Skip to main content

Endpoint Status

The Endpoint Status page provides insight into the protection, synchronization, and performance of the devices connected to your system.

This page displays, on separate tabs, information related to Carbon Black, Cortex XDR, and Syslog endpoints.

note

Information related to data sources not in use by your system will not appear. If none of the data sources are in use by your system, the Endpoint Status page will not be accessible.

  1. In ActiveEye, in the left pane, click Reporting, and then click Endpoint Status.
    The Endpoint Status page appears.
    The Endpoint Status page

  2. Select the tab of the service whose endpoint statuses you want to view.
  3. Use the controls in the table header to sort the list of endpoints, or search for a specific endpoint name, IP address, status, or date last seen.
    note

    Each tab on the Endpoint Status page has a unique set of possible statuses.

    • Possible statuses of Carbon Black endpoints:
      • Active: Indicates that the endpoint has checked in within the last 30 days.
      • Bypass: Indicates that the endpoint is not sending data to the cloud, or has been temporarily isolated during an update.
      • Deregistered: Indicates that the endpoint has been deregistered or uninstalled.
      • Error: Indicates that the endpoint is returning errors.
      • Inactive: Indicates that it has been more than 30 days since the endpoint has checked in.
      • Pending: Indicates that the endpoint has not yet been installed, or that an update is pending.
      • Quarantined: Indicates that the endpoint has been isolated due to possible malware or suspicious activity.
      • Sensor out of date: Indicates that the endpoint is not using the current release version and is eligible for update.
    • Possible statuses of Cortex XDR endpoints:
      • Connected: Indicates that the endpoint has checked in within 10 minutes for standard endpoints, and within 3 hours for mobile endpoints.
      • Connection Lost: Indicates that the endpoint has not checked in within 30 to 180 days for standard endpoints, and between 90 minutes and 6 hours for VDI and temporary sessions.
      • Disconnected: Indicates that the endpoint has not checked in within the defined inactivity window: between 10 minutes and 30 days for standard and mobile endpoints, and between 10 minutes and 90 minutes for VDI and temporary sessions.
      • Uninstalled: Indicates that the agent has been uninstalled from the endpoint.
    • Possible statuses of Syslog endpoints:
      • Active: Indicates that the endpoint has communicated in the last 24 hours.
      • Degraded: Indicates that the endpoint has not communicated in the last 24 hours, but has in the last week.
      • Inactive: Indicates that the endpoint has not communicated in more than a week.
  4. You can perform the following actions on the Endpoint Status page:
    • Create a report template: On the Carbon Black or Cortex XDR tab, you can quickly create a report template based on the service’s endpoint-status data by clicking Create Report Template. When you do, the Edit Report Template page appears, displaying the Cortex Endpoint Data module in the Modules Included in Report section. From here, you can modify the report template as needed, and then save or generate the report, which will include the Carbon Black or Cortex XDR endpoint status information. For more information about using report templates, see the Reports topic.
    • Download endpoint status information: On any tab, click the Download button to download a CSV file containing data about that service’s endpoint statuses.
    • Filter Syslog endpoint statuses by AERSS device: On the Syslog tab, you can filter the list of endpoints so that only endpoints associated with a specific AERSS device are displayed. To do so, click Connector, and then click one of the AERSS device names. To return to the full list of endpoints, click Connector, and then click Clear Filter.
      note

      The Syslog tab only displays information related to AERSS Syslog endpoints.