real-time WebSocket connection status using the Connection column on the Endpoints page. This indicates whether the endpoint agent is connected to the console, not if the endpoint is online or offline. If this column is missing from the page, see Add or Remove columns.
Note: Endpoints showing a connection status of Inactive or Not available check in with a 5-minute polling interval for tasks and changes. Filter endpoints by Today in the Last Sync column to verify active communication. The Last sync date should continue to update, even when the green dot doesn't display or the Last connected date isn't updating.
The indicator shows the following status colors and options:
| Icon | Status |
|---|---|
| Active: The green status indicator displays when the WebSocket connection on the endpoint is active. Real-time communication occurs between the endpoint and OneView to receive and process tasks or changes. This also affects the Last Connected date in the console, which is the last time the endpoint connected to the ThreatDown servers. | |
|
Inactive: The gray status indicator displays during any of the following:
|
|
|
Not available: The connection status is unavailable for endpoints running the following operating systems:
|
Endpoint details
In the table, click an endpoint name to open a slide out with the endpoints details. All dates and times shown are relative to your browser settings.
- Overview: Displays the endpoint name, version information, host and agent information, Operating System, Network Interfaces, Memory information, and Storage device information.
- Active Detections: Displays detections found that need remediation. These detections are found either by the Scan + Report action or by a scan with the automatic quarantine option disabled.
- Quarantined Detections: Displays files quarantined by the Scan + Quarantine action or scheduled scans with the automatic quarantine option enabled. Quarantined files are isolated from the endpoint operating system to prevent potential infection.
- Detection Log: Displays all detections. Selectable by type and actions taken.
- Suspicious Activity: Displays Suspicious Activity events found. Requires an Endpoint Detection and Response subscription.
-
Device Distinguished Name: The full Active Directory distinguished name (DN) for the endpoint’s computer object, showing its complete location in your AD hierarchy.
- Example: CN=LAPTOP01,OU=Workstations,OU=IT,DC=company,DC=com
- Vulnerabilities :Displays software vulnerabilities found on the endpoint.
- Application Block: Displays Application Block activity on the endpoint.
- Software: Displays the software installed on the endpoint.
- Events: Displays logged activities on the endpoint and their severity.
- Tasks: Displays the status of requested or completed operations on the endpoint.
- Scan History: Displays scan records up to 30 days old, their Total Detections, Type, and Origin.
- Updates/Patches: Displays the installed and available software patches for the endpoint.
- Startup Programs: Displays startup programs on the endpoints.
- Audit Log: Displays subscription and protection level changes on endpoints due to add-ons or policy changes.
Refresh assets using Actions > Scans > Scan Inventory & Vulnerability or schedule an Asset Inventory Scan to force a refresh at a specified time. Scheduled asset refreshes can be helpful if you need frequent Endpoint Properties updates.
When you refresh assets on your endpoint, the following tabs/sections update:
-
Overview
- Memory Objects: Physical and virtual memory of the endpoints.
- Storage Devices: Connected storage, USB storage, and other devices.
- Software: Software installed on the endpoint.
- Updates: Software updates that occurred on the endpoint.
- Startup Programs: Registry entries for installed startup programs on the endpoint.
Filter endpoints
OneView uses filters to simplify management tasks across many endpoints. The main area of the Endpoints screen shows the list of all endpoint data. Each column can be filtered to narrow the results. Use these column filters to focus on the most important information.
You can customize data in the results list in the following ways:
- Click Add / Remove Columns above the results list to choose which columns to display.
- Drag and drop certain column headers to the results bar to group data by those parameters.
- Use the filters
in the column headers to view specific data or Clear Filters to remove them all.
- Hover your cursor over a column header to reveal a hamburger icon
with options to pin and auto-size columns.
The Endpoints filter allows a search by endpoint name. Click the Endpoints filter icon and enter an endpoint host name or alias to narrow the endpoints displayed.
The Last Sync filter lists endpoints based on when they last checked in. Times shown are based on your browser's time zone.
Add or remove table columns
Click Add / Remove Columns above the results table to choose the column headers displayed on your results table. This will narrow or widen the endpoint information displayed on the results table, allowing you to customize your Endpoints page. Click and drag a column header left or right to rearrange the column order. Or, click and drag the edge of a column header to narrow or widen the column.
For endpoint review, we recommend displaying the following columns on the Endpoints page:
- Connection: Filter by the endpoint connection status.
-
Device organization units: Displays the Active Directory organizational unit path for the endpoint’s computer object in distinguished name format.
- Example: OU=Gwinnett,OU=Georgia,OU=Computers,DC=example,DC=com
-
Encryption status: Filter whether a device is:
- Fully Encrypted: All drives are encrypted
- Partially Encrypted: Some drives on the endpoint are encrypted.
- Not Encrypted: None of the drives are encrypted.
- Unknown: The endpoint agent is unable to determine the drives' encryption statuses.
- Additional insights for drives on an endpoint include: Drive name, Storage usage, Encryption status, and Encryption provider. Supported encryption methods:
- Windows: BitLocker
- macOS: FIleVault
- Linux: Linux Unified Key Setup (LUKS)
- Endpoint: Filter by the endpoint hostname.
- Group: Filter by the endpoint's group.
- Policy: Filter by the endpoint's policy.
- Status: Filter by status icon for each endpoint.
- Last Sync: Filter to determine if endpoints are checking in with OneView regularly.
- Last Scan date: Filter to investigate the last scan time.
- Protection Service Version: Filter to check the endpoint protection service version.
- OS release name: Filter for operating systems on each endpoint.
- OS type: Apply filters to differentiate between workstations and servers, identifying which endpoints are categorized as servers. Multi-session operating system licenses, such as Windows Enterprise for Virtual Desktop, are counted as servers.
- User name: Shows the user associated with the endpoint in Entra or on-premises Active Directory.
Export data
You can export endpoints to a spreadsheet to review the details of your selected endpoints. The endpoints table allows you to select all or a subset of columns and rows to copy the selected content. To export, follow the steps below:
- In the left-side navigation pane, click Manage > Endpoints.
- Check the boxes of the endpoints you want further details on.
- Right-click on the highlighted area.
- Click Export > CSV Export or Excel Export (.xlsx).
If the data size is too large to download, an email will be sent instead with a link to download the export.