deviceTRUST 23.1.410 for Windows and macOS, and 23.1.400 for Ubuntu, iOS and IGEL OS 12 are now available.
×

Splunk Template

This template creates a configuration that reports the status of the remote device to Splunk. It can be found in the STATUS REPORT category when filtered for REMOTE platform.

deviceTRUST requires some simple but essential configuration steps to be performed to enable the template for your remoting and DaaS environments. We will guide you step-by-step through simple deviceTRUST configuration steps to enable the template within your remoting or DaaS environment.

We will perform the following steps:

  1. Step 1: Prerequisites
  2. Step 2: Contexts
  3. Step 3: Actions

Step 1: Prerequisites

If the required deviceTRUST components (Agent, Console, Client Extension and License) are not yet installed, please visit the Getting Started for Remote guide and complete step 1 to 5 and then continue here with step 2 below.

Step 2: Contexts

The template has imported the following contexts:

Context Description Customizations
Access Mode Defines if the remote device is internal or external to the corporate network. None
Antivirus Name Defines the available antivirus product used on the remote device. None
Antivirus Signature Status Defines the signature status of the active antivirus product used on the remote device. None
Antivirus Status Defines the status of the active antivirus product used on the remote device. None
Country Defines the country in which the remote device is located. None
Country Provider Defines the country provider that reports the country of the remote device. None
Device Identifier Defines the device identifier of the remote device. None
Device Type Defines the device type of the remote device. None
deviceTRUST Client Defines the availability of the deviceTRUST Client Extension on the remote device. None
Economic Region Defines the economic region the remote device is located within. None
Firewall Name Defines the available firewall product used on the remote device. None
Firewall Status Defines the status of the active firewall product used on the remote device. None
Hardware Bios Release Date Defines the hardware BIOS release date of the remote device. None
Hardware Model Defines the hardware model of the remote device. None
Hardware Role Defines the hardware role of the remote device. None
Hardware Secure Boot Defines the hardware secure boot of the remote device. None
Hardware Vendor Defines the hardware vendor of the remote device. None
Network Address Assignment Defines the network address assignment of the remote device. None
Network DHCP Server Defines the network DHCP server of the remote device. None
Network DNS Server Defines the network DNS server of the remote device. None
Network DNS Suffix Defines the network DNS suffix of the remote device. None
Network Gateway Defines the network gateway of the remote device. None
Network Gateway MAC Defines the network gateway mac address of the remote device. None
Network IP Address Defines the network ip address of the remote device. None
Network MAC Address Defines the network MAC address of the remote device. None
Network Subnet Defines the network subnet of the remote device. None
Operating System Description Defines the operating system description of the remote device. None
Operating System Disk Encryption Defines the operating system disk encryption of the remote device. None
Operating System Name Defines the operating system name of the remote device. None
Operating System Platform Defines the operating system platform of the remote device. None
Operating System Release Defines the operating system release of the remote device. None
Operating System Type Defines the operating system type of the remote device. None
Operating System Updates Defines if a recent update search has been performed and that all updates have been installed on the remote device. None
Operating System Version Defines the operating system version of the remote device. None
Override Defines if the session user is member of the override AD group. You can add one or more user groups from your Microsoft Active Directory (AD) to exclude group members from actions.
Region Keyboard Locale Defines the region keyboard locale of the remote device. None
Region Locale Defines the region locale of the remote device. None
Region Timezone Offset Defines the region timezone offset of the remote device. None
Remote Controlled Defines if the remote device is remote controlled. None
Remoting Client Protocol Defines the remoting protocol used for the session. None
Remoting Client Version Defines the version of the remoting client installed on the remote device. None
Secure Screen Saver Defines whether the remote device is using a secure screen saver. None
Security State Defines the security status of the remote device. None
Session User Domain Defines the user domain of the user account used within the session. None
Session User Name Defines the user name of the user account used within the session. None
User Authentication Defines the authentication of the user account used on the remote device. None
User Privileges Defines the privileges of the user logged into the remote device. None
Virtualized Defines if the remote device is virtualized. None
VPN Connected Defines if a network adapter of the remote device is connected to a VPN network. None
Wi-Fi Security Mode Defines if the remote device is connected to a secure Wi-Fi network. None
Note:
  • If a context is not needed, it can be deactivated or deleted. In addition, the corresponding task sequence within the relevant action must be deleted too.

Step 3: Actions

The template contains an active reporting action that submits the status of the remote device to the appropriate source.

Action Description Default State Customizations
Status Report - Splunk
 
 
 
 
Reports the status of the remote device to Splunk.
 
 
 
 
Deactivated
 
 
 
 
You must update the following context condition with data suitable for your environment:

WEB REQUEST STATUS REPORT
When using Splunk for status reporting, replace YOUR_SPLUNK_SERVER:8088 and YOUR_SPLUNK_AUTH_TOKEN with your Splunk configuration.
Example: dtldss02.demo.devicetrust.local:8088
Note:
  • If the action have been disabled, the contexts will still be created.

Troubleshooting

If your deviceTRUST installation or configuration does not work as expected, you can use the Troubleshooting guide to start troubleshooting.