UTMAgent collected data source information is incorrect

[agauttam]

Hi Team,

I would like to know why the UTMStack agent does not capture information from the systeminfo command, which is accurate. Upon comparing the information from systeminfo and the data displayed by the UTMStack agent, I identified many inaccuracies in the information provided by the UTMStack agent.

UTMStack Agent provided information
Agent XXXX detail

IP:
169.254.165.165
Name:
XXXX
MAC:
fc:5c:ee:30:5f:cc
00:ff:34:f9:df:98
04:ec:d8:8f:b1:ec
06:ec:d8:8f:b1:eb
04:ec:d8:8f:b1:eb
00:50:56:c0:00:01
00:50:56:c0:00:08
04:ec:d8:8f:b1:ef
Status:

ONLINE
OS:

windows
Type:

Group Source:

Comment:

OS Version:
10.0
Last seen:
2024-06-14 08:11:58
Addresses:
fe80::d805:f22a:447e:d2d8/64
169.254.165.165/16
fe80::167a:368d:aa60:91b3/64
169.254.176.3/16
fe80::3d6c:a8a9:42a7:a0dc/64
169.254.184.79/16
fe80::229a:8d71:5e51:aac1/64
169.254.194.138/16
fe80::d94c:b061:d7e1:cb8b/64
169.254.183.0/16
fe80::4312:b347:afd0:f1b3/64
172.16.3.49/16
fe80::38ed:8be1:d661:5ea0/64
192.168.209.1/24
fe80::da16:aed8:1411:724/64
192.168.81.1/24
fe80::36fb:787b:57d3:cb73/64
169.254.184.227/16
::1/128
127.0.0.1/8
Provide the reason to run a command in the agent

SystemInfo command output
PS C:\Users\xxxx> systeminfo

Hostname: XXXX
Betriebssystemname: Microsoft Windows 11 Business
Betriebssystemversion: 10.0.22631 Nicht zutreffend Build 22631
Betriebssystemhersteller: Microsoft Corporation
Betriebssystemkonfiguration: Mitglied der Domäne/Arbeitsgruppe
Betriebssystem-Buildtyp: Multiprocessor Free
Registrierter Benutzer: Install
Registrierte Organisation: Nicht zutreffend
Produkt-ID: 00355-61258-60129-AAOEM
Ursprüngliches Installationsdatum: 26.02.2024, 18:57:59
Systemstartzeit: 12.06.2024, 18:48:06
Systemhersteller: LENOVO
Systemmodell: 21JN00D5GE
Systemtyp: x64-based PC
Prozessor(en): 1 Prozessor(en) installiert.
[01]: Intel64 Family 6 Model 186 Stepping 2 GenuineIntel ~2400 MHz
BIOS-Version: LENOVO R2AET56W(1.31), 29.02.2024
Windows-Verzeichnis: C:\Windows
System-Verzeichnis: C:\Windows\system32
Startgerät: \Device\HarddiskVolume1
Systemgebietsschema: de;Deutsch (Deutschland)
Eingabegebietsschema: de;Deutsch (Deutschland)
Zeitzone: (UTC+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien
Gesamter physischer Speicher: 32.441 MB
Verfügbarer physischer Speicher: 4.044 MB
Virtueller Arbeitsspeicher: Maximale Größe: 34.347 MB
Virtueller Arbeitsspeicher: Verfügbar: 5.660 MB
Virtueller Arbeitsspeicher: Zurzeit verwendet: 28.687 MB
Auslagerungsdateipfad(e): C:\pagefile.sys
Domäne: XXXX
Anmeldeserver: \DC2021
Hotfix(es): 7 Hotfix(e) installiert.
[01]: KB5037591
[02]: KB5027397
[03]: KB5031274
[04]: KB5033055
[05]: KB5039212
[06]: KB5037663
[07]: KB5037959
Netzwerkkarte(n): 7 Netzwerkadapter installiert.
[01]: Intel(R) Wi-Fi 6 AX201 160MHz
Verbindungsname: WLAN
DHCP aktiviert: Ja
DHCP-Server: 172.16.0.9
IP-Adresse(n)
[01]: 172.16.3.49
[02]: fe80::4312:b347:afd0:f1b3
[02]: Bluetooth Device (Personal Area Network)
Verbindungsname: Bluetooth-Netzwerkverbindung
Status: Medien getrennt
[03]: Intel(R) Ethernet Connection (23) I219-V
Verbindungsname: Ethernet
Status: Medien getrennt
[04]: TAP-Windows Adapter V9 for OpenVPN Connect
Verbindungsname: LAN-Verbindung
Status: Medien getrennt
[05]: OpenVPN Data Channel Offload
Verbindungsname: OpenVPN Connect DCO Adapter
Status: Medien getrennt
[06]: VMware Virtual Ethernet Adapter for VMnet1
Verbindungsname: VMware Network Adapter VMnet1
DHCP aktiviert: Ja
DHCP-Server: 192.168.209.254
IP-Adresse(n)
[01]: 192.168.209.1
[02]: fe80::38ed:8be1:d661:5ea0
[07]: VMware Virtual Ethernet Adapter for VMnet8
Verbindungsname: VMware Network Adapter VMnet8
DHCP aktiviert: Nein
IP-Adresse(n)
[01]: 192.168.81.1
[02]: fe80::da16:aed8:1411:724
Anforderungen für Hyper-V: Es wurde ein Hypervisor erkannt. Features, die für Hyper-V erforderlich sind, werden nicht angezeigt.

[osmontero]

The Windows data in logs is provided by Winlogbeat, which is an open source Elastic collector.

We would really like to help resolve the issue, but we can only do so if we understand the data you are sending us. I think the best way to do this is to take screenshots and use the bug report template that is available in the repository.

[agauttam]

Hi,

Please check the shared snapshot and do let me know if you think its a bug, I will raise the bug.
In most of the system details the agent is showing the APIPA IP.

[osmontero]

What info is wrong there?

[agauttam]

APIPA IPs should not be part of Addresses and It should not be a primary IP.

[c3s4rfred]

Hi, we will make some tests and let you know, but the agent will capture all network configuration, if that information is there probably is because is inside your network configuration, even if it is from a virtual network like VirtualBox and Hyper-V.

Best regards

[agauttam]

Hi,

It is normal for the system to initially take an APIPA IP address when booting up with automatic IP assignment. This will occur until the system successfully receives an IP address from the DHCP server.

Best regards,
Arun