Metadata refers to data collected from the endpoint and uploaded to the server. Endpoint Sensor utilizes the data during a preliminary investigation to identify affected endpoints.
For details, see Preliminary Investigations.
The type of metadata collected depends on the operating system installed on the endpoint.
For Windows endpoints:
Host (name / IP address)
User account
File name
File path
Hash values (SHA-1, SHA-256 and MD5)
Registry key
Registry data
Registry name
Command line
For macOS endpoints:
-
Host (name / IP address)
-
User account
-
File name
-
File path
-
Hash values (SHA-1, SHA-256 and MD5)
-
Command line
-
Use the Policy Management screen to configure metadata settings.
-
Endpoint Sensor records SHA-1 values only by default. To use SHA-256 or MD5 hash values, update the agent policy to include additional hash types.
-
The data available during Preliminary Investigations is a subset of Security Agent data and only includes information about high risk file types. If an assessment returns no results, you may want to perform a Detailed Investigation.