Endpoint Catalog enables you to review and manage your endpoint inventory. The Endpoint Catalog includes various views and reports providing detailed and various endpoint related counts. This allows you to efficiently monitor endpoints in high scale deployments.
Some features described are available on request only. Contact your Proofpoint representative for more information.
From the Endpoint Catalog, you can review and analyze by:
-
Component: The clients installed on the endpoint. This can be the Agent or the Updater.
-
Endpoint: The actual physiclal/virtual machines.
Accessing the Endpoint Catalog View
-
From the Proofpoint Information and Cloud Security Platform, select the Administration application. Select Endpoints > Endpoint Catalog.
-
By default you view the Endpoints - Component Catalog.
An optional view by endpoint is feture is currently on request. Contact your Proofpoint representative.
Endpoint Catalog - Viewing Data
The Endpoint Catalog view provides viewing flexibility and granularity. You select the columns you want to display. You can also export the data.
Column Selection
You select the columns you want to display and can filter according to what is relevant for you.
To review and select fields you want to see in the view, click Edit Columns. Select the fields you want to display from the list that displays on the right.
Data Export
You can chose to export the data displayed to CSV, JSON or PDF format. You can download all the endpoints (up to maximum of 90,000 for CSV, 1000 for PDF and 50,000 for JSON), some endpoints or a single endpoint.
For CSV and PDF, after selecting the columns you want to see, click the arrow
next to Edit Columns in the view.
When you select JSON, not only the selected columns are exported. All columns are exported.
From Export Data, select the format and what you want to export.
Available Fields for the Columns/Export
This table describes some of the common fields. (Other fields are available and some new fields may be added in the future.)
| Field | Description |
|---|---|
| Endpoint | |
| Directory Domain | Active Directory Domain within a Microsoft Active Directory Network. For example, you can explore all activities by endpoints of a Directory Domain such as PFPTDEV. |
| Directory Organizational Unit | An Organizational Unit (OU) with an Active Directory that contains users, groups.and more. For example, you can explore all activities of an OU such as PROOFPOINT-SYS. |
| Hostname | Hostname of endpoint on which the Proofpoint Agent is installed and is monitoring. |
| City Code | City code where endpoint is located. |
| Country Code | Country code where endpoint is located. |
| Name | Name of endpoint on which the Proofpoint Agent is installed and is monitoring. |
| Network Interface IP | Network interface IP of the endpoint, such as IPv4. |
| OS Type | Operating system, Windows or Mac OS.) |
| OS Name | OS name, such as Big Sur, Microsoft Window 10 pro. You can use the operators to broaden the filte |
| Software Modules Type | Modules installed on the Endpoint, includes the Components such as Agent/Updater and also Bundle or other future modules like Content scanning. |
| Component | |
| Type | Type of component, Agent or Updater |
| Realm | Name of Agent Realm |
| Region | Region of Agent Realm |
| Tenant | Name of the tenant the endpoint belongs to. |
| Status Code |
Status of the component, such as healthy, registered, unregistered, etc. |
| Control Status | Indicates which capabilities Registered or Unregistered components can perform. This can be updated by the Administrator from Endpoint Catalog |
| Tenant | ID for component's tenent. |
| Status Causes Visibility | Show/hide the component in the grid. |
| Event | |
| Created Time | Time the Component or Endpoint record was created |
| Type | Type of event. For an Endpoint, it's "it:catalog:endpoint:event" and for a Component it's "it:catalog:component:event". |
| Observed Time | Observed UTC time that the action was performed. This reflects the last time there was action on the endpoint that is the last Heartbeat time for the Component. |
| Occurred Time | Time event occurred. |
| Time Local Date | Endpoint local time event occurred. |
Endpoint Catalog - Filter Results
You can use the filter diagram at the top of the view to help you find the information you need. Using the filter you create a search so only the information you need displays.
By default, the filter has a root node which show the default Region and Time that you can modify. (Root node also shows the Source and this cannot be modified.)
To modify the region or time, hover over the node and click the icon.
In the Filter By area, modify the Region and Time.
Observed Time can be:
-
Show all: The data shown is based on components reported in the last 6 months and shows all components that either reported or did not report in the past 7 days.
-
In the period: The data shown is what was reported in time period you selected.
-
Not in the period: The data shown is for reported data for the last 6 months except what you selected.
Graphic Insights
To help you monitor the endpoints and components, Endpoint Catalog includes graphic insights.
The following graphics are currently available in the Insights area:
Reporting Status: Shows the number of endpoints by component (Agent and Updater) reporting over the defined time period. When the time period is Show All, all components are displayed including those that reported in the past 7 days as well as those that did not.
Components Status: Shows the number of components by Healthy. Unregistered, Deleted status. You can select to see components by all statuses or by one of the statuses.
Endpoint Distribution: Shows the number of endpoints by Realm, Agent Version, Update Version and Operating System.
Endpoint Details
From any endpoint, you can view details that provide information about the endpoint, component, software modules, operating system and logs.
Click the endpoint you want and a panel opens on the right with additional details including:
-
Agent details: Type, version, last heartbeat, health status, control status and date created
-
Component: Type, version, last heartbeat, control status and date created
-
Bundle: Type, region realm and version
A detailed diagram of heartbeats is also included.
Logs
The Agent writes messages to log files that are stored locally on the endpoint. This information is accessed from the details area by the endpoint.
For troubleshooting the following features are available:
The log level for specific endpoint can be modified from the Standard compact log file to a more comprehensive log level known as Trace.
The following are the 2 log levels that can be set:
-
Default: The recommended log level that is set by default for all endpoints and that captures standard log messages written by the Agent during operation.
-
Trace: The more comprehensive log level that captures much more information than the default log level, and is usually helpful for Agent troubleshooting.
Trace log level can be turned on for a selected endpoint from the Log Level area.
Generally, trace files are much larger than the standard log files. They are stored on the endpoint local disk space. To make sure that the Trace level is not set to run continuously, you are prompted to define the duration for this level (1 hour, 1 day, 3 days, 1 week). When the time defined is reached, the trace level is restored back to the standard level.
You can set log level by log zones so that you collect trace levels for specific activities only.
Collected log files (from both Standard and Trace level) can be pulled from the endpoint in order to make them available for downloading from the console.
< Back Setting Up Endpoint Update Policies
For Advanced Configuration, see ITM / Endpoint DLP Advanced Configuration.