Find Re-imaged / Re-purposed Devices

One challenge that many IT departments face is a guarantee that every machine that is decomissioned and re-assigned is properly removed from all of their respective consoles / systems.  Most systems like your AV solution, 3rd party patching or management tool and products like SCCM will collect all of the device details.  This allows the correlation between the various adapters to match the device up properly with things like mac address and serial number.  If a device is not removed from one or more systems and is re-imaged you will find that Axonius will list 2 distinct asset names instead of 1 for the particular object.  

Depending on your asset count / list, it may be challenging to identify all of the possible gaps and try to resolve the issue quickly and effectively.  In version 4_6_12_0, users have the ability to use the Count function with the Asset name field to help identify these issues.  Start with your base device group (workstation /server etc) and then use the new function to identify those devices that may still persist within one or more systems.  

By adding this functionality, we are now able to quickly and easily produce results that will allow you to stay on top of rogue / orphan devices in your various systems.

 

0

Comments

3 comments
  • Miguel, thank you for your post!  I have a few more ideas to add.  

    1. We have a setting to "Tag reimaged devices" in Lifecycle settings.  This will provide context to devices with multiple records from a single data source i.e. 2 ServiceNow records for one correlated device.

    2.  A similar query you can run is to pick a specific adapter such as ServiceNow or Active Directory and query Distinct Adapter Connections Count > 1

    3.  Specifically related to decommissioned/retired systems, create a field segmentation chart to quickly identify and understand your CMDB install status'.  There are similar fields for other CMDB adapters like Cherwell.

    Thank you,

    Derek

    0
  • Derek- 

    Thanks for the feedback, I previously looked at distinct count and found that it would not return the same number of records as expected when using the asset name count or when we reviewed the asset lists as the limitations are based on the particular adapter having the dupe device present.  In our environment we found that some devices were not being removed from SCCM or our AV solution and thus rather than creating separate queries, we can now use this as a way to find the devices with two asset names and then expand on the adapter properties to find where the rogue exists.  

    I have not tested the lifecycle tag as of yet but I will give that a try to see if anything is identified and tagged accordingly.  

    Thanks again

    0
  • Hi Miguel,

    Sorry for the delayed response!  Great observations!

    My examples were meant to supplement as other interesting queries to find similar information.

    Have a great weekend!

    Derek

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post