Device Overview

The Overview page shows everything Cisco XDR knows about a device, including device status, context, and which source provided which data. The information may include some or all of the following sections, collected from multiple sources and merged into one place for you in Cisco XDR. Additionally, some sources provide the ability to pivot to their respective consoles to further investigate the device, such as Secure Endpoint, Umbrella, and Duo.

Shows you a summary of some details of this device, such as hostname, IP addresses, location, and serial number. Click on associated users to expand the user details drawer. For more information about what is displayed in the drawer, see View Summary of User Details in Drawer.

Note: User names can be associated with multiple email addresses. Clicking a user name with multiple records opens a drawer displaying a list of users with that name for selection.

Click the (Pivot Menu) icon to take action on the IP and MAC addresses.

Shows you what Security Products are enabled on this device.

If the device is running Windows and has source data from Orbital, this section shows you what Windows Security Products are currently installed on this device and whether they’re disabled (you may need to enable) or out of date (you may need to update).

Shows you information from Secure Endpoint about the device, including AV definitions status, device isolation status, Orbital enablement, and Connector GUID.

Note: Click the Connector GUID to pivot to the Secure Endpoint console and investigate this device further.

Shows you the top five vulnerabilities for this device identified by Cisco Vulnerability Management. The details of the vulnerability are displayed, including the CVE information, publication date, if there is a fix available, and the facets of the vulnerability. Click View all to pivot to the Vulnerabilities page.

Shows you which sources Cisco XDR got this information from for this device. Where available, you can click to pivot to the source and investigate this device further from that source’s dashboard, such as:

  • Open Duo Admin Dashboard in New Window
  • Open Cisco Umbrella Dashboard in New Window

Click View full details to open a drawer that contains all the device data provided by that source.

Shows you information from Secure Client about this device, such as the deployment, profile modules, CSC UDID, and more. Click Device Events to pivot to the Device Events page where the search is automatically populated with the device name. For more information, see the Device Events help topic.

Note: The Last Seen field shows the time of the last notification, which happens when the deployment or endpoint is updated, not when the device was last used.