Page Comparison

...

This home screen of the UA Manager, which corresponds to the hosts section in it, summarizes the size (number of agents deployed) and the overall status of the fleet.

...

• Username identifier (1): Displays the username of the active user.
• Main menu (2): There are three main sections in the UA Manager application: Hosts, which corresponds to the home or landing page in the Manager, Queries, that permits the access and execution of on-demand queries, and Packs, which is the specific section in which a number of queries can be bundled together as a single entity.
• Hosts lists (3): The central block of the Hosts section in the UA Manager application lists all discovered endpoints where the UA Agent has been deployed , and identified by their Hostname. This list of endpoints provides the following blocks of information:
  
  a. Status: Endpoints present an online status when their agent is currently connected to the UA Manager. When endpoints are signaled as online, the configuration in the UAM is being applied and the results yielded by the execution of the packs is being propagated to the UA Manager for ingestion into Devo. On the other hand, endpoints whose status is offline are not currently available, and MIA ("missing in action") correspond to these endpoints that have not established a connection to the Manager for a certain period of time.
  b. Uptime: Duration of the endpoint’s last connection to the Manager. Note this duration corresponds to the current duration of the connection for those with an active status.
  c. Hosts / endpoints information: The rest of the columns in the list provide some additional information about the endpoint: OS type and version, baseline Osquery agent version, IP address, MAC address and other hardware details (CPU, memory).

The last column in the hosts' list represent two types of clickable icons, each of them providing access a specific functionality:

• Filters block (4): Allows This allows for the application of filters to the list of endpoints displayed in the central block. For example, clicking on the Online item will make the list show only those endpoints that are currently connected to the Manager and that are therefore available for on-demand querying operations as well as actively executing the pre-configured query packs.
• New labels (5): Opens up the new labels creation interface. Please refer to the endpoints labelling labeling section of this manual for specific details.
• Additional navigation options -help, logout- (6): The help button connects the UA Manager with this public information repository provided that open Internet connectivity exists. Logout button closes the active session within the UA Manager and takes the user back to the login screen.

...

By default, the Universal Agent solution comes with three predefined labels, which correspond to the three platforms supported by the solution based on the running operating system: Windows, Linux, and macOS. The way these labels and any others are defined is by means of an SQL query. For example, this is the definition of the Windows label:

...

• SQL (1): This input box will be used to state the actual query run to define the label. The result of the query will identify those hosts matching the set criteria hence they will be tagged with the defined label.
• Description fields and target (2): Use both Name and Description fields to provide textual descriptions of the tag. Platform The platform is used to further restrict the application of the label based on the operating system running in the endpoints. Should the label be applicable to any of them, use the All platforms value.
• Documentation (3): This panel can be utilized as a reference to review the different tables existing in the data schema, as well as all columns included in each table. Typically, this element is used to assist in the process of defining the SQL query for the label.

...