Trigger-it collects plethora of information from managed endpoints and devices and presents them to system and network administrators to be able to take decisions, perform actions and manage devices, in this section we will explore the PC Information section.
The PC information section is available by selecting a device and clicking on the PC information button:
Computer Information Tab
The first screen of the PC information screen provides the following set of information:
- PC Name
- OS Version
- OS Type
- Last logged in user
- Reboot Required
- Up Time
- Agent Version
- Assigned Tags
- IP Addresses
- Disk Drives
Disk drives are provided as a link that you can click to browse those drives via available IP Addresses, to do so the client must be connected the same network or has IP reachability from the console.
See Understanding IP Discovery on managed endpoints.
Trigger-it Time Machine
Trigger-it time machines allows administrators and helpdesk specialist to go back in time and lookup critical events on each managed endpoint.
Trigger-it time machine is useful for:
- Identify application crashes.
- Identify Applications hang
- Identify machine with blue screen of death.
- identify machines with failed installation updates, software installation, drivers installations.
The time machine is available through the PC information section:
Data is grouped into 3 mail sections, informational, warning and critical.
- Informational data contains data about successful software installations, updates installations and drivers installations.
- Warning data contains non-critical failed events like failed updates installations.
- Critical data contains failed installations for software, updates, drivers and blue screen of death BSOD.
You can click on any day and you will find data about events in each specific date, you can also cross-reference those data with network traffic, software and hardware changes, file changes and users activities in this day:
Hardware Inventory Tab
The hardware inventory tab displays a detailed hardware inventory details of this PC which you can export to Excel sheet or PDF directly.
ٍSoftware Inventory Tab
The software inventory tab displays a detailed software inventory details of this PC which you can export to Excel sheet or PDF directly.
ٍLocal Admins Tab
In the local admin tab you can see the current list of local administrators on this PC based on the latest inventory received from this device.
ٍStartup Items Tab
The startup items tab allows you to see the current list of startup items in HKLM and HKCU hives:
ٍServices Tab
This tab allows you to see local services and their status on this managed endpoint based on the latest inventory received from the device, you can also start/stop or restart any service.
Updates Tab
The updates tab lists the currently installed updates on this device based on the latest inventory received from this device.
Failed Connections Tab
The failed connections tab allows you to see failed all failed TCP connections that this device has faced, this could be due network connection error, process hang or any other mean.
Trigger-it Agent detects this failed connection and immediately report it directly to the server, along with a traceroute feedback initiated from the agent to the destination IP, this allows administrators and network engineers to see the network from the client perspective and understand which a particular process has failed to reach its destination.
See Understanding Failed TCP Connection Tracking in Trigger-it
To see failed TCP Connections for this devices select the date range (from and to) in the screen the click Load Data.
The grid will load the failed TCP connections from this device in the specified range:
To visualize the data, click on Diagram it, a similar diagram to the below will be displayed:
The Diagram displayed and aggregate failed TCP connections by destination and lists the last network hob that has been reached through the traceroute information that has been received from the agent.
The diagram has the following available actions:
- Hovering on each network connection will give you correlated data about failed security events, CPU/Memory/Disk information and TOP processes that consumed the PC during those failed connection, this is useful to diagnose the failed connection and see if it is related to a CPU performance issue or a cyber attack
- Right clicking on the network connection will allow you to lookup traceroute responses that has been sent by the agent and visualize it to understand where and why this network connection has failed:
A visual diagram will be displayed highlighting the areas with delays highlighted in red:
You can display this diagram as grid by clicking on Display As Grid inthe Ribbon:
- Right Clicking on Destination IP in the diagram opens actions menu which enables you to
- Ping
- Traceroute
- Telnet
Actions Tab
The Actions tab allows you to perform actions either using native agent actions, Connect using Trigger-it Remote Connection, RDP or remote CMD.
Important: for the remote CMD to work, the current user running the action must have local administrative permissions on the managed PC (Windows), otherwise the connection will fail.
File Activities Tab
The File Activities section allows you to lookup all file activities performed on this managed PC See Understanding File Tracking/Auditing Feature
Select the time range when you want to track the files activities, and click find to retrieve the data from the tracking database.
User Productivity Tab
The User Productivity tab allows you to track users’ activities on this managed endpoint See Understanding User Behavior Tracking Feature for more details about this feature.
Select the time range when you want to track the users’ activities, and click find to retrieve the data from the tracking database.
Pinging a computer
You can ping a computer directly by right clicking on any managed computer and choose Ping Computer which will bring the IP information screen.
The IP information screen lists all the currently assigned IP based on the latest inventory and heartbeat message received from this computer, select an IP double click on it to start pinging this IP.