The Endpoints page in the console displays sensor status and details. This topic describes this page for users who are using Sensor Groups to manage assets.
The Endpoints tab on the Endpoints page displays all deployed sensors by default.
You can limit which sensors to display by using the Filters options in the left pane. See Endpoint Filters.
To export the table data into a CSV file, click the Export button in the upper right section of the page.
You can define which columns display in the results table. Click Configure Table at the bottom of the page to hide or display columns.
The resulting sensor data displays in the following columns by default.
The Status column indicates the state of a sensor and any administrator actions that have been taken on the sensor. This column can contain multiple icons to indicate the sensor state.
|Sensor has checked in within the last 30 days.
|Sensor has been put into Bypass mode by an administrator. All policy enforcement on the device is disabled and the sensor does not send data to the cloud. Sensors also enter Bypass mode briefly during a sensor update. See Bypass Reasons.
|Sensor has been deregistered or uninstalled; it will persist on the Endpoints page in this state until it is removed.
|Sensor is reporting errors.
|Sensor has not checked in within the last 30 days.
|Sensor has not been installed following an installation request email sent to a user.
|Sensor is pending an update.
|Sensor has been put into Quarantine mode. It is isolated from the network to mitigate the spread of potentially malicious activity.
Note: Quarantine is not supported for Linux sensors before version 2.13.
|Sensor out of date
|Sensor is not using the current available sensor release version and is eligible for update.
The Name column represents the Device ID of the endpoint.
The User column displays user data based on the OS and the sensor version.
macOS 3.3.2+ versions display the last active user logged in to the device.
Windows 3.5+ versions display the last active user logged in every 8 hours; if there is no interactive user logged in within the 8 hour window, a noninteractive user name can appear.
Previous macOS and Windows versions display the user who installed the sensor.
Linux versions are intentionally left blank because multiple, simultaneous logged-in users and desktop users are possible.
The OS column lists the operating system that is running on the endpoint.
The Group/Policy column lists the group to which the sensor belongs (if any), how its policy was assigned, and the name of the assigned policy. If a sensor is not a member of a sensor group and was manually assigned a policy, it is listed as Manually assigned. If the sensor metadata does not match any group criteria, it is listed as Unassigned.
The Signature column displays an icon that represents the status of each sensor signature version.
|Up to date
|Signature version is current. The installed signature version was released within 7 days of the current date.
|Out of date
|Signature version is out of date. The installed signature version has not been released within 7 days of the current date.
|Signature version is not yet reported or is unidentifiable. Signatures can display as not reported if the local scan is not configured or if the sensor encountered an error after the local scan was configured.
|Unidentifiable sensor signature version. This presents for macOS and Linux sensors.
The Sensor column lists the sensor version that is running on the endpoint.
The Target column lists the target value of the endpoint. This value can be Critical, High, Medium, or Low.
The Last Check-in column displays the last time and date that the sensor checked in with the Cloud.
The Actions column lists the actions that you can perform on the endpoint.
Click the icon to investigate any events that have occurred on the endpoint.
Click the > icon to open an Endpoint Details panel that provides more details about the selected endpoint.