Console
    Contact Us Start free

    Device attributes collected by Endpoint Verification

    This document describes the details of device attributes that are collected by Endpoint Verification from the devices accessing your organization's resources. Endpoint Verification collects device attributes , device identity attributes , configurable device attributes and Chrome browser attributes .

    Device attributes

    The following table describes the attributes that are collected by Endpoint Verification that you can use to create access levels.

    Attribute name
    Description
    Supported OS
    Example of using the attribute in the CEL expressions
    is_secured_with_screenlock
    A boolean value that indicates whether the screen lock function is enabled on a device.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    device.is_secured_with_screenlock == true
    encryption_status

    The encryption status of a device. Possible values:

    • ENCRYPTION_UNSPECIFIED = 0 indicates that the encryption status of the device is not specified or not known.
    • ENCRYPTION_UNSUPPORTED = 1 indicates that the device does not support encryption.
    • ENCRYPTION_UNENCRYPTED = 2 indicates that the device supports encryption, but is not encrypted.
    • ENCRYPTED = 3 indicates that the device is encrypted.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    device.encryption_status == DeviceEncryptionStatus.ENCRYPTED
    os_type

    The operating system running on a device. Possible values:

    • OS_UNSPECIFIED = 0 indicates that the operating system of the device is not specified or not known.
    • DESKTOP_MAC = 1
    • DESKTOP_WINDOWS = 2
    • DESKTOP_LINUX = 3
    • DESKTOP_CHROME_OS = 6
    • macOS
    • ChromeOS
    • Windows
    • Linux
    device.os_type == OsType.DESKTOP_MAC
    os_version
    The version of the operating system running on a device.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    • device.os_version == "MacOS 13.4.0"
    • device.os_version == "ChromeOs 14541.0.0"
    • device.os_version == "Windows 10.0.19045"
    • device.os_version == "Linux rodete"
    verified_chrome_os
    A boolean value that indicates whether the request comes from a device with a verified ChromeOS .
    ChromeOS (only for enterprise-enrolled devices)
    device.verified_chrome_os == true
    model
    The model of a device.
    • macOS
    • Windows
    • Linux
    device.model == "MacBookPro16,1"
    is_managed_browser_profile
    A boolean value that indicates whether the Chrome content area account associated with a device matches its Chrome profile account.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    device.is_managed_browser_profile == true
    certificates
    Attributes of the certificates associated with a device. For example, Enterprise certificates .
    • macOS
    • ChromeOS
    • Windows
    • Linux
    device.certificates.exists(cert, cert.is_valid && cert.root_ca_fingerprint == "SOME_ROOT_CA_FINGERPRINT")
    windows_domain_name
    The domain name of a windows machine.
    Windows
    device.clients["bce"].data["windows_domain_name"] == "GOOGLE"
    is_os_native_firewall_enabled
    A boolean value that indicates whether the operating system's built-in firewall is enabled on a device.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    device.clients["bce"].data["is_os_native_firewall_enabled"] == true
    is_secure_boot_enabled
    A boolean value that indicates whether the secure boot option is enabled on a device.
    Windows
    device.clients["bce"].data["is_secure_boot_enabled"] == true
    av_installed
    A list of antivirus software products that are installed on a device.
    Windows
    device.clients["bce"].data["av_installed"].exists(x, x == "mcafee") == true
    av_enabled
    A list of antivirus software products that are installed and enabled on a device.
    Windows
    device.clients["bce"].data["av_enabled"].exists(x, x == "mcafee") == true
    hotfixes
    A list of hotfixes that are applied on Windows systems.
    Windows
    device.clients["bce"].data["hotfixes"].exists(x, x == "KB0001") == true

    Device identity attributes

    The following table describes the attributes that are collected by Endpoint Verification that you can use to identify devices. These attributes cannot be used for creating access levels.

    Attribute name
    Description
    Supported OS
    Serial number
    The serial number of the device.
    • macOS
    • ChromeOS (only for enterprise-enrolled devices)
    • Windows
    • Linux
    Hostname
    The hostname of the device.
    • macOS
    • Windows
    • Linux
    Device ID
    The unique identification number associated with the device.
    • macOS
    • Windows
    • Linux
    Wifi MAC Address
    The MAC address of the device.
    • macOS
    • ChromeOS
    • Windows
    • Linux

    Configurable device attributes

    Endpoint Verification provides an option to collect granular device attributes called configurable device attributes , such as metadata attributes of files, folders, and binaries; registry entries; and properties in a plist. You can use these device configuration attributes to create access levels.

    This option is not enabled by default. To collect these granular configurable device attributes, configure Endpoint Verification settings .

    The following table describes the file, folder, and binary attributes.

    Attribute name
    Description
    Supported OS
    Example of using the attribute in the CEL expressions
    presence

    Indicates the presence of a file, folder, or binary. Possible values:

    • VALUE_UNKNOWN = 0 indicates that the presence is not known due to a failure that occurred before the assessment.
    • VALUE_INACCESSIBLE = 1 indicates that the organization does not have access to the signal's resource.
    • VALUE_NOT_FOUND = 2 indicates that the resource was not found.
    • VALUE_FOUND = 3 indicates that the resource was found.
    • macOS
    • Windows
    • Linux
    device.clients["bce"].data["file_config"]["config_name"]["presence"] == PresenceValue.VALUE_FOUND
    is_running
    Indicates if a binary is running. It is always false for a file or folder.
    • macOS
    • Windows
    • Linux
    device.clients["bce"].data["file_config"]["config_name"]["is_running"] == true
    sha256_hash

    Provides SHA-256 hash of a file or binary. It is always an empty string for a folder.

    • macOS
    • Windows
    • Linux
    device.clients["bce"].data["file_config"]["config_name"]["sha256_hash"] == " "
    public_key_sha256

    Provides a list of SHA-256 hash values of the public keys that are used to sign the executable. It is always an empty string for a file or a folder.

    • macOS
    • Windows
    device.clients["bce"].data["file_config"]["config_name"]["public_key_sha256"].exists(x, x == " ")
    product_name

    The product name of the executable. It is always an empty string for a file or folder.

    • macOS
    • Windows
    device.clients["bce"].data["file_config"]["config_name"]["product_name"] == "some value"
    version

    The product version of the executable. It is always an empty string for a file or folder.

    • macOS
    • Windows
    device.clients["bce"].data["file_config"]["config_name"]["version"] == "some value"

    The following table describes the attributes based on the registry entries and properties of a plist.

    Attribute name
    Description
    Supported OS
    Example of using the attribute in the CEL expressions
    presence

    Indicates the presence of a registry or plist entry. Possible values:

    • VALUE_UNKNOWN = 0 indicates that the presence is not known due to a failure that occurred before the assessment.
    • VALUE_INACCESSIBLE = 1 indicates that the organization does not have access to the signal's resource.
    • VALUE_NOT_FOUND = 2 indicates that the resource was not found.
    • VALUE_FOUND = 3 indicates that the resource was found.
    • macOS
    • Windows
    • device.clients["bce"].data["registry_config"]["config_name"]["presence"] == PresenceValue.VALUE_FOUND
    • device.clients["bce"].data["plist_config"]["config_name"]["presence"] == PresenceValue.VALUE_FOUND
    value

    Provides the data that is stored in the registry or plist. Possible values:

    • macOS: NSString or NSNumber
    • Windows: REG_SZ , REG_DWORD , or REG_QWORD

    The strings are limited to 1024 bytes.

    • macOS
    • Windows
    • device.clients["bce"].data["registry_config"]["config_name"]["value"] == <"string value"|boolean|double|int>
    • device.clients["bce"].data["plist_config"]["config_name"]["value"] == <"string value"|boolean|double|int>

    Chrome browser attributes

    The following table describes the Google Chrome browser attributes that are collected by Endpoint Verification that you can use to create access levels:

    Attribute name
    Description
    Supported OS
    Example of using the attribute in the CEL expressions
    versionAtLeast(min_version)
    The minimum version of the Chrome browser.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    device.chrome.versionAtLeast("88.0.4321.44")
    management_state

    The management state of the browser for a device. A browser is considered to be managed if it is enrolled to Chrome browser cloud management . Possible values:

    • CHROME_MANAGEMENT_STATE_UNSPECIFIED = 0 indicates that the management state of the device is not specified or not known.
    • CHROME_MANAGEMENT_STATE_UNMANAGED = 1 indicates that the browser or the profile is not managed by any organization.
    • CHROME_MANAGEMENT_STATE_MANAGED_BY_OTHER_DOMAIN = 2 indicates that the browser is managed, but by some other organization.
    • CHROME_MANAGEMENT_STATE_PROFILE_MANAGED = 3 indicates that the browser is not managed and the profile is managed by an organization.
    • CHROME_MANAGEMENT_STATE_BROWSER_MANAGED = 4 indicates that the browser and profile are managed by an organization.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    device.chrome.management_state == ChromeManagementState.CHROME_MANAGEMENT_STATE_MANAGED_BY_OTHER_DOMAIN
    is_file_upload_analysis_enabled
    A boolean value that indicates whether the file upload analysis connector is enabled on a device.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    device.chrome.is_file_upload_analysis_enabled == true
    is_file_download_analysis_enabled
    A boolean value that indicates whether the file download analysis connector is enabled on a device.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    device.chrome.is_file_download_analysis_enabled == true
    is_bulk_data_entry_analysis_enabled
    A boolean value that indicates whether the bulk text (paste) analysis connector is enabled on a device.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    device.chrome.is_bulk_data_entry_analysis_enabled == true
    is_security_event_analysis_enabled
    A boolean value that indicates whether the security event reporting connector is enabled on a device.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    device.chrome.is_security_event_analysis_enabled == true
    is_realtime_url_check_enabled
    A boolean value that indicates whether the real-time URL check connector is enabled on a device.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    device.chrome.is_realtime_url_check_enabled == true
    safe_browsing_protection_level

    The browsing protection level policy of the browser. Possible values:

    • SAFE_BROWSING_LEVEL_UNSPECIFIED = 0 indicates that the browser protection level policy is not set for the device.
    • SAFE_BROWSING_LEVEL_DISABLED = 1 indicates that the browser protection level policy is disabled for the device, and the device is not protected against dangerous websites, downloads, and extensions.
    • SAFE_BROWSING_LEVEL_STANDARD = 2 indicates that the device is protected against websites, downloads, and extensions that are known to be dangerous.
    • SAFE_BROWSING_LEVEL_ENHANCED = 3
      • indicates that the device has proactive protection against dangerous websites, downloads, and extensions.
    • Mac
    • ChromeOS
    • Windows
    • Linux
    device.chrome.safe_browsing_protection_level == SafeBrowsingLevel.SAFE_BROWSING_LEVEL_STANDARD
    is_site_isolation_enabled
    A boolean value that indicates whether the site isolation is enabled for every site.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    device.chrome.is_site_isolation_enabled == true
    is_built_in_dns_client_enabled
    A boolean value that indicates whether Chrome's built-in DNS client communicates with the DNS server.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    device.chrome.is_built_in_dns_client_enabled == true
    password_protection_warning_trigger

    The password protect warning trigger policy of the browser. Possible values:

    • PASSWORD_PROTECTION_TRIGGER_UNSPECIFIED = 0 indicates that the password protect warning trigger policy is not set.
    • PASSWORD_PROTECTION_TRIGGER_PROTECTION_OFF = 1 indicates that the password reuse is never detected.
    • PASSWORD_PROTECTION_TRIGGER_PASSWORD_REUSE = 2 indicates that a warning is displayed when the end user reuses their protected password on a site that is not allowed.
    • PASSWORD_PROTECTION_TRIGGER_PHISHING_REUSE = 3 indicates that a warning is displayed when the end user reuses their protected password on a phishing site.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    device.chrome.password_protection_warning_trigger == PasswordProtectionTrigger.PASSWORD_PROTECTION_TRIGGER_PASSWORD_REUSE
    is_chrome_remote_desktop_app_blocked
    A boolean value that indicates whether the Chrome remote desktop remote application is blocked.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    device.chrome.is_chrome_remote_desktop_app_blocked == true
    is_chrome_cleanup_enabled
    A boolean value that indicates whether the Chrome Cleanup tool is enabled.
    Windows
    device.chrome.is_chrome_cleanup_enabled == true
    is_third_party_blocking_enabled
    A boolean value that indicates whether the third party software injection blocking is enabled.
    Windows
    device.chrome.is_third_party_blocking_enabled == true

    What's next
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: