Monitor Microsoft Operating System Use

Applies To: WatchGuard Advanced Reporting Tool This topic applies to the optional WatchGuard endpoint security module, Advanced Reporting Tool. The Advanced Reporting Tool is available with Endpoint Security Elite, 360, Prime, and WatchGuard EDR.

To reduce the risk of attack, and make it easier to manage and build policies to protect the operating system, we recommend that you minimize the number of different versions of Microsoft Windows in your IT environment.

The Install table logs all the information generated during the installation of the endpoint agents on customer computers. We can filter and refine the Install table to view the versions of Microsoft Windows that are in use, as well as how to generate a visual representation of the data.

Your operator role determines what you can see and do in WatchGuard Cloud. Your role must have the Access Advanced Security Information permission to view or configure this feature. For more information, go to Manage WatchGuard Cloud Operators and Roles.

To view the Microsoft operating systems in use, from the WatchGuard Endpoint Security management UI:

1. In WatchGuard Cloud, select Monitor > Endpoint Security.
2. Select Status.
3. From the left pane, select Advanced Visualization Tool.
   A new browser tab opens.
4. From the left pane, select Data Search.
5. Select the oem.panda.paps.install table for the time period you want.
   The data table window opens. For information on the fields available in the table, go to Fields Available in the Install Table.

6. Filter the op column by Install and Upgrade.

7. Filter the opPlatform column for platforms that start with Win.

8. Click Apply Filter.
9. Select the osVer column and click Group in the toolbar.

10. Click New Argument.
11. From the Arguments list, select osVer.
12. Click Group By.
13. To create a count of the machines with each OS version, add a Count column:
    1. Click Add Column.
    2. Select Aggregate Function.
    3. In the Column name box, type count.
    4. From the Aggregation list, select Count.
    5. Click Aggregate Function.
14. To create a chart of this data:
    1. Select Options > Charts > Plots > Histogram.
    2. Drag the osVer and Count columns from the data table in to the Histogram dialog box.

Fields Available in the Install Table

The Install table logs all the information generated during the installation of the endpoint agents on the customer computers. Each field can be used in a query to filter the data table.

Field	Description	Values
eventDate	Date when the event was received on the Advanced Reporting Tool server.	Date
serverdate	Date of the user computer when the event was generated.	Date
machine	Name of the customer computer.	String
machineIP	IP address of the customer computer.	IP address
machineIP1	IP address of an additional network card if installed.	IP address
machineIP2	IP address of an additional network card if installed.	IP address
op	Operation performed.	Install Uninstall Upgrade
osVersion	Operating system version.	String
osServicePack	Service Pack version.	String
osPlatform	Platform of the operating system installed: Darwin_x86_64: macOS (64-bit) Win64NT: Windows (64-bit) Win32NT: Windows (32-bit) Linux_i686: Linux (32-bit) Linux_x86_64: Linux (32-bit) Win64ARM: Windows for ARM processors	Enumeration

Related Topics

Data Search in the Advanced Visualization Tool

Sample SQL Query Text