Splunk Template
This template creates a configuration that reports the status of the remote device to Splunk. It can be found in the STATUS REPORT
category when filtered for REMOTE
platform.
deviceTRUST requires some simple but essential configuration steps to be performed to enable the template for your remoting and DaaS environments. We will guide you step-by-step through simple deviceTRUST configuration steps to enable the template within your remoting or DaaS environment.
We will perform the following steps:
Step 1: Prerequisites
If the required deviceTRUST components (Agent, Console, Client Extension and License) are not yet installed, please visit the Getting Started for Remote guide and complete step 1 to 5 and then continue here with step 2 below.
Step 2: Contexts
The template has imported the following contexts:
Context | Description | Customizations |
---|---|---|
Access Mode | Defines if the remote device is internal or external to the corporate network. | None |
Antivirus Name | Defines the available antivirus product used on the remote device. | None |
Antivirus Signature Status | Defines the signature status of the active antivirus product used on the remote device. | None |
Antivirus Status | Defines the status of the active antivirus product used on the remote device. | None |
Country | Defines the country in which the remote device is located. | None |
Country Provider | Defines the country provider that reports the country of the remote device. | None |
Device Identifier | Defines the device identifier of the remote device. | None |
Device Type | Defines the device type of the remote device. | None |
deviceTRUST Client | Defines the availability of the deviceTRUST Client Extension on the remote device. | None |
Economic Region | Defines the economic region the remote device is located within. | None |
Firewall Name | Defines the available firewall product used on the remote device. | None |
Firewall Status | Defines the status of the active firewall product used on the remote device. | None |
Hardware Bios Release Date | Defines the hardware BIOS release date of the remote device. | None |
Hardware Model | Defines the hardware model of the remote device. | None |
Hardware Role | Defines the hardware role of the remote device. | None |
Hardware Secure Boot | Defines the hardware secure boot of the remote device. | None |
Hardware Vendor | Defines the hardware vendor of the remote device. | None |
Network Address Assignment | Defines the network address assignment of the remote device. | None |
Network DHCP Server | Defines the network DHCP server of the remote device. | None |
Network DNS Server | Defines the network DNS server of the remote device. | None |
Network DNS Suffix | Defines the network DNS suffix of the remote device. | None |
Network Gateway | Defines the network gateway of the remote device. | None |
Network Gateway MAC | Defines the network gateway mac address of the remote device. | None |
Network IP Address | Defines the network ip address of the remote device. | None |
Network MAC Address | Defines the network MAC address of the remote device. | None |
Network Subnet | Defines the network subnet of the remote device. | None |
Operating System Description | Defines the operating system description of the remote device. | None |
Operating System Disk Encryption | Defines the operating system disk encryption of the remote device. | None |
Operating System Name | Defines the operating system name of the remote device. | None |
Operating System Platform | Defines the operating system platform of the remote device. | None |
Operating System Release | Defines the operating system release of the remote device. | None |
Operating System Type | Defines the operating system type of the remote device. | None |
Operating System Updates | Defines if a recent update search has been performed and that all updates have been installed on the remote device. | None |
Operating System Version | Defines the operating system version of the remote device. | None |
Override | Defines if the session user is member of the override AD group. | You can add one or more user groups from your Microsoft Active Directory (AD) to exclude group members from actions. |
Region Keyboard Locale | Defines the region keyboard locale of the remote device. | None |
Region Locale | Defines the region locale of the remote device. | None |
Region Timezone Offset | Defines the region timezone offset of the remote device. | None |
Remote Controlled | Defines if the remote device is remote controlled. | None |
Remoting Client Protocol | Defines the remoting protocol used for the session. | None |
Remoting Client Version | Defines the version of the remoting client installed on the remote device. | None |
Secure Screen Saver | Defines whether the remote device is using a secure screen saver. | None |
Security State | Defines the security status of the remote device. | None |
Session User Domain | Defines the user domain of the user account used within the session. | None |
Session User Name | Defines the user name of the user account used within the session. | None |
User Authentication | Defines the authentication of the user account used on the remote device. | None |
User Privileges | Defines the privileges of the user logged into the remote device. | None |
Virtualized | Defines if the remote device is virtualized. | None |
VPN Connected | Defines if a network adapter of the remote device is connected to a VPN network. | None |
Wi-Fi Security Mode | Defines if the remote device is connected to a secure Wi-Fi network. | None |
- If a context is not needed, it can be deactivated or deleted. In addition, the corresponding task sequence within the relevant action must be deleted too.
Step 3: Actions
The template contains an active reporting action that submits the status of the remote device to the appropriate source.
Action | Description | Default State | Customizations |
---|---|---|---|
Status Report - Splunk
|
Reports the status of the remote device to Splunk.
|
Deactivated
|
You must update the following context condition with data suitable for your environment:
WEB REQUEST STATUS REPORT
When using Splunk for status reporting, replace YOUR_SPLUNK_SERVER:8088 and YOUR_SPLUNK_AUTH_TOKEN with your Splunk configuration. Example: dtldss02.demo.devicetrust.local:8088 |
- If the action have been disabled, the contexts will still be created.
Troubleshooting
If your deviceTRUST installation or configuration does not work as expected, you can use the Troubleshooting guide to start troubleshooting.