deviceTRUST 23.1.410 for Windows and macOS, and 23.1.400 for Ubuntu and iOS are now available.
×
Search

ELK Stack Template

This template creates a configuration that reports the status of the local device to ELK Stack. It can be found in the STATUS REPORT category when filtered for LOCAL platform.

deviceTRUST requires some simple but essential configuration steps to be performed to enable the template for your local environment. We will guide you step-by-step through simple deviceTRUST configuration steps to enable the template within your local environment.

We will perform the following steps:

  1. Step 1: Prerequisites
  2. Step 2: Contexts
  3. Step 3: Actions

Step 1: Prerequisites

If the required deviceTRUST components (Agent, Console and License) are not yet installed, please visit the Getting Started for Local guide and complete step 1 to 4 and then continue here with step 2 below.

Step 2: Contexts

The template has imported the following contexts:

Context Description Customizations
Antivirus Name Evaluates the active antivirus product used on the local device. None
Antivirus Signature Status Evaluates the signature status of the active antivirus product used on the local device. None
Antivirus Status Evaluates the status of the active antivirus product used on the local device. None
Country Evaluates the country in which the local device is located. None
Country Provider Evaluates the country provider that reports the country of the local device. None
Device Identifier Evaluates the device identifier of the local device. None
Device Type Evaluates the device type of the local device. None
Economic Region Evaluates the economic region the local device is located within. None
Firewall Name Evaluates the available firewall product used on the local device. None
Firewall Status Evaluates the status of the active firewall product used on the local device. None
Hardware Bios Release Date Evaluates the hardware BIOS release date of the local device. None
Hardware Model Evaluates the hardware model of the local device. None
Hardware Role Evaluates the hardware role of the local device. None
Hardware Secure Boot Evaluates the hardware secure boot settings of the local device. None
Hardware Vendor Evaluates the hardware vendor of the local device. None
Network Address Assignment Evaluates the network address assignment type of the local device. None
Network DHCP Server Evaluates the network DHCP server of the local device. None
Network DNS Server Evaluates the network DNS server of the local device. None
Network DNS Suffix Evaluates the network DNS suffix of the local device. None
Network Gateway Evaluates the network gateway of the local device. None
Network Gateway MAC Evaluates the network gateway mac address of the local device. None
Network IP Address Evaluates the network ip address of the local device. None
Network MAC Address Evaluates the network MAC address of the local device. None
Network Subnet Evaluates the network subnet of the local device. None
Operating System Description Evaluates the operating system description of the local device. None
Operating System Disk Encryption Evaluates the operating system disk encryption of the local device. None
Operating System Name Evaluates the operating system name of the local device. None
Operating System Platform Evaluates the operating system platform of the local device. None
Operating System Release Evaluates the operating system release of the local device. None
Operating System Type Evaluates the operating system type of the local device. None
Operating System Updates Evaluates if a recent update search has been performed and that all updates have been installed on the local device. None
Operating System Version Evaluates the operating system version of the local device. None
Override Evaluates if the session user is member of the override AD group. You can add one or more user groups from your Microsoft Active Directory (AD) to exclude group members from actions.
Region Keyboard Locale Evaluates the region keyboard locale of the local device. None
Region Locale Evaluates the region locale of the local device. None
Region Timezone Offset Evaluates the region timezone offset of the local device. None
Remote Controlled Evaluates if the local device is remote controlled. None
Secure Screen Saver Evaluates whether the local device is using a secure screen saver. None
Security State Evaluates the security status of the local device. None
Session User Domain Evaluates the user domain of the user account used within the session. None
Session User Name Evaluates the user name of the user account used within the session. None
User Authentication Evaluates the authentication of the user account used on the local device. None
User Privileges Evaluates the privileges of the user logged into the local device. None
Virtualized Evaluates if the local device is virtualized. None
VPN Connected Evaluates if a network adapter of the local device is connected to a VPN network. None
Wi-Fi Security Mode Evaluates if the local device is connected to a secure Wi-Fi network. None
Note:
  • If a context is not needed, it can be deactivated or deleted. In addition, the corresponding task sequence within the relevant action must be deleted too.

Step 3: Actions

The template contains an active reporting action that submits the status of the local device to the appropriate source.

Action Description Default State Customizations
Status Report - ELK Stack
 
 
 
 		 Reports the status of the local device to ELK Stack.
 
 
 
 		 Deactivated
 
 
 
 		 You must update the following context condition with data suitable for your environment:

WEB REQUEST STATUS REPORT
When using ELK Stack for status reporting, replace YOUR_ELKSTACK_SERVER:9200 with your ELK Stack configuration.
Example: dtldss02.demo.devicetrust.local:9200
Note:
  • If the action have been disabled, the contexts will still be created.

Troubleshooting

If your deviceTRUST installation or configuration does not work as expected, you can use the Troubleshooting guide to start troubleshooting.