Data points collected by activated policies

Absolute policies control the collection of hardware, software, usage, and system information from your devices. The Hardware policy is always activated by default, but you need to activate other policies if you want to monitor additional device information in the Secure Endpoint Console. To learn about the specific data points that are collected when a particular policy is activated, refer to the appropriate section in this topic.

How frequently is data collected from a device?

Depending on the Absolute licenses associated with your account, some data points may not be available.

Understanding the tables

Symbol / Value	Meaning
P	The Secure Endpoint Agent collects the data point on the indicated platform and shows it in the Secure Endpoint Console.
n/a	The data point does not apply to the indicated platform.
GAC	The data point is synced directly from the Google Admin console and shows in the Secure Endpoint Console. Applies to Chromebooks only.
†	The Secure Endpoint Agent collects the data point on the indicated platform but the data point is not shown in the Secure Endpoint Console.
O	The Secure Endpoint Agent does not detect the data point on the indicated platform because the platform does not make the data available, or because there is no requirement to collect this data.

Hardware

For any enrolled device, the Secure Endpoint Agent and its Hardware Data Processing (HDP) component collect the following data points:

Data point	Device platform
Data point	Windows	Mac	Chromebook
Agent specific data points
Identifier The unique Electronic Serial Number (ESN) assigned to the Secure Endpoint Agent that is installed on a device.	P	P	P
Last connected The date and time when a device's component manager last connected to the Absolute Monitoring Center. For online devices, the component manager connects every 15 minutes. Also see component manager (CTES).	P	P	P
Last core agent connection The date and time when the device's core agent last connected to the Absolute Monitoring Center. For online devices, the core agent connects once every 24.5 hours. Also see core agent (rpcnet).	P	P	P
Hardware last updated	P	P	P
Agent status The operating condition of a device's Secure Endpoint Agent. Possible values are Active (indicates that the device's agent has connected to the Absolute Monitoring Center), Inactive (indicates one of the following: the device was moved to another account; the device was unenrolled, but it is now set to be reactivated; or the device had Persistence enabled at the factory, but it has not yet called in to the Absolute Monitoring Center), and Disabled (indicates that the agent is either flagged for removal or removed from the unenrolled device). Inactive and Disabled devices do not consume a license.	P	P	P
Agent A field and report column showing the version number of the core agent (rpcnet) installed on a Windows or Mac device. For Chromebooks, it shows the version number of the Absolute for Chromebooks extension.	P	P	†
Component manager The component manager (also known as CTES) is installed on top of the core agent and manages the agent components responsible for initiating device actions and collecting device data. Most agent components are controlled by policies, such as the Hardware and Installed Applications policies. The component manager typically connects to the Absolute Monitoring Center every 15 minutes, at a minumum, to send device data and receive instructions.	P	P	†
Component manager > Status Report column that shows the status of the component manager (CTES) installed on a Windows or Mac device. Possible values are: Healthy (CTES is communicating successfully with the Absolute Monitoring Center), Packet inspection detected (CTES is not communicating with the Absolute Monitoring Center. To learn how to resolve this issue, hover over the icon and click "Learn more" in the tooltip), and No Data (CTES is not communicating with the Absolute Monitoring Center, or the status is not available because version 1.0.0.2116 or higher is not installed on the device, or the device is not a Windows or Mac device).	P	P	O
Persistence agent A field and report column showing the version number of the Absolute Persistence agent (rpcnetp), which is embedded in the firmware of a Windows device by the device manufacturer. If a device's Secure Endpoint Agent is tampered with or removed, the Persistence agent connects to the Absolute Monitoring Center, which triggers the core agent (rpcnet) to be downloaded and reinstalled on the device.	P	n/a	n/a
Firmware Persistence status The status of the Absolute Persistence module, which is embedded in the firmware of a Windows device by the device manufacturer. The module is responsible for monitoring the health of the Secure Endpoint Agent and restoring it if it's missing, damaged, or tampered with. Possible statuses are: Active, Deactivated, Not Supported, Pending, Pending Removal, and Unknown.	P	n/a	n/a
Firmware Persistence version The version number of the Absolute Persistence module, which is embedded in the firmware of a Windows device by the device manufacturer. The module is responsible for monitoring the health of the Secure Endpoint Agent and restoring it if it's missing, damaged, or tampered with. Possible versions are 1.0 and 2.x.x.x.	P	n/a	n/a
Activation date A field and report column that shows the date and time that the device completed its first check-in to the Absolute Monitoring Center and the device's Secure Endpoint Agent was activated.	P	P	P
Un-enrollment date A report column showing the date and time when an Unenroll Device request was submitted for a device. The device's Secure Endpoint Agent is set to Disabled.	P	P	P
Device data points
Device name The name assigned to the device in the operating system. For Chromebooks, device name is not applicable and therefore shows as "Chrome" in the Secure Endpoint Console.	P	P	O
Username Username of the user who was logged in to the device when an agent connection occurred. If no user was logged in during the most recent agent connection, the last detected username shows. If you are viewing a report and want to see if a user was logged in during the most recent connection, add the Current Username column to the report. If no user was logged in at the time of the connection, "No Data" or two em dashes (— —) show in the column.	P	P	P
Domain The name of the device's Windows domain, if applicable.	P	P	n/a
Encryption Status The detected status of a Windows or Mac device with respect to the installation of a full-disk encryption product. Possible values are: Encrypted, Used Space Encrypted, Not Encrypted, Suspended, Encryption In Progress, Decryption in Progress, Not Detected and No Data.	P	P	n/a
Full system name (called System name on Mac)	P	P	n/a
Operating System
Name The name and version of the operating system detected on a device. The operating system is software that manages the software and hardware installed on a computer and allows programs and services to run. It is responsible for the basic operations of a computer system.	P	P	P
Version The number that identifies the version of the operating system, which was detected by the Secure Endpoint Agent. For some Mac devices, the Edition field holds this information.	P	P	GAC
Edition	n/a	P	n/a
Build	P	P	n/a
CSDVersion / OS Service Pack	P	n/a	n/a
Architecture	P	n/a	P
Installation date	P	P	n/a
Last boot time	P	P	n/a
Update build revision	P	n/a	n/a
Current build	P	n/a	n/a
Release ID	P	n/a	n/a
Edition ID	P	n/a	n/a
Manufacturer	P	n/a	n/a
Product key	P	O	n/a
Serial number	P	n/a	n/a
Windows directory	P	n/a	n/a
Other OS description	P	n/a	n/a
System Information
Hard Drive Free Space The amount of storage currently available on a hard disk, expressed in gigabytes.	P	P	n/a
Total physical memory The amount of dynamically accessible memory on a device, expressed in gigabytes.	P	P	P
Available physical memory	P	P	P
Total virtual memory	P	P	n/a
Available virtual memory	P	P	n/a
Local IP address The local IPv4 Internet Protocol address that identifies a device that is connected to a private network.	P	P	P
Local IPv6 address The local IPv6 Internet Protocol address that identifies a device that is connected to a private network.	P	P	P
Public IP address The public IPv4 Internet Protocol address that identifies a device that is connected to the Internet.	P	P	P
Public IPv6 address The public IPv6 Internet Protocol address that identifies a device that is connected to the Internet.	P	P	P
Page file space	P	n/a	n/a
Page file	P	n/a	n/a
Boot device	P	P	n/a
Locale	P	P	P
Name	P	P	P
System directory	P	P	n/a
Make The manufacturer of a device.	P	P	GAC
Model The manufacturer's designated name for the type of device.	P	P	GAC
System type	P	P	n/a
Serial number The identification number assigned to the device by the device manufacturer. For Windows devices, this value may correspond to the serial number of the BIOS, the motherboard, or the chassis, depending on the manufacturer.	P	P	GAC
Time zone	P	P	n/a
System integrity protection status	n/a	P	n/a
BIOS
Release date	P	n/a	n/a
Language	P		n/a
Serial number	P		n/a
Version	P		GAC
SMBIOS version	P	n/a	n/a
SMBIOS major version	P		n/a
SMBIOS minor version	P		n/a
Manufacturer	P		n/a
Version date	P		n/a
Asset tag	P		n/a
Supervisor Password Status	P Supported models only	n/a
Battery
ID	P	n/a	O
Name	P	P
Serial number	P	P
Capacity	P	P
Estimated charge remaining	P	P
Estimated runtime This data point is not shown in Device Details, but you can add the column to a device report.	P	O
Expected life	P
Max recharge time	P
Memory
The Secure Endpoint Agent cannot collect memory information for MacBook Pro devices with an Apple M1 chip.
ID	P	P	P
Part number	n/a	P	n/a
Manufacturer	P	P	n/a
Serial number	P	P	n/a
Size (bytes)	P	P	P
Slot	P	P	n/a
Speed	P	P	n/a
Type (or Type Detail)	P	P	n/a
Status	n/a	P	n/a
Chassis Type This data point is not shown in Device Details, but you can add the column to a device report.	P	n/a	n/a
CPU
ID For Mac devices, this field shows the same value as the Name field.	P	n/a	P
Name	P	P	P
Architecture	P	P	P
Bus speed	O	P	n/a
Data width	P	O	n/a
Instruction set	O	P	n/a
Logical cores	P	P	n/a
Physical cores	P	P	n/a
Processor speed The rate at which the computer processor computes, measured in megaHertz.	P	O	n/a
Processor number	O	O	P
L2 cache size	P	P	n/a
L2 cache speed	P	O	n/a
L3 cache size	P	P	n/a
L3 cache speed	P	O	n/a
CD ROM
ID	P	n/a	n/a
Name	P
Drive	P
Manufacturer	P
Media loaded	P
Media Type	P
Description	P
Status	P
Transfer rate	P
PnP device ID	P
SCSI target ID	P
Sound Device
The following data points are collected for each detected sound device:
ID For Mac devices, this field shows the same value as the Name field.	P	n/a	O
Name	P	P
Manufacturer	P	P
Camera
The following data points are collected for each detected camera:
ID	P	P	O
Name	P	P
Description	P	n/a
Model	O	P
Is Enabled	P	P
Display
The following data points are collected for each detected display:
ID	P	n/a	n/a
Name	P	n/a	P
PnP device ID	P	n/a	n/a
Adapter type	P	n/a	n/a
Adapter description	P	P	n/a
Manufacturer	P	P	n/a
Adapter RAM	P	n/a	n/a
Driver version	P	n/a	n/a
Number of colors	P	n/a	n/a
Resolution	P	n/a	P
Bits per pixel	P	n/a	n/a
Depth	n/a	P	n/a
Height	P	P	P
Width	P	P	P
Refresh rate	n/a	P	n/a
Horizontal resolution	†	n/a	n/a
Vertical resolution	†	n/a	n/a
Input
Keyboards
The following data points are collected for each detected keyboard:
ID	P	n/a	O
Name	P	P
Description	P	n/a
Layout	P	n/a
PnP device ID	P	n/a
Number of function keys	P	n/a
Pointing Devices
The following data points are collected for each detected pointing device:
ID For Mac devices, this field shows the same value as the Name field.	P	n/a	O
Name	P	P
Manufacturer	P	P
The following data points are not shown in Device Details, but you can add the columns to a device report.
Number of buttons	P	n/a
Power management supported	P	n/a
PnP device ID	P	n/a
Handedness	P	n/a
Hardware type	P	n/a
Cellular
The following data points are collected for each detected cellular modem:
Enabled	P	n/a	n/a
Current network numeric code	P
Home network numeric code	P
IMEI	P
IMSI	P
Phone number	P
SIM serial	P
SIM ICCID (Integrated Circuit Card Identifier)	P
Type	P
Network Adapters
The following data points are collected for each detected adapter:
ID	P	n/a	P
Name	P	P	P
Adapter type	P	n/a	n/a
Installed	P	n/a	n/a
IPv4 address	P	P	P
IPv6 address	P	P	n/a
IP subnet	P	n/a	n/a
Default gateway	P	n/a	n/a
DHCP enabled	P	n/a	n/a
DHCP server	P	n/a	n/a
DHCP lease expires	P	n/a	n/a
DHCP lease obtained	P	n/a	n/a
MAC address	P	P	GAC
Manufacturer	P	P	n/a
Product type	P	n/a	n/a
Speed	P	P	n/a
Network SSID	P	P	n/a
Storage - Disk
The following data points are collected for each detected disk:
ID For Mac devices, this field shows the same value as the Name field.	P	n/a	n/a
Name	P	P	P
Description	P	P	n/a
Disk index	P	P	n/a
Bytes per sector	P	n/a	n/a
Firmware revision	P	P	n/a
Manufacturer	P	P	n/a
Media type	P	P	n/a
Model	P	P	n/a
Number of partitions	P	n/a	n/a
Sectors per track	P	n/a	n/a
Serial number	P	P	n/a
Size (bytes) (for Chromebook, this is the capacity)	P	P	P
Status	P	n/a	n/a
Total cylinders	P	n/a	n/a
Total heads	P	n/a	n/a
Total sectors	P	n/a	n/a
Total tracks	P	n/a	n/a
Total tracks per cylinder	P	n/a	n/a
Storage - Volumes
The following data points are collected for each detected volume:
ID	P	P	n/a
Name	P	P
Boot	P	P
Compressed	P	n/a
Drive letter	P	n/a
File system	P	P
Serial	P	P
Size (bytes)	P	P
Free space (bytes)	P	P
Mount point	n/a	P
Printers
The following data points are collected for each detected printer:
ID For Mac devices, this field shows the same value as the Name field.	P	n/a	O
Name	P	P
Driver	P	P
Server	P	O
Share	P	O
Port	P	O
USB
The following data points are collected for each detected USB device:
Name	P	O	O
Manufacturer	P
PnP device ID	P
Anti-malware
The following data points are collected for the anti-malware software detected on the device:
Product name	P	P	n/a
Version	P	P
Definition	P	P
Definition date	P	P
Last updated	P	P

Additional hardware data points collected on Chromebook devices

In addition to the hardware data points shown for Chromebooks in the Hardware data points section, Absolute collects additional Chromebook data points from the Google Admin console. The following data points are on Chromebooks only:

Chromebook specific data points
Annotated asset ID For Chromebook devices, the asset identifier populated by the Google Administrator. Maps to the Asset ID field in the Google Admin console.
Annotated location For Chromebook devices, the address or location of the device. Maps to the Location field in the Google Admin console.
Annotated user For Chromebook devices, initially populated with the user who first enrolled the device but the Google Administrator can edit this field. Maps to the User field in the Google Admin console.
Auto-update expiration The date when the Chromebook device will no longer receive automatic Chromebook updates that enhance both the device and its software. Maps to the Auto-update expiration field in the Google Admin console.
Boot mode For Chromebook devices, the boot mode of the device. Maps to the Boot mode field in the Google Admin console.
Device ID For Chromebook devices, the enterprise device identifier that uniquely identifies the device. Maps to the Device ID field in the Google Admin console.
Extension For Chromebook devices, shows the status of the Chromebook extension on the device.
Last device Google Sync For Chromebook devices, the date and time when the device last synced with your Google account.
Last Google Sync For Chromebook devices, the date and time when the device information was last synced from your Google account to the Absolute Monitoring Center.
Notes For Chromebook devices, special information about the device. Maps to the Notes field in the Google Admin console.
Organizational unit For Chromebook devices, the full path of the OU that the device belongs to. Maps to the Organizational unit field in the Google Admin console.
Platform version For Chromebook devices, the build number and channel of the device's Chrome OS operating system. Maps to the Platform version field in the Google Admin console.
Provisioning status For Chromebook devices, the status of the device in the Google Admin console. Maps to the Status field in the Google Admin console.
Recent users For Chromebook devices, a comma-separated list of users that have logged into the device, even if the users aren't configured with the Chromebook extension. The most recent users are shown first. Maps to the Recent users field in the Google Admin console.

Application Resilience

When an Application Resilience policy is activated on a device, the Secure Endpoint Agent collects the following data points:

Last App Resilience scan The date and time the Application Resilience (RAR) component of the Secure Endpoint Agent last ran a status check on the device.

Application Resilience

Events last 30 days
Failures last 30 days
Repairs last 30 days
Reinstalls last 30 days

Depending on the application, it also collects the following data points:

Resilient application	Data points
BitLocker®	Status (assessed health of the application) Repair status (success or failure of the last attempted repair) Status checked (date and time when Status last checked) Last updated (date and time the status check results were made available in the console) Became healthy / Became unhealthy (date when the Secure Endpoint Agent last detected the application changed health status) Status details, which may include the following information, depending on the application’s Status: application version compatibility of OS (operating system) and TPM (trusted platform module) for BitLocker encryption method—AES-128 or AES-256 encryption completeness protection status is on or off drive lock status is locked or unlocked Application Health data points If you selected BitLocker with Standalone MBAM, Application Resilience repairs and reinstalls MBAM and collects and reports any exceptions.
Microsoft® SCCM	Status (assessed health of the application) Repair Status (success or failure of the last attempted repair) Status checked (date and time when Status last checked) Last updated (date and time the status check results were made available in the console) Became healthy / Became unhealthy (date when the Secure Endpoint Agent last detected the application changed health status) Status details, which may include the following information, depending on the application’s Status: application version status of the admin share date and time of the last hardware inventory scan date and time of the last software inventory scan status of key application services status of key registry entries nature of any repairs or reinstalls initiated Application Health data points
For all other supported applications except for BitLocker and Microsoft SCCM	Status (assessed health of the application) Repair status (success or failure of the last attempted repair or reinstall) Status checked (date and time when Status last checked) Last updated (date and time the status check results were made available in the console) Became healthy / Became unhealthy (date when the Secure Endpoint Agent last detected the application changed health status) Status details, which may include the following information, depending on the application’s Status: application version status of key application services status of key registry entries nature of any repairs or reinstalls initiated Application Health data points (if supported for the application)

Resilient application

Data points

BitLocker®

Status (assessed health of the application)
Repair status (success or failure of the last attempted repair)
Status checked (date and time when Status last checked)
Last updated (date and time the status check results were made available in the console)
Became healthy / Became unhealthy (date when the Secure Endpoint Agent last detected the application changed health status)
Status details, which may include the following information, depending on the application’s Status:
- application version
- compatibility of OS (operating system) and TPM (trusted platform module) for BitLocker
- encryption method—AES-128 or AES-256
- encryption completeness
- protection status is on or off
- drive lock status is locked or unlocked
Application Health data points

If you selected BitLocker with Standalone MBAM, Application Resilience repairs and reinstalls MBAM and collects and reports any exceptions.

Microsoft® SCCM

Status (assessed health of the application)
Repair Status (success or failure of the last attempted repair)
Status checked (date and time when Status last checked)
Last updated (date and time the status check results were made available in the console)
Became healthy / Became unhealthy (date when the Secure Endpoint Agent last detected the application changed health status)
Status details, which may include the following information, depending on the application’s Status:
- application version
- status of the admin share
- date and time of the last hardware inventory scan
- date and time of the last software inventory scan
- status of key application services
- status of key registry entries
- nature of any repairs or reinstalls initiated
Application Health data points

For all other supported applications except for BitLocker and Microsoft SCCM

Status (assessed health of the application)
Repair status (success or failure of the last attempted repair or reinstall)
Status checked (date and time when Status last checked)
Last updated (date and time the status check results were made available in the console)
Became healthy / Became unhealthy (date when the Secure Endpoint Agent last detected the application changed health status)
Status details, which may include the following information, depending on the application’s Status:
- application version
- status of key application services
- status of key registry entries
- nature of any repairs or reinstalls initiated
Application Health data points (if supported for the application)

The Application Resilience policy is supported on Windows devices only.

Custom Data

The Secure Endpoint Agent collects the following data points when the Custom Data policy is activated on a Windows device:

Custom Data is not supported on Mac or Chromebook devices.

Data point
Custom data points	Provided by Absolute and added to the Custom Data policy by you. These data points are unique to you.
Default data points	Automatically included in the Custom Data policy, but must be enabled by you: Chrome extensions DNS servers Firewall status OU - organizational unit Wi-Fi authentication protocol

Data point

Custom data points

Provided by Absolute and added to the Custom Data policy by you. These data points are unique to you.

Default data points

Automatically included in the Custom Data policy, but must be enabled by you:

Chrome extensions
DNS servers
Firewall status
OU - organizational unit
Wi-Fi authentication protocol

Device Compliance

The Secure Endpoint Agent collects the following data points when the Device Compliance policy is activated on a Windows or Mac device:

The Device Compliance policy does not include unique data points. Instead, it collects data points from other policies as listed in the following table.

Policy
Hardware	Operating System data points Anti-malware data points
Full-Disk Encryption Status	Encryption data points
Geolocation Tracking	Device Location data points

Device Usage

The Secure Endpoint Agent collects the following data points when the Device Usage policy is activated on a Windows, Mac, or Chromebook device:

Data point	Platform
Data point	Windows	Mac	Chromebook
Average Daily Usage The daily usage of a device, averaged over the 30 days prior to the most recent agent check-in and expressed in total hours and minutes. Note that any days with no usage are not included in the calculation. Applies only to Windows, Mac, and Chromebook devices with an activated Device Usage policy.	P	P	P
Usage Level The level of daily device usage, averaged over the past 30 days. There are four levels: Heavily Used (over 8 hours), Moderately Used (4 to 8 hours), Lightly Used (1 to 4 hours), Not Used (less than 1 hour). Applies only to Windows, Mac, and Chromebook devices with an activated Device Usage policy.	P	P	P
Event Timestamp (Local Device Time): <n> minutes of activity	P	P	P
Activity Type (Login, Logout, Unlock, Lock, Sleep, Wake, or Shutdown) Chromebook only supports Login and Unlock events	P	P	P
BSSID	P	P	n/a
SSID	P	P	n/a
Local IP (IPv4 and IPv6, if available)	P	P	P
Public IP (IPv4 and IPv6, if available)	P	P	P
Active Directory OU	P	P	n/a
Username	P	P	P

Endpoint Data Discovery

The Secure Endpoint Agent collects the following data points when the Endpoint Data Discovery (EDD) policy is activated on a Windows or Mac device:

The EDD policy is not supported on Chromebook devices.

Data point	Platform
Data point	Windows	Mac
Scan Date	P	P
Rule	P	P
Matched token (content string that matched the Rule)	P	P
Lexicon line number that was matched	P	P
File Name	P	P
File Extension	P	P
File Type	P	P
File Path	P	P
File Owner	P	P
File Created	P	P
File Modified	P	P
File Accessed	P	O

Full-Disk Encryption Status

The Secure Endpoint Agent collects the following data points when the Full-Disk Encryption Status policy is activated on a Windows or Mac device:

The Full-Disk Encryption policy is not supported on Chromebook devices.

Data point	Platform
Data point	Windows	Mac
Encryption > Status	P	P
Encryption > Product Name	P	P
Encryption > Version	P	P
Encryption > Algorithm	P	P
Encryption > Comments	P	P
Encryption > Key Size	P	P
Encryption > SED Capable	P	P
Encryption > Last Updated	P	P
Encryption > All Drives Encrypted	P	P

Geolocation Tracking

The Secure Endpoint Agent collects the following data points when the Geolocation Tracking policy is activated on a device:

Field	Platform
Field	Windows	Mac	Chromebook
Device Location > City	P	P	P
Device Location > State/Province	P	P	P
Device Location > Country	P	P	P
Device Location > Latitude	P	P	P
Device Location > Longitude	P	P	P
Geolocation technology > Type	P	P	P
Geolocation technology > Accuracy (meters)	P	P	P
Geolocation Tracking > Last data received	P	P	P
Additional data points related to Wi-Fi Positioning geolocation technology:
SSID and BSSID of nearby access points	P	P	O
Signal strength of nearby access points	P	P	O
Wi-Fi error	P	P	O

Installed Applications

The Secure Endpoint Agent collects the following data points when the Installed Applications policy is activated on a Windows or Mac device:

The Installed Applications policy is not supported on Chromebook devices.

Data point	Platform
Data point	Windows	Mac
Application	P	P
Version	P	P
Publisher	P	P
Installed (date)	P	P
Install location	P	P
Identifier	P	P
OS Name	P	P
Username	P	P
Application Health data points
The following data points are available when the prerequisite for Application Health is met.
Health (including unhealthy reasons)	P	P
Last health changed	P	P
Number of Unhealthy	P	P
Number of Healthy	P	P
Number of Unknown Health	P	P

Web Usage

The Secure Endpoint Agent collects the following data points when the Web Usage policy is activated on a Windows or Chromebook device:

The Web Usage policy is not yet supported on Mac devices.

Field	Platform
Field	Windows	Chromebook
Website	P	P
Webpage title	P	P
Web usage > Daytime	P	P
Web Usage > Evenings and weekends	P	P
Username (of each logged in user)	P	P