Nebula offers detailed endpoint management through the Endpoints screen. Select one or more endpoints from the page to perform actions across endpoints in your environment. For more information, see Perform actions on endpoints in Nebula.
On the left navigation pane, go to Manage > Endpoints to access your endpoints.
View the endpoint's real-time WebSocket communication status indicator to the left of each endpoint name. The indicator shows the following status colors and options:
Active: The green status indicator displays when the WebSocket connection on the endpoint is active. Real-time communication occurs between the endpoint and Nebula to receive and process tasks or changes.
Inactive: The gray status indicator displays during any of the following:
Note: Endpoints check in with a 5-minute polling interval for tasks and changes. If the status indicator is gray, filter endpoints by Today in the Last Seen column to verify active communication.
The Status column uses icons to show endpoints needing attention. The table below lists the different endpoint statuses. On the Endpoint screen you can click an icon to view additional details or to act on the endpoint.
Scan needed: Displays the number of endpoints not scanned within the last 7 days, including not having a first scan. Regular scans are important to keep endpoints free of threats. Endpoints will scan autonomously, offline, but need to connect to return scan results.
Scan pending: Displays a scan is pending on the endpoint. There will be a Scan Task queued for the endpoint to pick up and execute, which expires after 3 days.
|Scan in progress: Displays a scan that is currently running on the endpoint.|
Remediation required: Displays the number of endpoints with infections that require remediation. This is prompted by un-remediated endpoints which have Found detections.
Remediation pending: Displays a remediation of threats is pending on the endpoint. A Remediation Task is queued for the endpoint to execute, this expires after 3 days.
|Remediation in progress: Displays the endpoint is being remediated.|
Restart required: Displays the number of endpoints that need a system reboot. Endpoints must reboot to complete remediation or make changes to software.
Reboot pending: A reboot command is still pending. A Reboot Task is queued for the endpoint to execute, this expires after 3 days.
Suspicious activity: Displays the number of endpoints with suspicious activities found. Investigate suspicious activity to keep your endpoints protected. For Endpoint Detection and Response.
Recommendation: After investigating, click the Remediate or Close Incident options.
Endpoints isolated: Displays the number of endpoints that have their communication or access restricted to prevent threats from spreading between endpoints. For Endpoint Detection and Response.
Recommendation: After resolving the endpoint issue, click the Remove Isolation option.
Agent update available: Displays the number of endpoints that need a software update.
|Needs attention indicator: Displays if the endpoint is not configured correctly or has a problem. To view status indicators, see Status indicator error messages in Nebula|
Nebula uses filters to simplify management tasks across many endpoints. The main area of the Endpoints screen shows the list of all endpoint data. Each column can be filtered to narrow the results. Use these column filters to focus on the most important information.
You can customize data in the results list in the following ways:
- Click Add / Remove Columns above the results list to choose which columns to display.
- Drag and drop certain column headers to the results bar to group data by those parameters.
- Use the filters in the column headers to view specific data or Clear Filters to remove them all.
- Hover your cursor over a column header to reveal a hamburger icon with options to pin and auto-size columns.
The Endpoints filter allows a search by endpoint name. Click the Endpoints filter icon and enter an endpoint host name or alias to narrow the endpoints displayed. Alternatively, you can use the search bar above the top-right corner of the endpoints table to find endpoints by hostname or alias.
The OS platform filter enables a search by Operating Systems on deployed endpoints. Click the Operating System filter icon and choose one of the following options:
- Chrome OS
Note: Linux endpoints are counted as Servers.
The Group filter enables a search by endpoint groups. Click an assigned group name to filter on that group. If you have many groups, you may enter a group name in the filter box to narrow your search.
Groups can be nested within other groups. When navigating a nested group, click Home or Back to return to the earlier list.
The Policy filter enables searching by policy name. Click the Policy filter and enter a policy name to narrow your search.
The Last Seen filter lists endpoints based on when they last checked in. Times shown are based on your browser's time zone.
Add or remove table columns
Click Add / Remove Columns above the results table to choose the column headers displayed on your results table. This will narrow or widen the endpoint information displayed on the results table, allowing you to customize your Endpoints page. Click and drag a column header left or right to rearrange the column order. Or, click and drag the edge of a column header to narrow or widen the column.
For endpoint review, we recommend displaying the following columns on the Endpoints page:
- Endpoint: Filter by the endpoint hostname.
- Status: Filter by status icon for each endpoint.
- Last Seen: Filter to determine if endpoints are checking in with Nebula regularly.
- Last Scan date: Filter to investigate the last scan time.
- Protection Service Version: Filter to check the endpoint protection service version.
- OS release name: Filter for operating systems on each endpoint.
- Protection Status: Filter to find endpoints that are unprotected or having issues with the software. For more information, see Endpoint protection statuses in Nebula.
Drag columns to define parameters
In the results table, you can drag the column headers to the results bar to group endpoints by those parameters. You can drag and drop the following column headers:
- OS platform
- Agent version
- OS release name
- Device type
- OS version
Pin and auto-size columns
Hover your cursor over a column header to reveal a hamburger icon with options to pin and auto-size columns. These options allow you to customize your Endpoints results table further. Click the hamburger icon to reveal the following options in the drop-down menu:
- Pin left: Pins selected column to the left side of your results table. Column remains static while scrolling left or right on the results table.
Pin right: Pins selected column to the right side of your results table. Column remains static while scrolling left or right on the results table.
- Unpin: This option is only visible for left or right pinned columns. This un-pins the column and returns it to its original place in the results table.
- Auto-size this column: Automatically adjusts the selected column's width to fit the text in the cells.
- Auto-size all columns: Automatically adjusts the column width for all your columns to fit the text in the cells.
Copy Endpoint data to spreadsheet
Data in the Endpoints results table can be copied and pasted into another file or downloaded as a spreadsheet. Click and drag your cursor to select data in the Endpoints results table, then right-click the highlighted data to display a context menu with the following options:
- Download .csv: Downloads the selected data as a .cvs file to your local machine.
- Download .xlsx: Downloads the selected data as a .xlsx file to your local machine.
- Copy: Copies the selected data to your clipboard.
- Copy with Headers: Copies the selected data and the column headers of the selected rows to your clipboard.
In the table, click an endpoint name to open a slide out with the endpoints details. All dates and times shown are relative to your browser settings.
- Overview: Displays the endpoint name, version information, host and agent information, Operating System, Network Interfaces, Memory information, and Storage device information.
- Detections: Displays all detections. Selectable by type and actions taken.
- Remediation Required: Displays detections found that need remediation. These detections are found either by the Scan + Report action or by a scan with the automatic quarantine option disabled.
- Suspicious Activity: Displays Suspicious Activity events found. Requires an Endpoint Detection and Response subscription.
- Quarantine: Displays files quarantined by the Scan + Quarantine action or scheduled scans with the automatic quarantine option enabled. Quarantined files are isolated from the endpoint operating system to prevent potential infection. Displays quarantined files up to 30 days old.
- Events: Displays logged activities on the endpoint and their severity.
- Tasks: Displays the status of requested or completed operations on the endpoint.
- Scan History: Displays scan records up to 30 days old, their Total Detections, Type, and Origin.
- Software: Displays the software installed on the endpoint.
- Updates: Displays the latest software updates on the endpoint.
- Startup Programs: Displays startup programs on the endpoints.
Refresh assets using Actions > Refresh Assets or schedule an Asset Inventory Scan to force a refresh at a specified time. Scheduled asset refreshes can be helpful if you need frequent Endpoint Properties updates.
When you refresh assets on your endpoint, the following tabs/sections update:
- Memory Objects: Physical and virtual memory of the endpoints.
- Storage Devices: Connected storage, USB storage, and other devices.
- Software: Software installed on the endpoint.
- Updates: Software updates that occurred on the endpoint.
- Startup Programs: Registry entries for installed startup programs on the endpoint.