Device Overview
The Overview page shows everything Cisco XDR knows about a device, including device status, context, and which source provided which data. The information may include some or all of the following sections, collected from multiple sources and merged into one place for you in Cisco XDR. Additionally, some sources provide the ability to pivot to their respective consoles to further investigate the device, such as Secure Endpoint, Umbrella, and Duo.

Shows you a summary of some details of this device, such as hostname, IP addresses, location, and serial number. It also shows the associated users on this device. Click the (Pivot Menu) icon to take action on the IP and MAC addresses.
Note: Click on a user name to see what other devices this user has been seen on.

Shows you what Security Products are enabled on this device.
If the device is running Windows and has source data from Orbital, this section shows you what Windows Security Products are currently installed on this device and whether they’re disabled (you may need to enable) or out of date (you may need to update).

Shows you the top five vulnerabilities for this device identified by Cisco Vulnerability Management. The details of the vulnerability are displayed, including the CVE information, publication date, if there is a fix available, and the facets of the vulnerability. Click View all to pivot to the Vulnerabilities page.

Shows you which sources Cisco XDR got this information from for this device. Where available, you can click to pivot to the source and investigate this device further from that source’s dashboard, such as:
- Open Duo Admin Dashboard in New Window
- Open Cisco Umbrella Dashboard in New Window

Shows you information from Secure Client about this device, such as the deployment, profile modules, CSC UDID, and more. Click Device Events to pivot to the Device Events page where the search is automatically populated with the device name. For more information, see the Device Events help topic.
Note: The Last Seen field shows the time of the last notification, which happens when the deployment or endpoint is updated, not when the device was last used.