Data Collected by Action1 Agent

Action1 comes with 30+ script templates to help you query your infrastructure and pull data from the managed endpoints in a structured way. A template that queries data from the endpoints represents a data source. Using the data sources available out of the box, you can create custom reports and search for data you are interested in, such as disk volume or logged-on users. See also: Software Inventory 

Windows Endpoints

The following data is collected from Windows endpoints, providing a basis for Action1 reports, dashboards, and alerts.

Hardware Inventory:

• Hardware Summary
• Processors and Cores
• HW Manufacturers
• Physical Memory
• Motherboards
• Firmware
• Installed Printers
• Disk Drives
• SCSI Controllers
• Monitors
• Sound Devices

Disk and Partitions:

• Logical Disks
• Disks w/o BitLocker
• Disk Volumes
• Low Disk Space
• Disk Partitions
• NTFS Disk Quotas
• Bitlocker Key

Network Settings:

• Routing Tables
• Network Adapters

Network Connections:

• To TCP/IP Addresses
• To Internet Domains

Network:

• Open Network Shares
• Open Hidden Shares

USB Devices:

• USB Disk Usage
• SD Card Usage

General System Information:

• OS Information
• OS Install Dates
• Boot Configurations
• Environment Varibales
• Windows Event Logs
• Computer AD Domains
• Computer Time Zone
• Local Time
• Applied GPO (RSoP)

Users and Groups:

• Local User Accounts
• Local Groups
• Group Membership
• Logon Statistics
• Logged On Users
• Profiles by User
• Profiles by Computer

Software Inventory:

• Installed Software
• Cloud Storage Apps
• Instant Messengers
• Web Browsers
• MS Outlook Versions
• Windows Drivers
• Antivirus Status

Remote Task Manager:

• Running Processes
• Startup Programs
• Windows Services
• Process/Memory Stats

macOS Endpoints

The following data is collected from macOS endpoints, providing a basis for Action1 reports, dashboards, and alerts.
Hardware Inventory:

• CPU Name
• CPU Model
• CPU Manufacturer
• CPU Size (cores)
• CPU Data Width
• CPU Status
• CPU Error Description
• RAM Size
• Disk Information (model and size)
• Video card (GPU) model
• NIC
• WiFi adapter model
• Motherboard Product
• Motherboard Vendor
• Motherboard Version
• Motherboard Tag

System Information:

• System Manufacturer
• System Model
• System Type
• BIOS Manufacturer
• BIOS Version
• BIOS Serial
• SMBIOS BIOS Version
• Last Boot Time
• Reboot Required

Users:

• Last Logged On User

Software Applications:

• Application Name
• Software Vendor
• Installation Date
• Version
• Installed For
• Installation Location
• Package Type
• Operating System
• Original Name and Version

Software Updates:

• Update ID & Original Update ID
• KB Number
• Update Full Name
• Release Date
• Vendor
• Security Severity
• Support URL
• Size (bytes)
• Optional or Recommended
• CVE
• Operating System & Info
• Language
• Update For (system or app)
• Update Type
• Install Date
• Reboot Needed

How It Works

When you run a query:

1. Action1 Cloud contacts your endpoints to query information, temporarily caches the query results in the cloud, and then shows it to you in the web console or sends via email (for scheduled queries).
2. After that, your endpoint data is permanently deleted from Action1 Cloud.
3. As a result, you always have up-to-date live information from your endpoints (instead of out-of-date data collected hours or even days ago).

Action1 maintains the list of your managed endpoints, which includes:

• Computer names
• IP addresses
• Connection statistics

It also performs short-term caching of your endpoint data in the Action1 Cloud for efficiency purposes.

Action1 also stores some diagnostic information (see Logs ) for 7 days. If you want any of this data to be deleted sooner than stated, contact technical support.