Cloud System Inspector Summary

3CX

Summary

  • Production Status: Production
  • Description: A dedicated inspector for 3CX, a phone system that supports SIP soft/hard phones, VoIP services and phone lines.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: N/A

Data Views Information

Overview Data Table

  • FQDN
  • Public IP
  • AvailableLocalIPs
  • Max Sim Calls
  • Trunks Total
  • Extensions Total
  • Maintenance Expires On
  • License Expires On
  • Days Until License Expires
  • Reseller Name
  • License Key
  • Product Code
  • Support Active
  • Details about System Status: fqdn, web meeting fqdn, web meeting status, version, recording state, activated, max sim calls, max sim meeting participants, call history count, chat messages count, extensions registered, own push, public ip, local ip valid, current local ip, available local ips, extensions total, has unregistered system extensions, has stopped services, trunks registered, trunks total, calls active, blacklisted ip count, memory usage, physical memory usage, free firtual memory, total virtual memory, free physical memory, total physical memory, disk usage, free disk space, total disk space, cpu usage, cpu usage history, maintenance expires on, support active, license active, license expiration date, outbound rules, backup job scheduled, last backup on, reseller name, license key, product code, spla, days since last backup, days until license expiration
  • Details about Licensing: license key, loaded from erp, company name, contact name, e-mail, admin e-mail, telephone, country name, reseller name, version, license activated, auto-renew enabled, country id, license expires date, first activated on, product code, review status, support expires on, maintenance expires on, max sim calls, max g729 channels, sim meeting participants, pro features enabled, failover enabled, days until license expiration
  • Details about API User Account: name, initials, version, roles, e-mail, registration e-mail, console enabled, is professional, hosting mode enabled, chat log enabled, instance manager enabled, lab features enabled, exchange services enabled, call reports enabled, acquaintance

Data Tab Headers

  • Overview
  • Users
  • Trunks
  • Groups
  • IVRS
  • Inbound Rules
  • Outbound Rules
  • Ring Groups
  • Call Queues
  • Activity Logs
  • Blacklist
  • Backups
  • Phones
  • Extensions

Actionable Alerts

  • 3CX | No Scheduled Backups Present
  • 3CX | License Expires In 30 Days Or Less
  • 3CX | One Or More SIP Trunks Are Unregistered
  • 3CX | The Public IP Address Of A 3CX Instance Has Changed
  • 3CX | Call Recording Disk Usage Is At 90% Or More Capacity.

Metrics

  • 3CX: Trunk Groups Count
  • 3CX: Registered Trunks Count
  • 3CX: Registered Trunks List
  • 3CX: Backup Scheduled
  • 3CX: Unregistered Trunks Count
  • 3CX: Unregistered Trunks List
  • 3CX: Phones Count
  • 3CX: Total Extensions Count
  • 3CX: Registered Extensions Count
  • 3CX: Unregistered Extensions Count
  • 3CX: Extensions With High Alerts Count
  • 3CX: Extensions With High Alerts List
  • 3CX: Inbound Rules Count
  • 3CX: Outbound Rules Count
  • 3CX: License Maximum SIM Calls
  • 3CX: Local IP Address List
  • 3CX: License Expiring in 30 Days or Less
  • 3CX: Days Until License Expires
  • 3CX: Public IP Address
  • 3CX: Allowed IP Entries List
  • 3CX: Denied IP Entries Count
  • 3CX: Allowed IP Entries Count
  • 3CX: System Has Stopped Services
  • 3CX: Disk Usage Warning

Acronis Cyber Cloud

Summary

  • Production Status: Production
  • Description: A dedicated inspector for Acronis Cyber Cloud.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: Acronis Cyber Cloud

Data Views Information

Parent Overview Data Table

  • Tenant Name
  • Main Contact
  • Tenant MFA Status
  • Pricing Mode
  • Created At
  • Last Updated
  • Total Users
  • Total Users with Time-Based One-Time Password (TOTP) Enabled
  • Active Users With MFA vs. Total Active Users
  • Active Users Without MFA
  • Total Protected Workloads
  • Local Backup
  • Workstations
  • Servers
  • Virtual Machines
  • Microsoft 365 Seats
  • Microsoft 365 SharePoint Online Sites
  • Microsoft 365 Teams
  • Microsoft 365 Shared Seats
  • Google Workspace Seats
  • Advanced Backup - Workstations
  • Advanced Backup - Servers
  • Advanced Backup - Virtual Machines
  • Advanced Backup - Web Hosting Servers

Parent Data Tab Headers

  • Overview
  • Tenants

Child Overview Data Table

  • Tenant Name
  • Main Contact
  • Tenant MFA Status
  • Pricing Mode
  • Created At
  • Last Updated
  • Total Users
  • Total Users with Time-Based One-Time Password (TOTP) Enabled
  • Active Users With MFA vs. Total Active Users
  • Active Users Without MFA
  • Total Protected Workloads
  • Local Backup
  • Workstations
  • Servers
  • Virtual Machines
  • Microsoft 365 Seats
  • Microsoft 365 SharePoint Online Sites
  • Microsoft 365 Teams
  • Microsoft 365 Shared Seats
  • Google Workspace Seats
  • Advanced Backup - Workstations
  • Advanced Backup - Servers
  • Advanced Backup - Virtual Machines
  • Advanced Backup - Web Hosting Servers

Child Data Tab Headers

  • Overview
  • Devices
  • Users
  • Agents
  • Alerts
  • Usages
  • Resources
  • Hardware Nodes

Actionable Alerts

  • Acronis Cyber Cloud | Active Users Added/Removed/Modified
  • Acronis Cyber Cloud | Change To Machines With Backup Enabled
  • Acronis Cyber Cloud | Change To Machines With Antivirus & Antimalware Protection Enabled
  • Acronis Cyber Cloud | Change To Machines With Vulnerability Assessment Enabled
  • Acronis Cyber Cloud | Change To Machines With Patch Management Enabled
  • Acronis Cyber Cloud | Machine Not Successfully Backed Up In Last 24 Hours

Metrics

  • Acronis Cyber Cloud: Count of Active Users
  • Acronis Cyber Cloud: List of Active Users
  • Acronis Cyber Cloud: Active Users with MFA
  • Acronis Cyber Cloud: Active Users without MFA
  • Acronis Cyber Cloud: Total Protected Workloads
  • Acronis Cyber Cloud: Local Storage Used (Bytes)
  • Acronis Cyber Cloud: Count of Machines
  • Acronis Cyber Cloud: Count of Machines with Backup Enabled
  • Acronis Cyber Cloud: List of Machines with Backup Enabled
  • Acronis Cyber Cloud: List of Machines without Backup Enabled
  • Acronis Cyber Cloud: Count of Machines with Antivirus & Antimalware Protection Enabled
  • Acronis Cyber Cloud: List of Machines with Antivirus & Antimalware Protection Enabled
  • Acronis Cyber Cloud: List of Machines without Antivirus & Antimalware Protection Enabled
  • Acronis Cyber Cloud: Count of Machines with Vulnerability Assessment Enabled
  • Acronis Cyber Cloud: List of Machines with Vulnerability Assessment Enabled
  • Acronis Cyber Cloud: List of Machines without Vulnerability Assessment Enabled
  • Acronis Cyber Cloud: Count of Machines with Patch Management Enabled
  • Acronis Cyber Cloud: List of Machines with Patch Management Enabled
  • Acronis Cyber Cloud: List of Machines without Patch Management Enabled
  • Acronis Cyber Cloud: Machine Backup Summary
  • Acronis Cyber Cloud: Count of Machines Not Successfully Backed Up In Last 24 Hours
  • Acronis Cyber Cloud: List of Machines Not Successfully Backed Up In Last 24 Hours

Amazon Web Services

Summary

  • Production Status: Production
  • Description: Inspects an AWS account, returning a wide variety of data including actionable summary information such as privileged users, publicly accessible S3 buckets, and much more.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: N/A

Data Views Information

Overview Data Table

  • Account Creation Time
  • Region
  • Root Account MFA Enabled
  • Root Account API Key
  • Availability Zones in Use
  • Total API Keys
  • Users With API Keys
  • Total IAM Users
  • IAM Users
  • Total IAM Users MFA Enabled
  • IAM User Groups
  • IAM Roles
  • Total Running EC2 Instances
  • Running EC2 Instances
  • Total S3 Buckets
  • Total Publicly Accessible S3 Buckets
  • S3 Buckets
  • Total Security Groups
  • Security Groups
  • VPCs
  • Subnets

Data Tab Headers

  • Overview
  • Users
  • API Keys
  • Group Membership
  • Roles
  • Credential Report
  • VPCs
  • Subnets
  • Network ACLs
  • Network Interfaces
  • Instances
  • Security Groups
  • Volumes
  • S3 Buckets
  • S3 Bucket ACLs
  • RDS
  • CloudWatch

Actionable Alerts

  • Amazon Web Services | Auditing and Logging Not Activated
  • Amazon Web Services | Exposure to Accounts Due to Lack of Strong Authentication
  • Amazon Web Services | RDS Instance Recoverable Backup Older Than 15 Days
  • Amazon Web Services | Schedule AWS Maintenance or Other Events
  • Amazon Web Services Inspector | Change to Buckets List
  • Amazon Web Services Inspector | Change to Roles List
  • Amazon Web Services Inspector | Change to VPCs List
  • Amazon Web Services Inspector | Change to Subnet List
  • Amazon Web Services Inspector | Change to Volume List
  • Amazon Web Services Inspector | Change to NAT Gateways List
  • Amazon Web Services Inspector | Change to Virtual MFA Devices List
  • Amazon Web Services Inspector | Change to Security Groups List
  • Amazon Web Services Inspector | Change to Network ACLs List
  • Amazon Web Services Inspector | Change to IAM Enabled
  • Amazon Web Services Inspector | Change to CloudTrails Enabled
  • Amazon Web Services Inspector | Change to Strong Password Policy Enabled
  • Amazon Web Services Inspector | Change to Root Access Keys Enabled
  • Amazon Web Services Inspector | Change to Number of API Keys

Metrics

  • Amazon Web Services: Publicly Accessible S3 Bucket Count
  • Amazon Web Services: Users with API Keys List
  • Amazon Web Services: API Keys Count
  • Amazon Web Services: Running EC2 Instances
  • Amazon Web Services: SystemInfo
  • Amazon Web Services: Roles List
  • Amazon Web Services: Users List
  • Amazon Web Services: Availability Zones List
  • Amazon Web Services: Groups List
  • Amazon Web Services: Region List
  • Amazon Web Services: Subnets List
  • Amazon Web Services: S3 Buckets List
  • Amazon Web Services: IAM Users Count
  • Amazon Web Services: S3 Buckets Count
  • Amazon Web Services: Security Groups Count
  • Amazon Web Services: Running EC2 Instances List
  • Amazon Web Services: Num IAM Users MFA Enabled
  • Amazon Web Services: Root Account MFA Enabled
  • Amazon Web Services: Running EC2 Instances Count
  • Amazon Web Services: Bucket List
  • Amazon Web Services: Role List
  • Amazon Web Services: VPC List
  • Amazon Web Services: Subnet List
  • Amazon Web Services: Volume List
  • Amazon Web Services: NAT Gateways List
  • Amazon Web Services: Virtual MFA Devices List
  • Amazon Web Services: Security Groups List
  • Amazon Web Services: Network ACLs List
  • Amazon Web Services: IAM Enabled
  • Amazon Web Services: CloudTrails Enabled
  • Amazon Web Services: Strong Password Policy Enabled
  • Amazon Web Services: Root Access Keys
  • Amazon Web Services: Users without MFA Enabled List 2
  • Amazon Web Services: Users without MFA Enabled List
  • Amazon Web Services: RDS Instances with Recoverable Backup Older Than 15 Days List
  • Amazon Web Services: RDS Instances with Recoverable Backup Older Than 15 Days Count
  • Amazon Web Services: EC2 Instances with Status Alerts List
  • Amazon Web Services: EC2 Instances with Status Alerts Count

Azure

Summary

  • Production Status: Production
  • Description: Inspects a Microsoft Azure account, returning data including virtual machines, Azure AD users and groups, and network security groups.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: N/A

Data Views Information

Overview Data Table

  • Users
  • Groups
  • Subscriptions
  • ResourceGroups
  • VirtualMachines
  • VirtualNetworks
  • Disks
  • Subscriptions
  • ResourceGroups
  • VirtualMachines
  • VirtualNetworks

Data Tab Headers

  • Overview
  • Users
  • Groups
  • Subscriptions
  • Resource Groups
  • Virtual Machines
  • Virtual Networks
  • Network Security Groups

Actionable Alerts

  • Azure Inspector | Network Security Rules with Exposed Default RDP Port
  • Azure Inspector | Network Security Rules with Default RDP Port

Metrics

  • Azure: Virtual Machine Count
  • Azure: Subnets List
  • Azure: Disabled Accounts List
  • Azure: Enabled Subscriptions Count
  • Azure: SystemInfo
  • Azure: Virtual Machines List
  • Azure: Security Rules
  • Azure: Active Users Email List
  • Azure Inspector: Network Security Rules with Exposed Default RDP Port Count
  • Azure Inspector: Network Security Rules with Exposed Default RDP Port List
  • Azure Inspector: Network Security Rules with Default RDP Port Count
  • Azure Inspector: Network Security Rules with Exposed Default RDP Port List II

Box.com

Summary

  • Production Status: Production
  • Description: Inspects a box.com account. This is an early release inspector which has not been tested on a production environment yet and may require assistance from the Liongard team to get working initially.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: N/A

Data Views Information

Overview Data Table

  • Users
  • Groups
  • DevicePins

Data Tab Headers

  • Overview
  • Users
  • Groups
  • Device Pins

Actionable Alerts

Metrics

  • Box: SystemInfo

Cisco Umbrella

Summary

  • Production Status: Production
  • Description: Inspects a Cisco Umbrella MSP account, landing child inspectors for each customer tenant. The child inspectors return data about permissions into the Umbrella tenant and protected clients.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: Cisco Umbrella

Data Views Information

Child Overview Data Table

  • Total Users
  • Total Roles
  • Total Sites
  • Total Networks
  • Total Internal Networks
  • Total Virtual Appliances
  • Total Roaming Computers
  • Roaming Computers (Off)
  • Roaming Computers (Open)
  • Roaming Computers (Encrypted)
  • Roaming Computers (VA)

Child Data Tab Headers

  • Overview
  • Users
  • Roles
  • Networks
  • Internal Networks
  • Network Devices
  • Virtual Appliances
  • Roaming Computers
  • Sites
  • Policies

Actionable Alerts

Metrics

  • Cisco Umbrella: Unverified Networks List
  • Cisco Umbrella: Active Users Without MFA Count
  • Cisco Umbrella: List of Devices

Cloudflare

Summary

  • Production Status: Production
  • Description: A dedicated inspector for Cloudflare, a web infrastructure and website security platform.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: Cloudflare, Internet Domain/DNS

Data Views Information

Parent Overview Data Table

  • API Expiration
  • Account's
  • Total Accounts
  • Accounts Without 2fa Enforced
  • Total Zones
  • Zones

Parent Data Tab Headers

  • Overview
  • Accounts
  • Zones
  • DNS Records
  • Page Rules
  • Settings
  • Audit Logs

Child Overview Data Table

  • API Expiration
  • Account Name
  • Enforced 2FA
  • Access Approval Expiry
  • Custom Nameserver By Default
  • Created On
  • Recent Logs
  • Total Users
  • Total Zones
  • Zones

Child Data Tab Headers

  • Overview
  • Zones
  • DNS Records
  • Page Rules
  • Settings
  • Audit Logs

Actionable Alerts

  • Cloudflare | One or More Account Members Do Not Have 2FA Enabled
  • Cloudflare | The Number of Admin Members of One or More Accounts Has Changed
  • Cloudflare | One or More Zones Are Configured to Using TLS v1/v2 Only
  • Cloudflare | One or More Zones Were Flagged for Phishing
  • Cloudflare | Cloudflare API Access Will Expire Within 15 Days

Metrics

  • Cloudflare: Accounts Count
  • Cloudflare: Total Members Count
  • Cloudflare: Total Zones Count
  • Cloudflare: Active Zones Count
  • Cloudflare: Zones In Dev Mode Count
  • Cloudflare: Zones In Dev Mode List
  • Cloudflare: Zones With Phishing Detected Count
  • Cloudflare: Zones With Phishing Detected List
  • Cloudflare: Total DNS Records Count
  • Cloudflare: Account Members Without 2FA Enabled Count
  • Cloudflare: Account Members Without 2FA Enabled List
  • Cloudflare: Account Admin Members Count
  • Cloudflare: Account Admin Members List
  • Cloudflare: Zones Using TLS v1/v2 Only Count
  • Cloudflare: Zones Using TLS v1/v2 Only List
  • Cloudflare: Zones Without Forced HTTPS List
  • Cloudflare: Zones Without Forced HTTPS Count
  • Cloudflare: Zones With Phishing Detected List II
  • Cloudflare: Zones With Phishing Detected Count II
  • Cloudflare: Account Members Without 2FA List
  • Cloudflare: Account Members Without 2FA Count
  • Cloudflare: Days Until API Access Expires

Dropbox

Summary

  • Production Status: Production
  • Description: This is an early release inspector which has not been tested on a production environment yet and may require assistance from the Liongard team to get working initially.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: N/A

Data Views Information

Overview Data Table

  • Name
  • Team ID
  • Number of Licensed Users
  • Number of Provisioned Users
  • Shared Folder Join
  • Shared Folder Member
  • Shared Link Create
  • Enterprise Mobility Management
  • Microsoft Office Add-In

Data Tab Headers

  • Overview
  • Groups
  • Folders
  • Members
  • Memberships
  • Namespaces
  • Storage
  • Device Activity
  • Member Activity

Actionable Alerts

Metrics

ESET Licensing

Summary

  • Production Status: Production
  • Description: A dedicated inspector for ESETs MSP Administrative Portal 2, which is a licensing management system for ESET MSP partners. ESET's MSP Portal allows for management and history of licenses across their customers.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: ESET Licensing

Data Views Information

Overview Data Table

  • Company Name
  • Type
  • Status
  • System Email
  • Address
  • Comments
  • Tags
  • VAT ID
  • Trials Allowed
  • Custom Identifier

Data Tab Headers

  • Overview
  • Users
  • Licenses
  • License History

Actionable Alerts

  • ESET Licensing | Change to Privileged Users
  • ESET Licensing | Change to License Usage Summary
  • ESET Licensing | Licenses in a Error State
  • ESET Licensing | Licenses in a Suspended State
  • ESET Licensing | Licenses in a Warning State
  • ESET Licensing | 30 Days until Trial License Expires

Metrics

  • ESET Licensing: Count of Privileged Users
  • ESET Licensing: List of Privileged Users
  • ESET Licensing: Count of Active Users
  • ESET Licensing: List of Active Users
  • ESET Licensing: Total User Count Waiting for Activation/Activation Link Expired
  • ESET Licensing: Total User List Waiting for Activation/Activation Link Expired
  • ESET Licensing: License Usage Summary
  • ESET Licensing: Count of Licenses in an Error State
  • ESET Licensing: List of Licenses in an Error State
  • ESET Licensing: Count of Licenses in a Suspended State
  • ESET Licensing: List of Licenses in a Suspended State
  • ESET Licensing: Count of Licenses in a Warning State
  • ESET Licensing: List of Licenses in a Warning State
  • ESET Licensing: Count of Trial Licenses Expiring in 30 days
  • ESET Licensing: List of Trial Licenses Expiring in 30 days

GoDaddy

Summary

Data Views Information

Overview Data Table

  • Total Active Domains
  • Active Domains
  • Total Domains
  • Total Orders
  • Total Subscriptions

Data Tab Headers

  • Overview
  • Domains
  • Subscriptions
  • Orders

Actionable Alerts

Metrics

Google Drive

Summary

  • Production Status: Production
  • Description: A dedicated inspector for Google Drive, a file storage and synchronization service developed by Google
  • Documentation
  • Inspector Category: Cloud
  • Discovers: Google Drive

Data Views Information

Overview Data Table

  • Domain(s)
  • Total Users
  • Total Groups
  • Total Shared Drives
  • Total Top-Level Folders
  • Total Shared Top-Level Folders
  • Can Be Edited
  • Can Be Read
  • Can Be Commented-On

Data Tab Headers

  • Overview
  • Users
  • Groups
  • Top-Level Folders
  • Shared Drives

Actionable Alerts

  • Google Drive | Change to Top-Level Folders Accessible To Internet (Can Be Edited)
  • Google Drive | Change to Top-Level Folders Accessible To Internet (Can Be Read)

Metrics

  • Google Drive: Users List
  • Google Drive: Shared Drives Summary
  • Google Drive: Shared Drives List
  • Google Drive: Top-Level Folders Accessible To Internet (Can Be Edited)
  • Google Drive: Top-Level Folders Accessible To Internet (Can Be Read)
  • Google Drive: Top-Level Folders Accessible To Internet (Can Be Commented-On)

Google Workspace

Summary

  • Production Status: Production
  • Description: Inspects a Google Workspace account, bringing back information about users, groups, organizational units, and more.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: Google Workspace

Data Views Information

Parent Overview Data Table

  • Domain(s)
  • Total Active User(s)
  • Total Privileged User(s)
  • Super Administrator User(s)
  • Total Suspended User(s)
  • Total Archived User(s)
  • Total User(s) Enrolled in 2-Step Verification
  • Total User(s) Not Enrolled in 2-Step Verification
  • Total Delegated Admin(s)

Parent Data Tab Headers

  • Overview
  • Licensing
  • Users
  • Groups
  • Domains
  • Organizational Units
  • Roles
  • Role Assignments
  • Privileges
  • Devices
  • Resource Calendars
  • Subscriptions
  • Customers

Child Overview Data Table

  • Domain(s)
  • Total Active User(s)
  • Total Privileged User(s)
  • Super Administrator User(s)
  • Total Suspended User(s)
  • Total Archived User(s)
  • Total User(s) Enrolled in 2-Step Verification
  • Total User(s) Not Enrolled in 2-Step Verification
  • Total Delegated Admin(s)

Child Data Tab Headers

  • Overview
  • Licensing
  • Users
  • Groups
  • Domains
  • Organizational Units
  • Roles
  • Role Assignments
  • Privileges
  • Devices
  • Resource Calendars

Actionable Alerts

  • Google Workspace Inspector | Roles Added/Removed/Modified
  • Google Workspace Inspector | Active Users Added/Removed/Modified
  • Google Workspace Inspector | Groups Added/Removed/Modified
  • Google Workspace Inspector | Domains Added/Removed/Modified
  • Google Workspace Inspector | Privileges Added/Removed/Modified
  • Google Workspace Inspector | Mobile Devices Added/Removed/Modified
  • Google Workspace Inspector | Subscription License Count Modified
  • Google Workspace Inspector | Resource Calendar Added/Removed/Modified
  • Google Workspace Inspector | Organizational Units Added/Removed/Modified
  • Google Workspace Inspector | MFA Not Enabled on Enforced Account
  • Google Workspace Inspector | Stale User Accounts
  • Google Workspace Inspector | Non-Admin Created Groups

Metrics

  • Google G Suite: User Count
  • Google G Suite: User List
  • Google G Suite: Admin User Count
  • Google G Suite: Admin User List
  • Google G Suite: Mobile Device Count
  • Google G Suite: Users With MFA Enforced Count
  • Google G Suite: Users With MFA Enforced List
  • Google G Suite: Users Without MFA Enforced Count
  • Google G Suite: Users Without MFA Enforced List
  • Google G Suite: Users With MFA Enrolled Count
  • Google G Suite: Users With MFA Enrolled List
  • Google G Suite: Users Without MFA Enrolled Count
  • Google G Suite: Users Without MFA Enrolled List
  • Google G Suite: Non-Free or Trial Subscription Count
  • Google G Suite: Non-Free or Trial Subscription List
  • Google G Suite: Role Summary
  • Google G Suite: Active Users Email List
  • Google G Suite: Active Users Count
  • Google G Suite: Active User Summary
  • Google G Suite: Group Summary
  • Google G Suite: Domain Summary
  • Google G Suite: Privilege Summary
  • Google G Suite: Mobile Device Summary
  • Google G Suite: Subscription License Summary
  • Google G Suite: Resource Calendar Summary
  • Google G Suite: Organizational Unit Summary
  • Google G Suite Inspector: Accounts with MFA Enforced but Not Enabled List
  • Google G Suite Inspector: Accounts with MFA Enforced but Not Enabled Count
  • Google G Suite Inspector: Stale User Accounts List
  • Google G Suite Inspector: Stale User Accounts Count
  • Google G Suite Inspector: Non-Admin Created Groups List
  • Google G Suite Inspector: Non-Admin Created Groups Count

Identity Monitoring

Summary

  • Production Status: Production
  • Description: Inspects haveibeenpwned.com for the list of email addresses provided to identify customers that have been a part of a known data breach. Next steps will include multi-tenancy and auto-discovery of email addresses known to Roar into this inspector.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: N/A

Data Views Information

Overview Data Table

  • Name
  • Total Number of Breaches
  • Total Users With Breaches

Data Tab Headers

  • Overview
  • Users
  • Breaches
  • Breach Details

Actionable Alerts

  • Identity Monitoring Inspector | User Breach Identified
  • Identity Monitoring Inspector | User Change Added/Removed/Modified

Metrics

  • Identity Monitoring: Total Breaches Count
  • Identity Monitoring: Users with Data Breaches Count
  • Identity Monitoring: Breaches Summary
  • Identity Monitoring: Email List
  • Identity Monitoring: Breaches Summary with Data Classes
  • Identity Monitoring: List of Users with Password Related Breaches
  • Identity Monitoring: Count of Users with Password Related Breaches
  • Identity Monitoring: List of Breaches [Power BI]

Internet Domain/DNS

Summary

  • Production Status: Production
  • Description: Inspects a public Internet domain, returning a wide variety of data including DNS records with MX information, registration, and expiration data.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: TLS/SSL

Data Views Information

Overview Data Table

  • Domain Name
  • Domain Registrar
  • Domain Created On
  • Domain Updated On
  • Domain Expires On
  • Domain Registrant
  • Domain Admin
  • Domain Tech
  • DNS Hosting Vendor
  • DNS Hosting Region
  • Domain Name Servers
  • DNS A Record
  • DNS Protection (DNSSEC)
  • Website Detected
  • Website URL
  • Website Title
  • Website Hosting
  • Website Region
  • Website TLS/SSL
  • Email Detected
  • Email - MX (Mail) Record
  • Email Hosting Vendors
  • Email Hosting IP Addresses
  • Email Hosting Region
  • Approved Email Senders (SPF)
  • Domain-based Message Auth, Reporting & Conformance (DMARC)

Data Tab Headers

  • Overview
  • DNS

Actionable Alerts

  • Internet Domain | DNS Poisoning Exposure
  • Internet Domain | Email Forgery Exposure
  • Internet Domain | Email Forgery Exposure from Rogue Source
  • Internet Domain | Email Forgery Exposure from Unmatched Source
  • Internet Domain | Expiration
  • Internet Domain | Web Traffic Exposure to Sniffing and Lack of Website Validation
  • Internet Domain | Change to NS Record
  • Internet Domain | Change to MX Record
  • Internet Domain | Change to SPF Record
  • Internet Domain | Change to A Record
  • Internet Domain | Registrant Contact Details Modified
  • Internet Domain | Admin Contact Details Modified
  • Internet Domain | DNSSEC Records Modified
  • Internet Domain/DNS Inspector | Change to SRV Record

Metrics

  • Internet Domain/DNS: Days Until Expiration
  • Internet Domain/DNS: Registrar
  • Internet Domain/DNS: MX Records
  • Internet Domain/DNS: SPF & DMARC Records Both Present
  • Internet Domain/DNS: SystemInfo
  • Internet Domain/DNS: DNS NS Record List
  • Internet Domain/DNS: DNS MX Record List
  • Internet Domain/DNS: DNS A Record Summary
  • Internet Domain/DNS: DNS Start of Authority
  • Internet Domain/DNS: DNS TTLs
  • Internet Domain/DNS: DNSSEC
  • Internet Domain/DNS: SPF Records
  • Internet Domain/DNS: NS Record Summary
  • Internet Domain/DNS: MX Record Summary
  • Internet Domain/DNS: Domain Modified Time
  • Internet Domain/DNS: Registrant Contact
  • Internet Domain/DNS: Admin Contact
  • Internet Domain/DNS: DNSSEC Record Summary
  • Internet Domain/DNS: SRV Record Summary
  • Internet Domain/DNS: SSL Certificate Names Match
  • Internet Domain/DNS: Days Until Domain Expiration
  • Internet Domain/DNS: Days Until SSL Certificate Expiration
  • Internet Domain/DNS: SSL Certificate Ciphers Supported List
  • Internet Domain/DNS: Certificate Has SHA1 in Chain
  • Internet Domain/DNS: DNSSEC Records Count
  • Internet Domain/DNS: DMARC Exists on Domain
  • Internet Domain/DNS: DKIM Found on Domain
  • Internet Domain/DNS: SPF Exists on Domain
  • Internet Domain/DNS: SPF all Statement Exists on Domain
  • Internet Domain/DNS: Expiration Date
  • Internet Domain/DNS: SSL Certificate Exists

JumpCloud

Summary

  • Production Status: Production
  • Description: A dedicated inspector for the JumpCloud platform which is an Azure AD alternative with user management, Web App SSO, Cloud LDAP, SaaS RADIUS, GPO-like policies for Mac, Linux, and Windows.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: JumpCloud

Data Views Information

Parent Overview Data Table

  • Total Organizations
  • Total Directories
  • Total Users
  • Total Systems
  • displayName
  • created
  • hasStripeCustomerId
  • systemInsights
  • systemUserPasswordExpirationInDays
  • passwordCompliance
  • pendingDelete
  • enableO365

Parent Data Tab Headers

  • Overview

Child Overview Data Table

  • Total Organizations
  • Total Directories
  • Total Users
  • Total Systems
  • displayName
  • created
  • hasStripeCustomerId
  • systemInsights
  • systemUserPasswordExpirationInDays
  • passwordCompliance
  • pendingDelete
  • enableO365

Child Data Tab Headers

  • Overview
  • Users
  • Groups
  • Directories
  • Systems
  • Commands
  • Applications
  • Policies
  • Apple MDM

Actionable Alerts

  • JumpCloud | Change to Locked User Accounts
  • JumpCloud | Change to Systems with Failed Policies
  • JumpCloud | Change to Systems with Failed Commands

Metrics

  • JumpCloud: Systems with Failed Policies List
  • JumpCloud: Systems with Failed Commands List
  • JumpCloud: Systems with Failed Policies Count
  • JumpCloud: Systems with Failed Commands Count
  • JumpCloud: Locked User Accounts Count
  • JumpCloud: User Accounts with No Password Expiration Count
  • JumpCloud: Locked User Accounts List

KnowBe4

Summary

  • Production Status: Production
  • Description: A dedicated inspector for KnowBe4, a security awareness training platform.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: N/A

Data Views Information

Overview Data Table

  • Name
  • Type
  • Subscription Level
  • Subscription End Date
  • Admins
  • Number of Seats
  • Current Risk Score
  • Total Users
  • Total Groups
  • Total Campaigns
  • Total Phishing Tests
  • Active Campaigns

Data Tab Headers

  • Overview
  • Users
  • Groups
  • Campaigns
  • Phishing Tests
  • Training

Actionable Alerts

  • KnowBe4 | One Or More Users Have Past Due Training Items

Metrics

  • KnowBe4: Average User Risk Score
  • KnowBe4: Highest Risk User
  • KnowBe4: Closed Campaigns Phishing Prone Percentages List
  • KnowBe4: Active Campaigns Phishing Prone Percentages List
  • KnowBe4: Active Campaign with the Highest Phish Prone Percentage
  • KnowBe4: Historical Campaign with the Highest Phish Prone Percentage
  • KnowBe4: Active Campaigns - Days Since Last Run List
  • KnowBe4: Users Count
  • KnowBe4: Campaigns Count
  • KnowBe4: Active Campaigns List
  • KnowBe4: Total Number of Seats
  • KnowBe4: Current Risk Score
  • KnowBe4: Active Campaigns With Bounces List
  • KnowBe4: Active Campaigns With Bounces Count
  • KnowBe4: Average Training Completion Time
  • KnowBe4: Training Enrollments With a Score of Under 85 List
  • KnowBe4: Past Due Training Enrollments List
  • KnowBe4: Past Due Training Enrollments Count

Microsoft 365

Summary

  • Production Status: Production
  • Description: Inspects the suite of Microsoft Cloud Service Products including Microsoft 365, Azure Active Directory, OneDrive, Teams, and Sharepoint using Microsoft Graph API, returning a wide variety of data including licensing, users, groups, mail routing, and actionable summary information such as security policies and unused license counts.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: Microsoft 365

Data Views Information

Parent Overview Data Table

  • Company Name
  • Email Domain (Default)
  • Email Domain (Initial)
  • Domains
  • Address
  • Tenant Secure Score vs. Maximum Secure Score
  • Total Active Users
  • Total Privileged Users
  • Privileged Users
  • Total Disabled Users
  • Total Licensed Users
  • Total Unlicensed Users
  • Total Assigned Licenses
  • Assigned Licenses Summary
  • Details about Syncing: Organization Name, Directory Sync Enabled, Directory Last Sync Date

Parent Data Tab Headers

  • Overview
  • Licensing
  • Users
  • Roles
  • Groups
  • Mailboxes
  • Secure Score
  • Domains
  • Organization
  • Applications
  • Service Principals
  • Sites
  • Contracts

Child Overview Data Table

  • Microsoft Entra ID
    • Total Users
    • Total Enabled Users
    • Total licensed Users
    • Total Guest Users
    • Total Microsoft 365 Groups
    • Total Security Groups
    • Total Mail-Enabled Security Groups
    • Total Distribution Groups
    • Total Licensed Products
    • Total Global Admins
  • Security
    • Total Users with MFA Registered
    • Total Risky Users
    • Security Defaults (Enabled or Disabled)
  • Exchange Online
    • Total Mailboxes
    • Total Inactive Mailboxes Last 7/30/180 Days

Child Data Tab Headers

  • Overview
  • Licensing
  • Users
  • Groups
  • Exchange Online
  • Security
  • Devices
  • Applications
  • Intune
  • Teams
  • Sharepoint
  • OneDrive

Actionable Alerts

  • Azure Active Directory | High Level and At Risk User Identified
  • Azure Active Directory | Medium Level and At Risk User Identified
  • Azure Active Directory | Application Sign-in Success has dropped below 60%
  • Azure Active Directory | Changes to Managed App Policies Assignment
  • Azure Active Directory | Change to Conditional Access Policy State
  • Azure Active Directory | Change to Security Defaults Enable Status
  • Microsoft 365 | Exposure to Privileged Account(s) Due to Lack of Strong Authentication
  • Microsoft 365 | Serious Exposure to Privileged Account(s) Due to Overuse
  • Microsoft 365 | Exposure to Account(s) With Weak Password
  • Microsoft 365 | Multiple Unassigned Microsoft 365 Licenses
  • Microsoft 365 | Exposure to User Account(s) Due to Lack of Strong Authentication
  • Microsoft 365 | Exposure to Suspicious Sign-Ins
  • Microsoft 365 | Users with Risk Policy Disabled
  • Microsoft 365 | Exposure to Stale or Disused User Accounts
  • Microsoft 365 | Change to Enabled Users
  • Microsoft 365 | Change to Active Mail Users
  • Microsoft 365 | Change to Privileged Users
  • Microsoft 365 | Change to License Summary Info
  • Microsoft 365 | Change to Directory Sync Enablement
  • Microsoft 365 | Active Roles Added/Removed
  • Microsoft 365 | Groups Added/Removed
  • Microsoft 365 | Multiple Unassigned Azure Directory Service Licenses
  • Microsoft 365 | Multiple Unassigned Dynamics 365 Licenses
  • Microsoft 365 | Multiple Unassigned Enterprise Mobility + Security Licenses
  • Microsoft 365 | Multiple Unassigned Exchange Online Licenses
  • Microsoft 365 | Multiple Unassigned Microsoft 365, Dynamics CRM and Intune Licenses
  • Microsoft 365 | Multiple Unassigned One Drive Licenses
  • Microsoft 365 | Multiple Unassigned Power BI Licenses
  • Microsoft 365 | Multiple Unassigned Project Licenses
  • Microsoft 365 | Multiple Unassigned Sharepoint and Skype for Business Licenses
  • Microsoft 365 | Multiple Unassigned Visio Licenses
  • Microsoft 365 | Multiple Unassigned Windows 10 Enterprise E3 Licenses
  • Microsoft 365 | External Forwarding Rule Added/Removed/Modified
  • Microsoft 365 | Internal Forwarding Rule Added/Removed/Modified
  • Microsoft 365 | Disabled Users with Licenses
  • Microsoft 365 | Users Exceeding Mailbox Issue Warning Quota
  • Microsoft 365 | Prepaid Licenses In A Warning State
  • Microsoft 365 | Hours Since Last Directory Sync >=24
  • Microsoft Teams | Teams Added/Removed/Modified
  • Microsoft Teams | Channels Added/Removed/Modified
  • Microsoft Teams | User Teams Membership Added/Removed/Modified

Metrics

  • Azure Active Directory: Group List
  • Azure Active Directory: Conditional Access Policies List
  • Azure Active Directory: Active Guest User List
  • Azure Active Directory: Active Members User List
  • Azure Active Directory: Active Users Count
  • Azure Active Directory: Users Identified as High and At Risk Count
  • Azure Active Directory: Users Identified as Medium and At Risk Count
  • Azure Active Directory: Users Identified as High and At Risk List
  • Azure Active Directory: Users Identified as Medium and At Risk List
  • Azure Active Directory: Security Defaults Enabled Status
  • Azure Active Directory: Report List of Sign-ins from outside the US
  • Azure Active Directory: Sign-in Report List
  • Azure Active Directory: Non-Compliant Device List
  • Azure Active Directory: Non-Compliant Device Count
  • Azure Active Directory: Unencrypted Device List
  • Azure Active Directory: Unencrypted Device Count
  • Azure Active Directory: Users not registered for MFA Count
  • Azure Active Directory: Users not registered for MFA List
  • Azure Active Directory: Enabled Administrative Roles List
  • Azure Active Directory: Assigned App Policies List
  • Azure Active Directory: Applications with Sign-in Percentage less than 60% Count
  • Azure Active Directory: Applications with Sign-in Percentage less than 60% List
  • Azure Active Directory: Devices with Unknown Compliance Count
  • Azure Active Directory: Total Devices Not Enrolled Count
  • Azure Active Directory: Organizations With Directory Sync Enabled And >= 1 Day Since Last Sync List
  • Azure Active Directory: Devices List [Power BI]
  • Azure Active Directory: Computers Details [PowerBI]
  • Azure Active Directory: Mailnicknames for Active Users List [Power BI]
  • Azure Active Directory: Users and Assigned Groups List [Power BI]
  • Microsoft OneDrive: Total Users Count
  • Microsoft OneDrive: Total Groups Count
  • Microsoft OneDrive: Total Drives Count
  • Microsoft OneDrive: Directory Quota Used
  • Microsoft OneDrive: Directory Quota Limit
  • Microsoft OneDrive: Directory Quota Summary
  • Microsoft OneDrive: Largest Drive Size and Owner
  • Microsoft OneDrive: Average Drive Contents Size
  • Microsoft OneDrive: Total Size of All Drives
  • Microsoft SharePoint: Total Lists Count
  • Microsoft SharePoint: Total Drives Count
  • Microsoft SharePoint: Total Sites Count
  • Microsoft SharePoint: Total Pages Count
  • Microsoft SharePoint: Drives with Under 5GB Remaining in Quota List
  • Microsoft SharePoint: Drives with Under 5GB Remaining in Quota Count
  • Microsoft Teams: Teams Summary
  • Microsoft Teams: Channel Summary
  • Microsoft Teams: User Team Summary
  • Microsoft Teams: Count of Private Teams
  • Microsoft Teams: List of Private Teams
  • Microsoft Teams: Count of Privileged Users
  • Microsoft Teams: List of Privileged Users
  • Microsoft Teams: Count of Archived Teams
  • Microsoft Teams: List of Archived Teams
  • Office 365: Associated Domains
  • Office 365: Active Users Email List
  • Office 365: Privileged Users Count
  • Office 365: Licenses Consumed Count - Enterprise E3
  • Office 365: Licenses Consumed Count - Enterprise E5
  • Office 365: Licenses Consumed Count - Enterprise Mobility + Security E5
  • Office 365: Unlicensed User Count
  • Office 365: Licensed User Count
  • Office 365: Assigned License Summary
  • Office 365: Assigned License Count
  • Office 365: Disabled User Count
  • Office 365: Active User Count
  • Office 365: Licenses Consumed Count - Exchange Online (Plan 1)
  • Office 365: Licenses Consumed Count - Free Flow
  • Office 365: Licenses Consumed Count - Microsoft 365 Business Basic
  • Office 365: Licenses Consumed Count - Microsoft 365 Business Standard
  • Office 365: Licenses Consumed Count - Microsoft 365 Apps for Enterprise
  • Office 365: Licenses Consumed Count - Power BI (Free)
  • Office 365: Licenses Consumed Count - Power BI Pro
  • Office 365: Licenses Consumed Count - Visio Pro for Office 365
  • Office 365: Mailbox Rules with Errors Count
  • Office 365: Mailbox Rules with Errors List
  • Office 365: Mailbox Rules Count
  • Office 365: Office 365 E3 Active Licenses Count
  • Office 365: Office 365 E3 Assigned Licenses Count
  • Office 365: Office 365 E5 Active Licenses Count
  • Office 365: Office 365 E5 Assigned Licenses Count
  • Office 365: Enterprise Mobility + Security E3 Active Licenses Count
  • Office 365: Enterprise Mobility + Security E3 Assigned Licenses Count
  • Office 365: Enterprise Mobility + Security E5 Active Licenses Count
  • Office 365: Enterprise Mobility + Security E5 Assigned Licenses Count
  • Office 365: Exchange Online (Plan 1) Active Licenses Count
  • Office 365: Exchange Online (Plan 1) Assigned Licenses Count
  • Office 365: Exchange Online (Plan 2) Active Licenses Count
  • Office 365: Exchange Online (Plan 2) Assigned Licenses Count
  • Office 365: Office 365 F1 Active Licenses Count
  • Office 365: Office 365 F1 Assigned Licenses Count
  • Office 365: Microsoft 365 Apps for Enterprise Active Licenses Count
  • Office 365: Microsoft 365 Apps for Enterprise Assigned Licenses Count
  • Office 365: Microsoft 365 Business Basic Active Licenses Count
  • Office 365: Microsoft 365 Business Basic Assigned Licenses Count
  • Office 365: Microsoft 365 Apps for Business Active Licenses Count
  • Office 365: Microsoft 365 Apps for Business Assigned Licenses Count
  • Office 365: Microsoft 365 Business Standard Active Licenses Count
  • Office 365: Microsoft 365 Business Standard Assigned Licenses Count
  • Office 365: Office 365 Small Business Active Licenses Count
  • Office 365: Office 365 Small Business Assigned Licenses Count
  • Office 365: Office 365 Small Business Premium Active Licenses Count
  • Office 365: Office 365 Small Business Premium Assigned Licenses Count
  • Office 365: Office 365 Enterprise E2 Active Licenses Count
  • Office 365: Office 365 Enterprise E2 Assigned Licenses Count
  • Office 365: Office 365 Enterprise E1 Active Licenses Count
  • Office 365: Office 365 Enterprise E1 Assigned Licenses Count
  • Office 365: SystemInfo Overview
  • Office 365: Users List
  • Office 365: Privileged Users List
  • Office 365: Role Members
  • Office 365: Apps List
  • Office 365: Group Members
  • Office 365: Groups List
  • Office 365: Domains List
  • Office 365: Licenses
  • Office 365: Active User Summary
  • Office 365: Active Mail User Summary
  • Office 365: Privileged User Summary
  • Office 365: Directory Sync Enabled
  • Office 365: Company Name
  • Office 365: Active Roles List
  • Office 365: External Forwarding Rule Summary
  • Office 365: Internal Forwarding Rule Summary
  • Office 365: Admin Users with MFA Disabled Count
  • Office 365: Privileged Users with Overuse Count
  • Office 365: Privileged Users with Overuse List
  • Office 365: Accounts with Weak Passwords List
  • Office 365: Accounts with Weak Passwords Count
  • Office 365: Unassigned SMB and Enterprise License Summary
  • Office 365: Unassigned SMB and Enterprise License Count
  • Office 365: Non-Admin Users with MFA Disabled Count
  • Office 365: Users with Sign-In Risk Policy Disabled Count
  • Office 365: Users with Risk Policy Disabled Count
  • Office 365: Stale or Disused User Accounts List
  • Office 365: Stale or Disused User Accounts Count
  • Office 365: Unassigned Azure Directory License Summary
  • Office 365: Unassigned Azure Directory License Count
  • Office 365: Unassigned Dynamics 365 License Summary
  • Office 365: Unassigned Dynamics 365 License Count
  • Office 365: Unassigned Enterprise Mobility + Security License Summary
  • Office 365: Unassigned Enterprise Mobility + Security License Count
  • Office 365: Enabled Accounts Count
  • Office 365: Unassigned Exchange Online License Summary
  • Office 365: Unassigned Exchange Online License Count
  • Office 365: Unassigned Microsoft 365, Dynamics CRM and Intune License Summary
  • Office 365: Unassigned Microsoft 365, Dynamics CRM and Intune License Count
  • Office 365: Unassigned OneDrive License Summary
  • Office 365: Unassigned OneDrive License Count
  • Office 365: Unassigned Power BI License Summary
  • Office 365: Unassigned Power BI License Count
  • Office 365: Unassigned Project License Summary
  • Office 365: Unassigned Project License Count
  • Office 365: Unassigned Sharepoint and Skype for Business License Summary
  • Office 365: Unassigned Sharepoint and Skype for Business License Count
  • Office 365: Unassigned Visio License Summary
  • Office 365: Unassigned Visio License Count
  • Office 365: Unassigned Windows 10 Enterprise E3 License Summary
  • Office 365: Unassigned Windows 10 Enterprise E3 License Count
  • Office 365: Disabled Users with Licenses List
  • Office 365: Disabled Users with Licenses Count
  • Office 365: Microsoft 365 Business Premium Active License Count
  • Office 365: Microsoft 365 Business Premium Assigned License Count
  • Office 365: Mailbox Storage Exceeding Quota Count
  • Office 365: Mailbox Storage Exceeding Quota List
  • Office 365: Active User
  • Office 365: Privileged Users
  • Office 365: List of user accounts with Exchange License
  • Office 365: Licensed User Summary
  • Office 365: Stale and Licensed Users
  • Microsoft 365: Prepaid Licenses In Warning State List
  • Microsoft 365: Prepaid Licenses In Warning State Count
  • Microsoft 365: Users w/ Associated Licenses
  • Microsoft 365: Hours Since Last Directory Sync >=24
  • Microsoft 365: License Summary [Power BI]
  • Microsoft 365: Users [Power BI]
  • Microsoft 365: System Info [Power BI]
  • Microsoft 365: MailNicknames [Power BI]
  • Microsoft 365: Users Search List [Power BI]

OneLogin

Summary

  • Production Status: Production
  • Description: A dedicated inspector for OneLogin, a cloud identity and access management solution.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: N/A

Data Views Information

Overview Data Table

  • Total Applications
  • Total Users
  • Total Active Users
  • Never Logged In
  • Unactivated
  • Suspended
  • Locked
  • Password Expired
  • Awaiting Password Reset
  • Password Pending
  • Needs To Set Security Questions

Data Tab Headers

  • Overview
  • Users
  • Groups & User Mappings
  • Roles
  • Apps

Actionable Alerts

  • OneLogin | Change to Active Users
  • OneLogin | Locked User(s)

Metrics

  • OneLogin: User Summary
  • OneLogin: Application Summary
  • OneLogin: Active Users List
  • OneLogin: Active Users Count
  • OneLogin: Never Logged In Users List
  • OneLogin: Never Logged In Users Count
  • OneLogin: Unactivated Users List
  • OneLogin: Unactivated Users Count
  • OneLogin: Suspended Users List
  • OneLogin: Suspended Users Count
  • OneLogin: Locked Users List
  • OneLogin: Locked Users Count
  • OneLogin: Users With Expired Password List
  • OneLogin: Users With Expired Password Count

Roar

Summary

  • Production Status: Beta
  • Description: Inspects an instance of Roar for health, status, and current metrics.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: N/A

Data Views Information

Overview Data Table

  • Users
  • Groups
  • Agents
  • Events
  • Environments
  • Inspectors
  • Launchpoints
  • Integrations

Data Tab Headers

  • Overview
  • Users
  • Groups
  • Agents
  • Events
  • Environments
  • Integrations
  • Launchpoints
  • Launchpoints Health
  • Integration Mappings
  • Billable

Actionable Alerts

  • Roar | Failed SonicWall Launchpoint(s)
  • Roar | No Agent Heartbeat Within Last 24 Hours

Metrics

  • Roar: SystemInfo
  • Roar: Failed SonicWall Launchpoint(s) List
  • Roar: Failed SonicWall Launchpoint(s) Count
  • Roar: Agents Without Heartbeat in Last 24 Hours List
  • Roar: Agents Without Heartbeat in Last 24 Hours Count
  • Roar Inspector: Billable Environment with over 10 Endpoint Inspectors
  • Roar Inspector: List of Failed Launchpoints (Inspectors)
  • Roar Inspector: List of Agents not Checking In
  • Roar: Agents Without a Heartbeat in over 24 Hours Count
  • Roar: Agents Without a Heartbeat in over 24 Hours
  • Roar: Number of Inspectors per Inspector Type
  • Roar: Count of Inspectors
  • Roar: Count of Agents
  • Roar: Count of Users
  • Roar: Count of Discovered Inspectors
  • Roar: Number of Failed Inspectors per Inspector Type
  • Roar: Number of Setup Issue Inspectors per Inspector Type
  • Roar: Users without MFA
  • Roar: Global Admins Count
  • Roar: Global Admins
  • Roar: List of Users [Power BI]
  • Roar Inspector: Discovered Inspectors [Power BI]
  • Roar: Inspector statuses [Power BI]

SentinelOne

Summary

  • Production Status: Production
  • Description: A dedicated inspector for SentinelOne, a cloud based security and threat prevention platform that offers endpoint protection (EPP), endpoint detection and response (EDR), IoT security, and cloud workload protection (CWPP) in a centralized platform.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: SentinelOne

Data Views Information

Child Overview Data Table

  • Site Name
  • Site ID
  • Default?
  • System Health Status
  • Unresolved Threats
  • Threats Not Mitigated
  • Infected Endpoints
  • Total Endpoints
  • Total Users
  • Total Groups
  • Total Policies
  • User API Tokens Exiring Within 14 Days
  • Account Name
  • Site Name
  • Total Licenses
  • Active Licenses
  • Site SKU
  • Site State
  • Days Until Expiration

Child Data Tab Headers

  • Overview
  • Users
  • Groups
  • Threats
  • Endpoints
  • Policies
  • Controls
  • Activity

Actionable Alerts

  • SentinelOne | Less Than 30 Days Until License Expiration
  • SentinelOne | Users With API Tokens Changed
  • SentinelOne | Systems With Active Threats
  • SentinelOne | Less Than 14 Days Until Expiration of One or More User API Tokens

Metrics

  • SentinelOne: Users Without MFA Enabled List
  • SentinelOne: Users With API Tokens List
  • SentinelOne: Systems With Active Threats List
  • SentinelOne: Days Until License Expiry Count
  • SentinelOne: Days Until API Token Expires

Slack

Summary

  • Production Status: Production
  • Description: Inspects a Slack workspace.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: N/A

Data Views Information

Overview Data Table

  • Team Name
  • Domain
  • Email Domain
  • Primary Owner
  • Total Active Users
  • Total Admin Users
  • Admin Users
  • Total Deactivated Users
  • Total Users Enrolled in 2-Step Verification
  • Users Not Enrolled in 2-Step Verification
  • Total Billable Users
  • Billable Users

Data Tab Headers

  • Overview
  • Users
  • Public Channels
  • Shared Channels
  • Archived Channels

Actionable Alerts

  • Slack | Privileged User Added/Removed
  • Slack | Users without 2FA Enabled Exist

Metrics

  • Slack: Admin Users Count
  • Slack: Slack: Admin Users List
  • Slack: Users with 2FA Enabled Count
  • Slack: Users without 2FA Enabled Count
  • Slack: Users without 2FA Enabled List
  • Slack: Channels Count
  • Slack: Public Channels Count
  • Slack: Externally Shared Channels Count
  • Slack: Externally Shared Channels List
  • Slack: Archived Channels Count
  • Slack: Archived Channels List

SonicWall Capture Client

Summary

  • Production Status: Production
  • Description: Inspects a SonicWall Capture Client account instance configuration .
  • Documentation
  • Inspector Category: Cloud
  • Discovers: Child SonicWall Capture Client Inspectors

Data Views Information

Overview Data Table

  • Tenant Name
  • Tenant ID
  • Notification Settings

Administrators

  • Name
  • Email
  • Role
  • Scope
  • Days since last login

Policies

  • Client Policies
    • Policy Name
    • Policy ID
    • Assigned To
    • Scope
    • Inherited Status
    • Enforced Status
  • Agent Policies
    • Policy Name
    • Policy ID
    • Assigned To
    • Enforced
    • Policy Type
    • Scope
    • Inherited
    • Policy Last Update

Groups

  • Device Groups
    • Group Name
    • Group ID
    • Assign Mode
    • Kind
    • Group Type
    • Devices
  • User Groups
    • Group Name Group ID
    • Assign Mode
    • Kind
    • Group type
    • Users

Endpoints

  • Devices
    • Device Name
    • Device ID
    • Online Status
    • Client State
    • Operating System
    • Client Version
    • Last User
    • Last Active
    • S1 Agent Active
    • Domain

TLS/SSL

Summary

  • Production Status: Production
  • Description: Inspects a TLS / SSL security certificate, returning a wide variety of data including known security issues (e.g., due to weak ciphers,) issuer, expiration data, and more.
  • Documentation
  • Inspector Category: Cloud
  • Discovers: N/A

Data Views Information

Overview Data Table

  • Common Name
  • IP Address
  • Alternative Names
  • SHA1 Fingerprint
  • SHA256 Fingerprint
  • HTTP Public Key Pinning (HPKP)
  • Country or Region
  • Organization
  • Common Name
  • AIA URI
  • Serial Number
  • Version
  • Signature Algorithm
  • Not Valid Before
  • Not Valid After
  • Days Until Expiration
  • OCSP URI
  • URL Redirects To
  • Algorithm
  • Key Size
  • Subject Matches Hostname
  • TLS 1.3
  • TLS 1.2
  • TLS 1.1
  • TLS 1.0
  • Details about Extensions: OID, Name, Critical

Data Tab Headers

  • Overview

Actionable Alerts

  • TLS/SSL | Certificate Expiration
  • TLS/SSL | Weak Protocol Supported
  • TLS/SSL | Serious Exposure to SSL Forgery / Interception
  • TLS/SSL | Web Traffic Exposure to Sniffing and Lack of Website Validation
  • TLS/SSL | Auto-Renewing Certificate Expiration

Metrics

  • TLS/SSL: Days Until Certificate Expiration
  • TLS/SSL: Certificate Issuer
  • TLS/SSL: Alternative Cert Names
  • TLS/SSL: SystemInfo
  • TLS/SSL: Certificate Expiration Date
  • TLS/SSL: Certificate Expiration
  • TLS/SSL: Supported Protocols List
  • TLS/SSL: Certificate Has SHA1 in Chain
  • TLS/SSL: Certificate Exists