Device Exposure
The Device Exposure page gives you an overview of which devices are out of date and vulnerable to threats.
Requirements
- You need a license that includes XDR or MDR to use this feature.
- You must turn on Data Lake uploads for devices so that details will show on the Device Exposure page. See Turn on uploads for devices.
- You must be a Super Admin or Admin, or have a custom role with Full access to Endpoint Protection and Server Protection to view the Device Exposure page. For more details about custom roles, see Add a custom role.
Go to Threat Analysis Center > Device Exposure.
You can see the following charts on the Device Exposure page:
- Days since last OS update: This chart is categorized by the number of days since the devices were last updated.
- OS updates: Breakdown by OS type: This chart is categorized by the operating system type and the number of days since the devices were last updated. You can refer to the chart legends to see what operating system type each color represents.
Note
The more days since a device was updated, the more vulnerable it is to threats.
You can hover over the charts to see the number of devices that fall into a specific category. For example, hover over the yellow section of the Days since last OS update chart to see how many devices were last updated over 30 days ago.
View all devices
Click the View all icon to open the Computers and servers page. Alternatively, you can click the charts. For more details about the Computers and servers page, see Computers and servers.
Get more details
Click the Get more details icon to open the OS updates category in Live Discover where you can run custom queries on the data in the Sophos Data Lake.
Device details
You can see the following device details in the table:
- Device: The device name. Click the device to see more details.
- User: The user associated with the device. Click the user to see more details.
- OS: The operating system type. For example, Windows 10 Enterprise or Windows Server 2019.
- Platform: The operating system. For example, Windows.
- Type: The device type. Computer or Server.
- Last Active: The last time that the computer contacted Sophos. The timestamp is refreshed only once an hour on average.
- Last OS update: The date when the last operating system update happened.
- Days since update: The number of days since the last operating system update.
Note
The table only shows the 50 most vulnerable and out-of-date devices.