Data points collected by activated policies

Absolute policies control the collection of hardware, software, usage, and system information from your devices. The Hardware policy is always activated by default, but you need to activate other policies if you want to monitor additional device information in the Absolute console. To learn about the specific data points that are collected when a particular policy is activated, refer to the appropriate section in this topic.

NOTE Depending on the Absolute licenses associated with your account, some data points may not be available.

Understanding the tables

Symbol / Value	Meaning
P	The Absolute agent collects the data point on the indicated platform and shows it in the Absolute console.
n/a	The data point does not apply to the indicated platform.
GAC	Absolute's Chromebook extension retrieves the data point directly from the Google Admin console and shows it in the Absolute console. Applies to Chromebooks only.
†	The Absolute agent collects the data point on the indicated platform but the data point is not shown in the Absolute console.
û	The Absolute agent does not detect the data point on the indicated platform because the platform does not make the data available, or because there is no requirement to collect this data.

Hardware

For any enrolled device, the Absolute agent and its Hardware Data Processing (HDP) component collect the following data points:

Data point	Device platform
Data point	Windows	Mac	Android	Chromebook
Agent specific data points
IdentifierThe unique Electronic Serial Number (ESN) assigned to the Absolute agent that is installed on a device.	P	P	P	P
Last connectedThe date and time when a device's Absolute agent last checked in to the Absolute Monitoring Center.	P	P	P	P
Agent StatusThe operating condition of an Absolute agent. Possible values are Active (indicates that the agent has connected to the Monitoring Center), Inactive (indicates that the agent has not yet connected to the Monitoring Center), and Disabled (indicates that the agent is either flagged for removal or removed from the device).	P	P	P	P
AgentA field and report column that shows the version number of the Absolute agent installed on a Windows or Mac device. The current Windows version is 978 (8.0.978.0). The current Mac version is 976.	P	P	†	†
Component managerThe Component manager is installed on top of the Absolute agent and manages the agent components responsible for initiating device actions and collecting device data. Most agent components are controlled by policies, such as the Hardware and Software policies. The current version for both Windows and Mac devices is 1.0.0.2510.	P	P	†	†
Component manager > StatusReport column that shows the status of the component manager (CM) installed on a Windows device. Possible values are: Healthy (the CM is communicating successfully with the Absolute Monitoring Center), Packet inspection detected ( the CM is not communicating with the Absolute Monitoring Center. To learn how to resolve this issue, hover over the icon and click "Learn more" in the tooltip), and No Data (the CM is not communicating with the Absolute Monitoring Center, or the status is not available because version 1.0.0.2116 or higher of the CM is not installed on the device, or the device is not a Windows device).	P	û	û	û
Persistence agentApplies to most Windows devices. A field and report column that shows the version number of the Absolute Persistence software embedded in the firmware of the device. See also Persistence technology.	P	n/a	†	n/a
Device data points
Device nameThe name assigned to the device in the operating system. For Chromebooks, device name is not applicable and therefore shows as "Chrome" in the Absolute console.	P	P	P	û
UsernameUsername of the user who was logged in to the device when an agent connection occurred. If no user was logged in during the most recent agent connection, the last detected username shows. If you are viewing a report and want to see if a user was logged in during the most recent connection, add the Current Username column to the report. If no user was logged in at the time of the connection, "No Data" or two em dashes (— —) show in the column.	P	P	n/a	P
DomainThe name of the device's Windows domain, if applicable.	P	P	n/a	n/a
Encryption Status	P	P	n/a	n/a
Full system name (called System name on Mac)	P	P	n/a	n/a
Operating System:
NameThe name and version of the operating system detected on a device. The operating system is software that manages the software and hardware installed on a computer and allows programs and services to run. It is responsible for the basic operations of a computer system.	P	P	P	P
VersionThe number that identifies the version of the operating system, which was detected by the Absolute agent. (for some Mac devices, Edition holds this information)	P	P	P	GAC
Edition	n/a	P	n/a	n/a
Build	P	P	n/a	n/a
CSDVersion / OS Service Pack	P	n/a	n/a	n/a
Architecture	P	n/a	n/a	P
Install date	P	P	n/a	n/a
Last boot time	P	P	n/a	n/a
Update build revision	P	n/a	n/a	n/a
Current build	P	n/a	n/a	n/a
Release ID	P	n/a	n/a	n/a
Edition ID	P	n/a	n/a	n/a
Manufacturer	P	n/a	n/a	n/a
Product key	P	û	n/c	n/a
Serial number	P	P	n/a	n/a
Windows directory	P	n/a	n/a	n/a
Other OS description	P	n/a	n/a	n/a
System Information:
Hard Drive (HD) Free SpaceThe amount of storage currently available on a hard disk, expressed in gigabytes.	P	P	n/a	n/a
Total physical memoryThe amount of dynamically accessible memory on a device, expressed in gigabytes. (bytes)	P	P	P	P
Available physical memory (bytes)	P	P	P	P
Total virtual memory (bytes)	P	P	n/a	n/a
Available Virtual Memory (bytes)	P	P	n/a	n/a
Local IP addressThe local Internet Protocol (IPv4) address that identifies a device connected to a private network.	P	P	P	P
Public IP addressThe public Internet Protocol (IPv4) address that identifies a device that is connected to the Internet.	P	P	P	P
Processor	P	û	P	û
Page file space (bytes)	P	n/a	n/a	n/a
Page file	P	n/a	n/a	n/a
Boot device	P	P	n/a	n/a
Locale	P	P	n/a	P
Name	P	P	n/a	P
System directory	P	P	n/a	n/a
Make The manufacturer of a device.	P	P	P	GAC
Model The manufacturer's designated name for the type of device.	P	P	P	GAC
System type	P	P	n/a	n/a
Serial numberThe identification number assigned to the device by the device manufacturer. For Windows devices, this value may correspond to the serial number of the BIOS, the motherboard, or the chassis, depending on the manufacturer.	P	P	P	GAC
Time zone	P	P	n/a	n/a
System integrity protection status	n/a	P	n/a	n/a
BIOS:
Release date	P	n/a	n/a	n/a
Language	P			n/a
Serial number	P			n/a
Version	P			GAC
SMBIOS version	P			n/a
SMBIOS major version	P			n/a
SMBIOS minor version	P			n/a
Manufacturer	P			n/a
Version date	P			n/a
Asset tag	P			n/a
Supervisor Password Status	P Supported models only			n/a
Battery:
ID	P	û	û	û
Name	P
Serial number	P
Capacity	P
Estimated charge remaining	P
Estimated runtime	P
Expected life	û
Max recharge time	û
Memory: NOTE The Absolute agent cannot collect memory information for MacBook Pro devices with an Apple M1 chip.
ID	P	n/a	See Memory and Storage	P
Part number	n/a	P		n/a
Manufacturer	P	P		n/a
Serial number	P	P		n/a
Size (bytes)	P	P		P
Slot	P	P		n/a
Speed	P	P		n/a
Type (or Type Detail)	P	P		n/a
Status	n/a	P		n/a
Chassis Type	P	n/a		n/a
CPU:
ID	P	P	P	P
Name	P	P	P	P
Architecture	P	P	n/a	P
Bus speed	û	P	n/a	n/a
Data width	P	û	n/a	n/a
Instruction set	û	P	n/a	n/a
Logical cores	P	P	n/a	n/a
Physical cores	P	P	n/a	n/a
Processor speedThe rate at which the computer processor computes, measured in megaHertz.	P	û	P	n/a
Processor number	û	û	n/a	P
L2 cache size	P	P	n/a	n/a
L2 cache speed	P	û	n/a	n/a
L3 cache size	P	P	n/a	n/a
L3 cache speed	P	û	n/a	n/a
CD ROM:
ID	P	n/a	n/a	n/a
Name	P
Drive	P
Manufacturer	P
Media loaded	P
Media Type	P
Description	P
Status	P
Transfer rate	P
PnP device ID	P
SCSI target ID	P
Sound Device: the following data points are collected for each detected sound device:
ID	P	n/a	û	û
Name (for Mac devices, this field also shows the ID)	P	P
Manufacturer	P	P
Camera: the following data points are collected for each detected camera:
ID	P	P	P	û
Name	P	P	n/a
Description	P	n/a	P
Model	û	P	n/a
Is Enabled	P	P	P
Display: the following data points are collected for each detected display:
ID	P	n/a	n/a	n/a
Name	P	n/a	n/a	P
PnP device ID	P	n/a	n/a	n/a
Adapter type	P	n/a	n/a	n/a
Adapter description	P	P	n/a	n/a
Manufacturer	P	P	n/a	n/a
Adapter RAM	P	n/a	n/a	n/a
Driver version	P	n/a	n/a	n/a
Number of colors	P	n/a	n/a	n/a
Resolution	P	n/a	P	P
Bits per pixel	P	n/a	n/a	n/a
Depth	n/a	P	n/a	n/a
Height	P	P	n/a	P
Width	P	P	n/a	P
Refresh rate	n/a	P	n/a	n/a
Horizontal resolution	†	n/a	†	n/a
Vertical resolution	†	n/a	†	n/a
Keyboards: the following data points are collected for each detected keyboard:
ID	P	n/a	n/a	û
Name	P	P
Description	P	n/a
Layout	P	n/a
PnP device ID	P	n/a
Number of function keys	P	n/a
Pointing Devices: the following data points are collected for each detected pointing device:
ID	P	P	n/a	û
Name	P	P
Manufacturer	P	P
Number of buttons	P	n/a
Power management supported	P	P
PnP device ID	P	n/a
Handedness	P	n/a
Hardware type	P	n/a
Mobile Broadband Adapter: the following data points are collected for each detected adapter: NOTE This information is available only on the device's (Classic) Device Summary page, and the Mobile Broadband Adapter Report in Classic Reports.
Manufacturer	P	n/a	n/a	n/a
Model	P
Network	P
Service Status	P
Detected Phone Number	P
Network Adapters: the following data points are collected for each detected adapter:
ID	P	n/a	See Wi-Fi and Bluetooth	P
Name	P	P		P
Adapter type	P	n/a		n/a
Installed	P	n/a		n/a
IPv4 address	P	P		P
IPv6 address	P	P		n/a
IP subnet	P	n/a		n/a
Default gateway	P	n/a		n/a
DHCP enabled	P	n/a		n/a
DHCP server	P	n/a		n/a
DHCP lease expires	P	n/a		n/a
DHCP lease obtained	P	n/a		n/a
MAC address	P	P		GAC
Manufacturer	P	P		n/a
Product type	P	n/a		n/a
Speed	P	P		n/a
Network SSID	P	P		n/a
Storage
Disk: the following data points are collected for each detected disk:
ID	P	P	n/a	n/a
Name	P	P		P
Description	P	P		n/a
Disk index	P	P		n/a
Bytes per sector	P	n/a		n/a
Firmware revision	P	P		n/a
Manufacturer	P	P		n/a
Media type	P	P		n/a
Model	P	P		n/a
Number of partitions	P	n/a		n/a
Sectors per track	P	n/a		n/a
Serial number	P	P		n/a
Size (bytes) (for Chromebook, this is the capacity)	P	P		P
Status	P	n/a		n/a
Total cylinders	P	n/a		n/a
Total heads	P	n/a		n/a
Total sectors	P	n/a		n/a
Total tracks	P	n/a		n/a
Total tracks per cylinder	P	n/a		n/a
Volumes: the following data points are collected for each detected volume:
ID	P	P	n/a	n/a
Name	P	P
Boot	P	P
Compressed	P	n/a
Drive letter	P	n/a
File system	P	P
Serial	P	P
Size (bytes)	P	P
Free space (bytes)	P	P
Mount point	n/a	P
Printers: the following data points are collected for each detected printer:
ID	P	P	n/a	û
Name	P	P
Driver	P	P
Server	P	û
Share	P	û
Port	P	û
USB: the following data points are collected for each detected USB device:
Name	P	û	n/a	û
Manufacturer	P
PnP device ID	P
Anti-malware: the following data points are collected for the anti-malware software detected on the device:
Product name	P	P	û	n/a
Version	P	P
Definition	P	P
Definition date	P	P
Last updated	P	P

Additional hardware data points collected on Chromebook devices

In addition to the hardware data points shown for Chromebooks in the Hardware data points section, the Absolute Chromebook extension collects the following additional data points on Chromebooks only:

Chromebook specific data points
Annotated asset ID
Annotated location
Annotated user
Auto-update expiration
Boot Mode
Device ID
Last device Google sync
Last Google Sync
Notes
Organizational unit
Platform version
Provisioning status

Additional hardware data points collected on Android devices

In addition to the hardware data points shown for Android devices in the Hardware data points section, the Absolute agent and its Hardware Data Processing (HDP) component collect the following additional data points on Android devices only:

Android specific data points
Security Patch Level
Detected Serial Number
Network
Wi-Fi: data points collected for each detected adapter:
ID
Adapter type
IP V4 Address
MAC Address
Speed
Network SSID
Bluetooth: data points collected for each detected adapter:
Address
Is Enabled
Memory & Storage
Available physical memory
Total physical memory
Available space
Cellular
Enabled
Mobile network — Current
Mobile network — Home
IMEIThe International Mobile Equipment Identity (IMEI) is an identifier used to identify GSM, UMTS and LTE mobile phones. Typically, you can find a phone's IMEI in the battery compartment, or on-screen in phone settings.
IMSIThe International Mobile Subscriber Identity (IMSI) is a unique identifier used to identify the user, or subscriber, of a cellular network. The number includes the country and mobile network to which the subscriber belongs. The IMSI is stored on a phone's SIM card.
Phone number
SIM ICCID (Integrated Circuit Card IDentifier)
Type

The following additional data points show only on the device's Android Vulnerability page:

Data point
Device rootedA process that enables the user of an Android device to access the Android operating system and make software code changes. This process puts the device at greater risk of damage and security vulnerabilities and is not advisable.	Lock screen protection
GMS certified deviceGoogle Mobile Services (GMS) is a collection of popular Google applications and APIs, such as Google Chrome, YouTube, and Google Search. To enable Android device manufacturers to include these apps out-of-the-box, their devices must be certified by Google. To be certified, devices must comply with the Android Compatibility Definition Document (CDD) and pass the Compatibility Test Suite (CTS).	Screen timeout lock
ROM type	Device encrypted
Bootloader unlock available	SD card encrypted
ADB enabled (ADB = Android Debug Bridge)	Mac address change
Unknown sources installation	IMEI change
Google app verification level	IMSI/SIM card change
Google app verification frequency	Factory data reset
Secondary (Non-Google) Google app verification	EMM client installed
Anti-Malware app installed	MTD app installed
Cloud storage app installed

Application Persistence

When an Application Persistence policy is activated on a device, the Absolute agent collects the following data points, depending on the application being persisted:

NOTE The Application Persistence policy is supported on Windows devices only.

Persisted application	Data points
BitLocker®	Status (assessed health of the application) Repair Status (success or failure of the last attempted repair) Status Checked (date and time when Status last checked) Repairs, reinstalls and failures over the past 30 days Became healthy / Became unhealthy (date when the Status of the application last changed) Status Details, which may include the following information, depending on the application’s Status: application version compatibility of OS (operating system) and TPM (trusted platform module) for BitLocker encryption method—AES-128 or AES-256 encryption completeness protection status is on or off drive lock status is locked or unlocked If you selected BitLocker with Standalone MBAM, the AP persists MBAM and collects and reports any exceptions.
Microsoft® SCCM	Status (assessed health of the application) Repair Status (success or failure of the last attempted repair) Status Checked (date and time when Status last checked) Repairs, reinstalls and failures over the past 30 days Became healthy / Became unhealthy (date when the Status of the application last changed) Status Details, which may include the following information, depending on the application’s Status: application version status of the admin share date and time of the last hardware inventory scan date and time of the last software inventory scan status of key application services status of key registry entries nature of any repairs or reinstalls initiated
Cisco® AMP for Endpoints Connector Cisco AnyConnect Secure Mobility Client® Critrix Workspace™ Crowdstrike Falcon® Dell Advanced Threat Prevention Dell Data Guardian Dell Encryption ESET® Endpoint Antivirus F5® BIG-IP® Edge Client® FortiClient® VPN GlobalProtect™ Ivanti® Endpoint Manager Ivanti® Security Controls (formerly Ivanti Patch for Windows) Lenovo® Device Intelligence McAfee® ePolicy Orchestrator® Nessus Agent Netskope® Pulse Connect Secure SentinelOne™ Symantec™ Endpoint Protection Tanium™ VMWare Carbon Black Cloud™ VMWare Workspace ONE™ WinMagic SecureDoc™ Ziften Zenith	Status (assessed health of the application) Repair Status (success or failure of the last attempted repair or reinstall) Status Checked (date and time when Status last checked) Repairs, reinstalls and failures over the past 30 days Became healthy / Became unhealthy (date when the Status of the application last changed) Status Details, which may include the following information, depending on the application’s Status: application version status of key application services status of key registry entries nature of any repairs or reinstalls initiated

Persisted application

Data points

BitLocker®

Status (assessed health of the application)
Repair Status (success or failure of the last attempted repair)
Status Checked (date and time when Status last checked)
Repairs, reinstalls and failures over the past 30 days
Became healthy / Became unhealthy (date when the Status of the application last changed)
Status Details, which may include the following information, depending on the application’s Status:
- application version
- compatibility of OS (operating system) and TPM (trusted platform module) for BitLocker
- encryption method—AES-128 or AES-256
- encryption completeness
- protection status is on or off
- drive lock status is locked or unlocked

If you selected BitLocker with Standalone MBAM, the AP persists MBAM and collects and reports any exceptions.

Microsoft® SCCM

Status (assessed health of the application)
Repair Status (success or failure of the last attempted repair)
Status Checked (date and time when Status last checked)
Repairs, reinstalls and failures over the past 30 days
Became healthy / Became unhealthy (date when the Status of the application last changed)
Status Details, which may include the following information, depending on the application’s Status:
- application version
- status of the admin share
- date and time of the last hardware inventory scan
- date and time of the last software inventory scan
- status of key application services
- status of key registry entries
- nature of any repairs or reinstalls initiated

Cisco® AMP for Endpoints Connector

Cisco AnyConnect Secure Mobility Client®

Critrix Workspace™

Crowdstrike Falcon®

Dell Advanced Threat Prevention

Dell Data Guardian

Dell Encryption

ESET® Endpoint Antivirus

F5® BIG-IP® Edge Client®

FortiClient® VPN

GlobalProtect™

Ivanti® Endpoint Manager

Ivanti® Security Controls (formerly Ivanti Patch for Windows)

Lenovo® Device Intelligence

McAfee® ePolicy Orchestrator®

Nessus Agent

Netskope®

Pulse Connect Secure

SentinelOne™

Symantec™ Endpoint Protection

Tanium™

VMWare Carbon Black Cloud™

VMWare Workspace ONE™

WinMagic SecureDoc™

Ziften Zenith

Status (assessed health of the application)
Repair Status (success or failure of the last attempted repair or reinstall)
Status Checked (date and time when Status last checked)
Repairs, reinstalls and failures over the past 30 days
Became healthy / Became unhealthy (date when the Status of the application last changed)
Status Details, which may include the following information, depending on the application’s Status:
- application version
- status of key application services
- status of key registry entries
- nature of any repairs or reinstalls initiated

Custom Data

The Absolute agent collects the following data points when the Custom Data policy is activated on a Windows device:

Data point
Custom data points	Provided by Absolute and added to the Custom Data policy by you. These data points are unique to you.
Default data points	Automatically included in the Custom Data policy, but must be enabled by you There are currently no Custom Data points in the Custom Data policy.

Data point

Custom data points

Provided by Absolute and added to the Custom Data policy by you. These data points are unique to you.

Default data points

Automatically included in the Custom Data policy, but must be enabled by you

There are currently no Custom Data points in the Custom Data policy.

Device Usage

The Absolute agent collects the following data points when the Device Usage policy is activated on a Windows, Mac, or Chromebook device:

NOTE The Device Usage policy is not supported on Android devices.

Data point	Platform
Data point	Windows	Mac	Chromebook
Average Daily UsageThe daily usage of a device, averaged over the 30 days prior to the most recent agent check-in and expressed in total hours and minutes. Note that any days with no usage are not included in the calculation. Applies only to Windows, Mac, and Chromebook devices with an activated Device Usage policy.	P	P	P
Usage Level The level of daily device usage, averaged over the past 30 days. There are four levels: Heavily Used (over 8 hours), Moderately Used (4 to 8 hours), Lightly Used (1 to 4 hours), Not Used (less than 1 hour). Applies only to Windows, Mac, and Chromebook devices with an activated Device Usage policy.	P	P	P
Event Timestamp (Local Device Time): <n> minutes of activity	P	P	P
Activity Type (Login or Unlock)	P	P	P
BSSID	P	P	n/a
SSID	P	P	n/a
Local IP (IPv4)	P	P	P
Public IP (IPv4)	P	P	P
Active Directory OU	P	P	n/a

Endpoint Data Discovery

The Absolute agent collects the following data points when the Endpoint Data Discovery (EDD) policy is activated on a Windows or Mac device:

NOTE The EDD policy is not supported on Android or Chromebook devices.

Data point	Platform
Data point	Windows	Mac
AIP protection status, when the Azure Information Protection (AIP) feature is enabled	P	n/a
Scan Date	P	P
Rule	P	P
Matched token (content string that matched the Rule)	P	P
Lexicon line number that was matched	P	P
File Name	P	P
File Extension	P	P
File Type	P	P
File Path	P	P
File Owner	P	P
File Created	P	P
File Modified	P	P
File Accessed	P	û

Full-Disk Encryption

The Absolute agent collects the following data points when the Full-Disk Encryption Status policy is activated on a Windows or Mac device:

NOTE The Full-Disk Encryption policy is not supported on Android or Chromebook devices.

Data point	Platform
Data point	Windows	Mac
Encryption > Status	P	P
Encryption > Product Name	P	P
Encryption > Version	P	P
Encryption > Algorithm	P	û
Encryption > Comments	P	P
Encryption > Key Size	P	û
Encryption > SED Capable	P	P
Encryption > Last Updated	P	P
Encryption > All Drives Encrypted	P	P

Installed Software

The Absolute agent collects the following data points when the Installed Software policy is activated on a Windows or Mac device:

NOTE The Installed Software policy is not supported on Android or Chromebook devices.

Data point	Platform
Data point	Windows	Mac
Application	P	P
Version	P	P
Publisher	P	P
Installed (date)	P	P
Install location	P	P
Identifier	P	P
OS Name	P	P
Username	P	P

Software

The Absolute agent collects the following data points when the Software policy is activated on a Windows, Mac, or Android device:

NOTE The Software policy is not supported on Chromebook devices.

Data point	Platform
Data point	Windows	Mac	Android
Publisher	P	P	P
Suite	P	P	P
Application Name	P	P	P
Application Version	P	P	P
File Name	P	P	P
File Version	P	P	P
Detected Date	P	P	P
File Path	P	P	P

Web Usage

When the Web Usage policy is activated on a Windows or Chromebook device, the Absolute agent collects web activity information from the device and populates the following fields in the console:

NOTE The Web Usage policy is not yet supported on Mac and Android devices.

Field	Platform
Field	Windows	Chromebook
Website	P	P
Webpage title	P	P
Web usage > Daytime	P	P
Web Usage > Evenings and weekends	P	P
Username (of each logged in user)	P	P