Collecting Extended Inventory Data for Endpoints

In addition to normal software and hardware inventory information of an endpoint, its better that we also collect some other critical information for endpoint analysis,threat and security breach detection.

Extended Hardware Inventory

 Collect information about printers connected to the endpoint.
 Information to collect  :
 1. Printer Name
 2. Driver Name and Version
 3. Is Local or Network Printer.

  USB Devices  

 Information to collect :
 1. Type of USB device. eg : Mass Storage, USB Hub, smart card reader etc. 
 2. Manufacturer and Vendor ID. eg : Lenovo , Samsung
 3. Port Number on which the device is connected.
 4. Serial Number. eg: every pen drive has a unique serial number.
 5. Device Class (reserved , hub etc) and Device address
 6. USB Version (1.1, 2.0 etc) and Host Controller (generally 0 except for USBHub)

PCI Devices  

 Typical PCI cards used in PCs include: network cards, sound cards etc.
 Modems,extra ports such as USB or serial, TV tuner cards and disk controllers 
 are also included as PCI devices.

 Information to collect :
 1. Name of the PCI - Peripheral Component Interconnect device 
 2. Type - Integrated onboard or Expansion slot


 Information to collect :
 1. Provider Name , Manufacturer
 2. Type - Internal , External
 3. Port Number.  eg. COM3
 4. Port Speed. eg. 115200
 5. Port Settings  eg. 8N1
 6. Inf file name


 Information to collect :
 1. Name
 2. Type - LCD , CRT
 3. Manufacturer and year manufactured
 4. Screen Resolution
 5. Color Depth ( eg. 32bit )
 6. Size in Inches

 Information to collect :
 1. Type - Standard 101,102, PS/2,Natural
 2. Number of Function Keys
 3. Manufacturer
Pointing Devices  

 Information to collect :
 1. Number of buttons (2 , 3 , with/without scroll)
 2. Model
 3. Manufacturer


Post a Comment