Attribute Reference
Reference tables listing the attributes that Device Security collects from
third-party integrations, their names as stored in Device Security, and the device and
subnet fields they map to.
When Device Security integrates with a third-party solution, it collects various
types of information, such as device data, session information, vulnerability statuses,
and more. Device Security stores this information under normalized attributes names.
For some attribute types, the attributes learned from third-party integrations
get associated with Common Attributes in Device Security. In all cases, you can use the
Query Builder to search for attributes based on the third-party source.
To see a list of what attributes Device Security learns from an integration,
and what name those attributes map to within Device Security, refer to the
corresponding reference listed below. Each attribute reference table lists the
original attribute name as it is stored in the third-party solution, the name under
which Device Security stores the attribute, the Device Security Common Attribute
it maps to (if applicable), and a description of the attribute.
The third-party attribute name in Device Security refers to the attribute name
as it appears in the Assets Inventory table and in Query Engine. This follows the format
of third-party-name.attribute-name.
When viewing the attribute name in the Assets Inventory table column selector or on a
Device Details page, where the third-party name can be found as a header for the
attributes section, then the third-party name is removed from the attribute name.
For example, micrsoft_defender_xdr.macAddress would appear in the
Query Builder and in the Assets Inventory table, but under , the attribute would appear as macAddress.
