System Inventory

​

Introduction

​

System Inventory Overview

​

Data Collection Categories

1. Hardware: Physical system components and specifications
2. Operating System: OS details and version information
3. Packages: Installed software packages and versions
4. Processes: Running processes and their attributes
5. Network: Network interfaces and configurations
6. Ports: Open ports and listening services
7. Hotfixes: Installed system updates (Windows)
8. Users and Groups: System user accounts and groups
9. Services: System services and their status
10. Browser Extensions: Installed browser extensions

​

Accessing System Inventory

​

Inventory Metrics Panel

1. Navigate to the Endpoints section
2. Select an agent from the table
3. View the “System Inventory” panel

• Cores: Number of CPU cores
• Memory: Total system memory (formatted)
• CPU: Processor model and name
• Hostname: System hostname
• Serial Number: Hardware serial number

​

IT Hygiene Dashboard

• Click the “Open IT Hygiene” button from the System Inventory panel
• Navigate directly to the IT Hygiene application
• Access comprehensive inventory tables and analytics

​

System Inventory Configuration

​

Enabling Syscollector

<wodle name="syscollector">
  <disabled>no</disabled>
  <interval>1h</interval>
  <scan_on_start>yes</scan_on_start>
  <hardware>yes</hardware>
  <os>yes</os>
  <network>yes</network>
  <packages>yes</packages>
  <ports>yes</ports>
  <processes>yes</processes>
</wodle>

​

Configuration Parameters

​

disabled

• Type: Boolean (yes/no)
• Default: no
• Description: Enable or disable the Syscollector module

​

interval

• Type: Time value
• Default: 1h
• Description: Frequency of system scans
• Values: Seconds (s), minutes (m), hours (h), days (d)
• Examples: 30m, 2h, 1d

​

scan_on_start

• Type: Boolean (yes/no)
• Default: yes
• Description: Perform inventory scan when agent starts

​

hardware

• Type: Boolean (yes/no)
• Default: yes
• Description: Collect hardware information

​

os

• Type: Boolean (yes/no)
• Default: yes
• Description: Collect operating system information

​

network

• Type: Boolean (yes/no)
• Default: yes
• Description: Collect network interface information

​

packages

• Type: Boolean (yes/no)
• Default: yes
• Description: Collect installed packages information

​

ports

• Type: Boolean (yes/no)
• Default: yes
• Description: Collect open ports and listening services

​

processes

• Type: Boolean (yes/no)
• Default: yes
• Description: Collect running processes information

​

Hardware Inventory

​

Collected Hardware Data

​

CPU Information

• Name: Processor model and brand
• Cores: Number of physical cores
• Speed: Clock speed in MHz/GHz
• Architecture: Processor architecture (x86_64, ARM, etc.)

​

Memory Information

• Total: Total system memory in bytes
• Free: Available memory
• Used: Memory in use

​

System Information

• Serial Number: Hardware serial number
• Board Serial: Motherboard serial number
• Manufacturer: System manufacturer
• Product Name: System model/product name

​

Hardware Data Source

const itHygieneHardwareDataSource = useDataSource<
  tParsedIndexPattern,
  PatternDataSource
>({
  DataSource: SystemInventoryStatesDataSource,
  repository: new SystemInventoryHardwareStatesDataSourceRepository(),
});

​

Operating System Inventory

​

Collected OS Data

• Platform: Operating system platform (Linux, Windows, macOS)
• Distribution: Specific distribution (Ubuntu, CentOS, Windows 10, etc.)
• Version: OS version number
• Architecture: System architecture (x86_64, i386, ARM)
• Hostname: System hostname
• Release: Kernel or build release
• Codename: OS codename (if applicable)

​

System Data Source

const itHygieneSystemDataSource = useDataSource<
  tParsedIndexPattern,
  PatternDataSource
>({
  DataSource: SystemInventoryStatesDataSource,
  repository: new SystemInventorySystemStatesDataSourceRepository(),
});

​

Package Inventory

​

Collected Package Data

• Package Name: Software package name
• Version: Installed version
• Architecture: Package architecture
• Vendor: Software vendor/maintainer
• Description: Package description
• Install Time: When the package was installed
• Size: Package size
• Location: Installation path

​

Package Manager Support

• Linux:
  • RPM (Red Hat, CentOS, Fedora)
  • DEB (Debian, Ubuntu)
  • APK (Alpine Linux)
  • Pacman (Arch Linux)
• Windows:
  • Windows Installer (MSI)
  • Programs and Features registry
• macOS:
  • Homebrew
  • MacPorts
  • System packages

​

Process Inventory

​

Collected Process Data

• Process ID (PID): Unique process identifier
• Name: Process name
• Command Line: Full command line with arguments
• State: Process state (running, sleeping, etc.)
• PPID: Parent process ID
• User: User running the process
• Priority: Process priority
• Virtual Memory: Virtual memory usage
• Resident Memory: Physical memory usage
• Start Time: When the process started
• Thread Count: Number of threads

​

Network Inventory

​

Network Interface Data

​

Interface Information

• Name: Interface name (eth0, wlan0, etc.)
• Type: Interface type (Ethernet, Wireless, Loopback)
• State: Interface state (up, down)
• MAC Address: Hardware address
• MTU: Maximum transmission unit

​

IP Configuration

• IPv4 Address: IPv4 addresses assigned
• IPv4 Netmask: Network mask
• IPv6 Address: IPv6 addresses assigned
• IPv6 Netmask: IPv6 network mask
• Gateway: Default gateway
• DHCP: DHCP status

​

Statistics

• TX Packets: Transmitted packets
• RX Packets: Received packets
• TX Bytes: Transmitted bytes
• RX Bytes: Received bytes
• TX Errors: Transmission errors
• RX Errors: Reception errors

• wazuh-states-inventory-networks*
• wazuh-states-inventory-interfaces*

​

Port Inventory

​

Collected Port Data

• Local IP: Local IP address
• Local Port: Local port number
• Remote IP: Remote IP address (for established connections)
• Remote Port: Remote port number
• Protocol: Network protocol (TCP, UDP)
• State: Connection state (listening, established, etc.)
• Process: Process using the port
• PID: Process ID

​

Additional Inventory Types

​

Hotfixes (Windows)

• Hotfix ID: Microsoft KB number
• Installation Date: When the update was installed
• Installed By: User who installed the update

​

Users and Groups

​

Users

• Username: User account name
• UID: User ID
• GID: Primary group ID
• Home Directory: User home directory
• Shell: Default shell

​

Groups

• Group Name: Group name
• GID: Group ID
• Members: Group members

​

Services

• Service Name: Service name
• Display Name: Service display name
• State: Service state (running, stopped)
• Startup Type: Startup configuration (automatic, manual, disabled)

​

Browser Extensions

• Browser: Browser name (Chrome, Firefox, Edge)
• Extension Name: Extension name
• Version: Extension version
• Description: Extension description
• Permissions: Requested permissions

​

Data Source Integration

​

Index Pattern Data Sources

import {
  SystemInventoryHardwareStatesDataSourceRepository,
  SystemInventorySystemStatesDataSourceRepository,
  SystemInventoryStatesDataSource,
} from '../../../common/data-source';

​

Data Fetching

const [hardware, software] = await Promise.all([
  itHygieneHardwareDataSource.fetchData({
    pagination: {
      pageIndex: 0,
      pageSize: 1,
    },
  }),
  itHygieneSystemDataSource.fetchData({
    pagination: {
      pageIndex: 0,
      pageSize: 1,
    },
  }),
]);

​

Field Formatting

<IndexPatternFormattedField
  indexPattern={itHygieneHardwareDataSource?.dataSource?.indexPattern}
  doc={{ _source: data?.hardware }}
  field='host.memory.total'
/>

• Consistent formatting across the Dashboard
• Proper unit conversion (bytes to GB, etc.)
• Locale-specific number formatting

​

Inventory Metrics Display

​

Loading States

const dataSourceIsLoading =
  itHygieneSystemDataSource.isLoading ||
  itHygieneHardwareDataSource.isLoading;

const notEnoughData =
  !isLoading &&
  _.isEmpty(data?.hardware?.host) &&
  _.isEmpty(data?.software?.host);

​

Empty State Handling

Not enough hardware or operating system information

• Syscollector may be disabled
• Agent has not completed initial scan
• Data collection errors occurred

​

Ribbon Display

const items: IRibbonItem[] = [
  {
    key: 'cores',
    label: 'Cores',
    value: data?.hardware?.host?.cpu?.cores,
    isLoading: isLoading,
  },
  // Additional items...
];

​

Use Cases for System Inventory

​

Asset Management

• Track hardware assets across the organization
• Monitor hardware lifecycle and plan replacements
• Maintain accurate inventory for compliance
• Identify unauthorized hardware changes

​

Software Inventory

• Track installed software versions
• Identify outdated or vulnerable packages
• Ensure license compliance
• Plan software upgrades and patches

​

Network Mapping

• Document network configurations
• Identify unauthorized network interfaces
• Monitor IP address assignments
• Detect network configuration changes

​

Security Monitoring

• Detect unauthorized processes
• Monitor open ports for security risks
• Identify rogue services
• Track user account changes

​

Compliance Reporting

• Generate compliance reports
• Demonstrate asset tracking
• Audit system configurations
• Verify security controls

​

Integration with Other Features

​

Vulnerability Detection

• Package inventory used for vulnerability matching
• CVE databases cross-referenced with installed packages
• Vulnerability reports include package version details

​

IT Hygiene Module

• Detailed tables for all inventory categories
• Advanced filtering and search
• Export capabilities
• Trend analysis and reporting

​

Best Practices

​

Configuration

• Set appropriate scan intervals based on environment:
  • Static environments: Longer intervals (12h, 24h)
  • Dynamic environments: Shorter intervals (1h, 4h)
• Enable scan_on_start for immediate initial inventory
• Disable unneeded inventory categories to reduce overhead

​

Performance

• Monitor agent performance during scans
• Adjust intervals if scans cause performance issues
• Consider system load when scheduling scans
• Use longer intervals for resource-constrained systems

​

Data Management

• Regularly review inventory data for accuracy
• Use inventory data for capacity planning
• Archive historical inventory for trend analysis
• Set appropriate data retention policies

​

Security

• Protect inventory data (contains sensitive system information)
• Restrict access to inventory views based on roles
• Monitor for unexpected inventory changes
• Use inventory data for anomaly detection

​

Troubleshooting

​

No Inventory Data

• “Not enough hardware or operating system information” message
• Empty inventory metrics

1. Verify Syscollector is enabled in agent configuration
2. Check agent logs for Syscollector errors
3. Verify agent has permissions to collect inventory
4. Wait for initial scan to complete
5. Manually trigger a scan by restarting the agent

​

Incomplete Inventory

• Some metrics display, others are empty
• Missing data categories

1. Check specific category enablement in configuration
2. Verify agent permissions for specific operations
3. Review logs for category-specific errors
4. Ensure supported OS and version

​

Outdated Inventory

• Inventory data does not reflect recent changes
• Timestamps are old

1. Verify scan interval configuration
2. Check agent connectivity and sync status
3. Manually trigger scan by restarting agent
4. Review agent logs for scan failures

​

Related Documentation

• Agent Management Overview
• Agent Deployment
• Agent Monitoring
• Agent Configuration