device_id

string

Hardware ID of the device

status

string

status of device. Values are:

• compliant: device is in compliance with a policy which the device is assigned to on your account

• non-compliant: device is not in compliance with a policy which the device is assigned to on your account

• exempted: device is exempted

• out_of_license_usage: device is out of token usage.

• unknown: device is not installed MetaAccess agent

• ignored: device is not installed MetaAccess agent and ignored by an administrator

status_detail

object

status detail of device. Values are:

• agent_installed :

  • 1 : device is installed MetaAccess agent

  • 2 : device is not installed MetaAccess agent but detected by Network Discovery or Domain Controller agent

  • 3 : device is not installed MetaAccess agent but detected by Network Discovery or Domain Controller agent and ignored by an administrator

• out_of_token:

  • 0 :device is not out of token usage

  • 1 :device is out of token usage

• exempted:

  • 0: device is not exempted

  • 1: device is exempted

• pending:

  • 0: device reported to MetaAccess cloud

  • 1: device has not been reported to MetaAccess cloud yet

• compliant :

  • 0: device is non-compliance with policy

  • 1: device is in compliance with policy

• quarantined :

  • 0: device is not quarantined

  • 1: device is quarantined

severity

string

Severity level. Values are

• critical: device has critical issues

• warning: device has warning issues

• no-issues: device doesn't have any issues

issue

object

Issue details on the device

issue.total_issues

int

Total issues of device

issue.total_critical_issues

int

Total critical issues of device

issue.total_warning_issues

int

Total warning issues of device

group_name

string

group name which a device is assigned to

agent_type

string

Type of agent

Values:

managed – Managed device

dc - Domain controller device

device_name

string

Hostname of the device. It will get "<private>" value if it's a non-collectible to each fields which related to privacy.

nick_name

string

a nickname for the device which an administrator can update on the MetaAccess console

device_type

string

The type of the device

agent_version

string

Local resident MetaAccess agent version

oesis_version

string

SDK version which the agent is running

last_seen

string

The last timestamp in GMT format when the agent reports data to the Cloud

public_ip

string

public IP of the device in the last report

country

string

Region where the device IP geographically represents

user_identity

string

Custom user identity information.

This is only available if the account enables "Enforce users enter custom information" on Advanced Setting tab on Global Settings

user_info

object

User information block

user_info.username

string

username who currently logs in. This field will be remove if it's set as privacy

user_info.domain

string

Currently logged in user domain

remediation_link

string

remediation page URL of the given device

categories

array<object>

Details of each posture category

categories.category_id

string

category ID which the current block stands for

categories.issue

int

Severity of the category based on the defined policy on your MetaAccess account.
Values are:

• -1 - category is disabled

• 0 – no issues

• 1 – warning

• 2 – critical

categories.apps

array<object>

detailed products in a category

categories.apps.id

string

Product ID

categories.apps.name

string

Name of the product

categories.apps.vendor

string

Name of the product vendor

categories.apps.version

string

Product version

categories.apps.category_id

string

category ID of the product

categories.apps.health_status

array<object>

health information of the product

categories.apps.health_status.status

string

product compliance details

categories.apps.health_status.issue

int

Severity of the product based on the defined policy on your MetaAccess account

Values are:

• -1 - Not an approved product

• 0 - no issues

• 1 - warning

• 2 - critical

unclassified

array<object>

Lists of unclassified products

unclassified.id

string

product ID

unclassified.name

string

product name

unclassified.vendor

string

product vendor

unclassified.version

string

product version

os_info

object

Operation system information

os_info.family

string

OS family

os_info.name

string

OS name

os_info.vendor

string

OS vendor

os_info.version

string

OS version

os_info.service_pack_version

string

OS Service Pack Version

os_info.architecture

string

OS architecture

os_info.os_language

string

OS language

os_info.user_password_set

int

If user password is set on OS, 1 is set, 0 is not set

network_info

array<object>

Network adapter information block

network_info.description

string

network card description

network_info.mac

string

Media Access Control (MAC) address of the network adapter.. This field will be remove if it's a non-collectible to each fields which related to privacy.

network_info.ipv4

string

IPv4 addresses associated with the network adapter. This field will be remove if it's a non-collectible to each fields which related to privacy.

network_info.ipv6

string

IPv6 addresses associated with the network adapter. This field will be remove if it's a non-collectible to each fields which related to privacy.

network_info.subnet_mask

string

the subnet mask associated with the current network adapter.

network_info.media_state

string

network card state

network_info.dhcp_enabled

string

DHCP enabled state of installed network adapter.

network_info.dhcp_obtained

string

(Optional)The timestamp in GMT format when the lease was obtained for the IP address assigned to the computer by the DHCP server.

network_info.dhcp_expires

string

(Optional)The expiration timestamp in GMT format for a leased IP address that was assigned to the computer by the DHCP server.

network_info.dhcp_server

string

(Optional)IP address of the dynamic host configuration protocol (DHCP) server.

network_info.adapter_enabled

string

Indicates whether the adapter is enabled or not.

network_info.default_gateway

string

(Optional)Array of IP addresses of default gateways that the computer system uses.

network_info.dns_addresses

array<string>

(Optional)Array of server IP addresses to be used in querying for DNS servers.

link_user

object

User is linked by admin (editable)

link_user.username

string

Username is linked to device by admin

link_user.group

string

Group is linked to device by admin

mobile_apps

array<object>

Only applicable for iOS/Android devices

Lists of applications installed on the device

mobile_apps.name

string

application name

mobile_apps.vendor

string

application vendor

mobile_apps.community_rate

string

rating from community

mobile_apps.community_reviewer

string

number of community reviewers who reviewed the application

detected_processes

object

Only applicable for Linux devices

Details about running processes on the device when the device reports data to MetaAccess cloud

detected_processes.total

int

number of running processes on the device when the device reports data to MetaAccess cloud

detected_processes.processes

array<object>

Lists of running processes on the device when the device reports data to MetaAccess cloud with details

detected_packages

object

Only applicable for Linux devices

Details about packages installed on the device when the device reports data to MetaAccess cloud

detected_packages.total

int

number of packages installed on the device when the device reports data to MetaAccess cloud

detected_packages.processes

array<object>

Lists of packages installed on the device when the device reports data to MetaAccess cloud

detected_patches

object

Only applicable for Windows/macOS devices

Details about missing patches on the device when the device reports data to MetaAccess cloud

detected_patches.timestamp

string

timestamp in GMT format when the device reports data to MetaAccess cloud

detected_patches.total

int

Total missing patches on the device when the device reports data to MetaAccess cloud

detected_patches.patches

array<object>

Lists of missing patches on the device when the device reports data to MetaAccess cloud

detected_patches.patches.category

string

The category of a missing patch: 'security_update', 'update_rollup', 'critical_update', 'update', 'driver', 'service_pack', 'unknown'.

detected_patches.patches.titles

string

The title of a missing patch.

detected_patches.patches.description

string

The description of a missing patch.

detected_patches.patches.product

string

The product missing this patch.

detected_patches.patches.vendor

string

(optional) The vendor of the product missing this patch

detected_patches.patches.severity

string

The severity of a missing patch: 'low', 'moderate', 'important', 'critical', 'unknown'.

detected_patches.patches.kb_name

string

(optional)The knowledge base article id of a missing patch. May duplicate security_update_id on some platforms.

detected_patches.patches.release_date

string

A timestamp in GMT format when a patch is released

infection

object

Details on threat detection

infection.metascan

object

Only applicable for Windows/macOS/Linux devices

Infection information block which is detected by Metadefender Cloud

infection.metascan.total

int

Total infections which is detected by Metadefender Cloud

infection.metascan.issue

int

Status of Daily Metadefender Cloud anti-malware scan based on a device policy on your MetaAccess account

Values are:

• -1 – category is disabled

• 0 – category doesnot have issues

• 1 – category has issues

• 2 – category has critical issues

infection.metascan.threats

array<object>

Lists of found threats

infection.metascan.threats.critical

int

Critical status of the threat

Values are:

• 0 – not critical

• 1 – critical

infection.metascan.threats.scan_time

string

timestamp when found the threat

infection.metascan.threats.file

string

File was found the threat

infection.metascan.threats.hash

string

hash of the file

infection.metascan.threats.threat_name

string

Threat name

infection.metascan.threats.details

array<object>

threat details on each engine which detected the threat

infection.metascan.threats.details.threat_name

string

Threat name which detected on a specific engine

infection.metascan.threats.details.av_name

string

engine name

infection.antivirus

object

Only applicable for Windows/macOS devices

Repeated threat details detected by local anti-malware applications

infection.antivirus.total

int

Total repeated threats which are detected by local anti-malware applications

infection.antivirus.issue

int

Status of repeated threats based on a device policy on your MetaAccess account

Values are:

• -1 – category is disabled
  

• 0 – category doesnot have issues

• 1 – category has issues

• 2 – category has critical issues

infection.antivirus.threats

array<object>

Lists of repeated threats

infection.antivirus.threats.critical

int

Critical status of the threat

Values are:

• 0 – not critical

• 1 – critical

infection.antivirus.threats.scan_time

string

Last timestamp when the threat was detected

infection.antivirus.threats.repeat

int

Number of times the threat was detected

infection.antivirus.threats.file

string

File was detected as a threat

infection.antivirus.threats.hash

string

hash of the file

infection.antivirus.threats.threat_name

string

threat name

infection.antivirus.threats.product_name

string

product name which detected the threat

infection.antivirus.threats.product_vendor

string

vendor name

infection.antivirus.threats.product_version

string

product version

infection.antivirus.threats.severity

string

threat severity

infection.antivirus.threats.action

string

The type of remediation ( unknown, cleaned, deleted, quarantined)

infection.ip_scanning

object

Only applicable for LINUX/MOBILE devices

Details of daily scan for suspicious IP connections

infection.ip_scanning.total

int

Total of suspicious IPs

infection.ip_scanning.issue

int

Status of the suspicious IP based on a device policy on your MetaAccess account

Values are:

• -1 – category is disabled
  

• 0 – category doesnot have issues

• 1 – category has issues

infection.ip_scanning.threats

array<object>

Lists of suspicious IPs

infection.ip_scanning.threats.geo_info

object

An object represents the geolocation of the suspicious IP

infection.ip_scanning.threats.geo_info.country_code

string

Region name of the network address (e.g., San Paulo)

infection.ip_scanning.threats.geo_info.city

string

Country name of the network address (e.g., Brazil)

infection.ip_scanning.threats.geo_info.country_name

string

Country name of the network address (e.g., BR)

infection.ip_scanning.threats.geo_info.region_name

string

Region code of the network address (e.g., 27)

infection.ip_scanning.threats.geo_info.region_code

string

City name of the network address (e.g., San Paulo)

infection.ip_scanning.threats.network_address

string

IP address of the suspicious IP

infection.ip_scanning.threats.status

string

indicates the scanning object is clear, dirty or in-progress

infection.ip_scanning.threats.total_source

int

number of total source

infection.ip_scanning.threats.threats

array<object>

details of IP connections

infection.ip_scanning.threats.threats.assessment

string

Type of threat detected

infection.ip_scanning.threats.threats.confident

string

Represents the reliability of the detection based on several factors. The higher the score, the more reliable the result.

infection.ip_scanning.threats.threats.source_name

string

Source of the feed, usually the domain where the feed is from (e.g., example.com )