Detection information
The information that Arc detects. The table shows two types of License: sensor and endpoint. When the License is listed as sensor, it means that the detection is based on information that has been extracted from the sensor. When the License is listed as endpoint, it means that the detection is based on information that has been extracted from the endpoint.
| License | Information | Windows  |
macOS  |
Linux  |
Configuration option |
|---|---|---|---|---|---|
| sensor | Traffic monitoring | 
|
|
|
Traffic monitoring |
| sensor | Discovery |
|
|
|
Discovery |
| sensor | Smart Polling |
|
|
|
Smart Polling |
| endpoint | media access control (MAC) addresses |
|
|
|
always on |
| endpoint | internet protocol (IP) addresses |
|
|
|
always on |
| endpoint | Product name |
|
|
|
always on |
| endpoint | Vendor |
|
|
|
always on |
| endpoint | Label/host name |
|
|
|
always on |
| endpoint | operating system (OS) |
|
|
|
always on |
| endpoint | Serial number |
|
|
|
always on |
| endpoint | Hardware components |
|
|
always on | |
| endpoint | Local address resolution protocol (ARP) table |
|
|
|
Local ARP table |
| endpoint | Sigma rules |
|
Sigma rules | ||
| endpoint | universal serial bus (USB) detections |
|
USB detections | ||
| endpoint | central processing unit (CPU) usage |
|
|
|
node points |
| endpoint | Memory usage |
|
|
|
node points |
| endpoint | Disk usage |
|
|
|
node points |
| endpoint | Installed software |
|
|
node points | |
| endpoint | Hotfixes |
|
node points | ||
| endpoint | Antivirus |
|
node points | ||
| endpoint | Log4j detection |
|
|
|
node points |
| endpoint | User accounts |
|
|
|
node points |
| endpoint | Logged in users |
|
|
|
node points |
| endpoint | USB interfaces |
|
node points | ||
| endpoint | Network interfaces |
|
|
|
node points |
| endpoint | Processes and ports |
|
|
|
node points |
| endpoint | Disk partitions |
|
|
|
node points |
| endpoint | domain name server (DNS) |
|
|
|
node points |
| endpoint | CPU |
|
|
|
node points |