Export Sensor Metadata
You can gather configuration information for multiple sensors across multiple Detection servers by exporting the information to a CSV file.
In this topic:
Retrieve the CSV file
To export sensor information to a CSV file:
In the System > Sensors screen, check the box next to the sensors whose information you want to export. Click the top checkbox to select all sensors except archived sensors.
As needed, you can use the filters feature to narrow down the list of sensors.
Click Actions and select Export to CSV.
The CSV file containing the sensor details downloads to your machine.
Sensor metadata columns
The sensors CSV file is organized as a table. Each row represents an individual sensor and each column represents configuration information about each sensor. The same metadata is also displayed in the columns of System > Sensors screen.
The table below describes each metadata column.
Note
There are small differences between how data is displayed in the UI and in the CSV (for example, CPU usage is displayed as a percentage in the UI and as a decimal value in the CSV). The example values in the table below reflect the CSV display.
Field |
Description |
Example values |
---|---|---|
Sensor ID |
Concatenation of the Detection server ID and sensor PylumID |
5b472a712d0ecdfc5b472a7: PYLUMCLIENT_CYBER_564D6A45-1988-35CF-0152-A05DBD60B987B987 |
PylumID |
Sensor identifier |
PYLUMCLIENT_CYBER_564D6A45- 1988-35CF-0152-A05DBD60B987 |
GUID |
GUID of the sensor |
761fdb262d7e4460904b6432ca4b3105 |
FQDN |
Fully qualified domain name of the machine |
cyber.cyber.local |
Machine name |
Name of the machine |
cyber |
Internal IP address |
IP address of the machine as it appears to the internal network |
123.45.67.89 |
External IP address |
External IP address of the machine as it appears across the internet |
123.45.67.89 |
Firewall control |
The Personal firewall control modes |
Advanced |
Site |
Site name as defined in the Cybereason UI |
Default |
Site ID |
The ID of the site the sensor is assigned to, if you are using Registration servers and have sites set up. |
0 |
Anti-Ransomware mode |
The Anti-Ransomware mode |
Disabled |
App Control mode |
App Control mode |
Not installed |
Isolated |
If the machine is isolated. Values are:
|
FALSE |
Disconnection time |
The last time the sensor connected to the server before disconnecting. Notes:
|
16/12/2019 09:34:02 |
Last pylumID message update time |
The last time the sensor communicated with the server. |
16/12/2019 09:34:02 |
Sensor status |
Connection state for the sensor. Values are:
|
Online |
Service status |
Main Cybereason service activity. Values are:
Note: Service status is always ‘Down’ when sensor status is ‘Offline’. |
Up |
Last status action |
The last manual action. Values are:
|
None |
Archived or unarchived comment |
The comment entered during the last archive/unarchive action |
Archiving sensor |
Sensor archived by user |
The user who performed the last archive/unarchive action |
admin |
Server name |
The Detection server name |
t1 |
Server ID |
The Detection server ID |
5b472a712d0ecdfc5b472a7 |
Server IP |
The Detection server IP |
987.65.43.21 |
OS |
The OS of the machine |
Linux |
OS version |
The OS version of the machine |
CentOS Linux 7 |
Data collection |
Collection state of the sensor. Values are:
|
Enabled |
Sensor version |
Version of the Cybereason sensor |
18.0.0 |
Console version |
Version of the console |
18 |
First seen |
The first time the sensor went online |
47:52.0 |
Uptime |
Amount of time since the sensor has been started/restarted |
20d 16:15:28 |
CPU usage |
The average CPU usage of the sensor in the last minute. The number displayed is the global CPU usage on the machine across all cores. |
0.008333194 |
Memory usage |
The memory usage in bytes |
48537600 |
Outdated |
Is the sensor version outdated? Values are:
|
FALSE |
Signature mode |
The Anti-Malware > Signatures mode |
Disabled |
Signature mode origin |
The source of the Anti-Malware > Signatures mode |
Set by Policy |
Last signature update |
The last time the Anti-Malware > Signatures database was updated |
16/12/2019 09:34:02 |
Signature DB version |
The version number of the Anti-Malware > Signatures database |
80094 |
PowerShell mode |
The PowerShell protection mode |
Disabled |
Remote Shell Status |
The status of the Remote Shell feature. Values are:
|
Disabled |
Anti-Malware mode |
The Anti-Malware mode |
Disabled |
Anti-Malware mode origin |
The source of the Anti-Malware mode |
Set by Policy |
Last full scan |
The last time a full scan was performed on the machine. Values are:
|
16/12/2019 09:34:02 |
Last quick scan |
The last time a quick scan was performed on the machine. Values are:
|
16/12/2019 09:34:02 |
Organization |
The organization name |
Internal |
Proxy address |
The proxy address if there is a proxy |
192.168.1.100 |
Last prevention error |
The last prevention error |
null |
Last exit reason |
The last sensor failure status |
Stop request received from pylum |
Actions in progress |
Number of actions sent to sensor that are in progress or pending |
0 |
Pending actions |
A list of the pending actions |
null |
Last upgrade result |
The status of the last sensor upgrade. Values are:
|
AlreadyUpdated |
Department |
Department associated with the sensor |
IT |
Device control |
The Device control modes |
Disabled |
Location |
A user-defined string representing the geographic or organizational location of the device the sensor is installed on. |
UK |
Critical Asset |
Notes whether or not the sensor is considered a critical asset. Values are:
|
TRUE |
Device Type |
User-defined string representing the type of device the sensor is installed on. |
Server |
Exploit protection mode |
The Exploit protection mode |
Enabled |
Custom tags |
Tags associated with the sensor |
demo-sensor |
AI detect mode |
The Anti-Malware > AI detect mode |
Aggressive |
AI detect mode origin |
The source of the Anti-Malware > AI detect mode |
Set by Policy |
AI prevent mode |
The Anti-Malware > AI prevent mode |
Aggressive |
AI prevent mode origin |
The source of the Anti-Malware > AI prevent mode |
Set by Policy |
Assigned Policy |
Name of the policy assigned to the sensor. Value will be ‘Default’ if assigned to the Default policy, and ‘Legacy’ for sensors not upgraded to 19.1+ |
Default |
Policy ID |
Policy ID for the sensor’s assigned policy. |
e8394fd922sd |
Policy Last Update |
Values are:
|
16/12/2019 09:34:02 |
Compliance |
|
TRUE |
Deleted by |
The Cybereason user that removed the sensor from the Sensors screen |
|
Deleted date |
The date someone removed the sensor from the Sensors screen. |
16/12/2019 09:34:02 |