Documentation

Device

Suggest Edits

Device

πŸ“˜

Go straight to the API reference.

The device entity is the most significant building block in the Armis ecosystem.
In the context of this API, a "device" doesn't refer to a specific instance of a device (e.g., my cellphone), but rather to a device profile.

Device profile

A device profile is a term that represents devices that share similar properties, such as the same brand (e.g., Apple) or the same operating system (e.g., macOS 11).

Supported properties

PropertyMeaningExample
industryThe industry in which we detected the device profile, as defined by the North American Industry Classification System (NAICS)Accommodation and Food Services
groupThe top-level classification of the device as defined by ArmisIT
categoryThe category of the device as defined by ArmisComputers
typeThe type of the device as defined by ArmisPersonal Computers
brandThe brand (a.k.a manufacturer)Apple
modelThe modelMacBook Pro (15-inch, 2019)
osNameThe name of the operating systemmacOS
osVersionThe version of the operating system11.6.4
osTitleThe name of the operating system with its major-versionmacOS 11

Supported calculations

NameMeaning
shareThe ratio of the amount of devices of the current grouping out of all devices matching the search criteria.
avgRiskThe average risk of the devices matching the search criteria and grouping.
bucketHow many devices are in the current grouping, as buckets of order of magnitude
avgOrgShareThe average share in an organization of the devices matching the search criteria and grouping. Must be explicitly requested to be calculated.

Related entities

The device entity can be filtered not only by its own properties (described previously), but also by the properties of its related entities.

CVE

When filtering a device by its related CVEs, it means that we consider only devices that are vulnerable to the matching CVEs.

πŸ“˜

To learn more about the cve entity, see the documentation page.

Threat

When filtering a device by its related threats, it means that we consider only devices that were actually attacked by the matching threats.

πŸ“˜

To learn more about the threat entity, see the documentation page.

Explorer

You can play with the device API directly in the explorer page in the management console.

Example use-cases

  1. Market share of mobile phone operating systems: (explore)
/api/v1/device/_search?groupBy=osTitle&type[eq]=Mobile Phones

[
    {
        "osTitle": "iOS 15",
        "share": 0.556
    },
    {
        "osTitle": "Android 12",
        "share": 0.1302
    },
    {
        "osTitle": "iOS 14",
        "share": 0.0819
    },
    ...,
]
  1. Which PLCs are the least risky? (explore)
/api/v1/device/_search?groupBy=brand&groupBy=model&calculate=avgRisk&orderBy=avgRisk:asc&type[eq]=PLCs

[
    {
        "brand": "Contemporary Control",
        "model": "SIMATIC S7-300, CPU319-3 PN/DP, 2 MB",
        "avgRisk": 2
    },
    {
        "brand": "Rockwell Automation",
        "model": "2080-LC50-24QWB",
        "avgRisk": 2
    },
    ...,
]
  1. Which industry is mostly affected by the Log4Shell zero-day vulnerability? (explore)
/api/v1/device/_search?groupBy=industry&calculate=share&cve.id[eq]=CVE-2021-44228

    {
        "industry": "Manufacturing",
        "share": 0.6183
    },
    {
        "industry": "Health Care and Social Assistance",
        "share": 0.1824
    },
    ...,

Enums and lists

Some fields that are available for filtering and grouping the device entity are populated with a closed list of possible values, as described next:

industry: The industry in which we detected the device profile, as defined by the North American Industry Classification System (NAICS)
  • Accommodation and Food Services
  • Administrative and Support and Waste Management and Remediation Services
  • Agriculture, Forestry, Fishing and Hunting
  • Arts, Entertainment, and Recreation
  • Construction
  • Educational Services
  • Finance and Insurance
  • Health Care and Social Assistance
  • Information
  • Management of Companies and Enterprises
  • Manufacturing
  • Mining
  • Other Services (except Public Administration)
  • Professional, Scientific, and Technical Services
  • Public Administration
  • Real Estate Rental and Leasing
  • Retail Trade
  • Transportation and Warehousing
  • Utilities
  • Wholesale Trade
group: The top-level classification of the device as defined by Armis
  • IT (Information Technology)
  • IoMT (Internet of Medical Things)
  • IoPT (Internet of Personal Things)
  • IoT (Internet of Things)
  • OT (Operational Technology)
category: The category of the device as defined by Armis
  • Automations
  • Automotives
  • Communications
  • Computers
  • Displays
  • Generic IOTs
  • Handhelds
  • Imaging
  • Inputs
  • Instruments
  • Manufacturing Equipment
  • Medical
  • Multimedia
  • Network Equipment
  • Payments
  • Security
  • Server Rack Components
  • Toys
  • Wearables
type: The type of the device as defined by Armis
  • AC Drives
  • ATMs
  • AV Transmitters
  • Access Controls
  • Access Points
  • Acute Cares
  • Alarms
  • Amplifiers
  • Analog Gateways
  • Anesthesia Machines
  • Angiography
  • Appliances
  • Attendance Systems
  • Audio Headsets
  • Barcode Readers
  • Beacons
  • Biopsy Systems
  • CR Systems
  • CTs
  • Cabinets
  • Cable Managers
  • Cars
  • Carts
  • Central Stations
  • Charging Stations
  • Chassis
  • Controllers
  • Cooling Units
  • Credit Card Reader
  • DSPs
  • DVRs
  • Dash Cams
  • Defibrillators
  • Desktops
  • Diagnostics
  • Dialysis Machines
  • Digital Cameras
  • Drive Thru Equipment
  • Driver Terminals
  • Drones
  • ECGs
  • EEGs
  • Electric Scooters
  • Elevator Panels
  • Emergency Response
  • Endoscopy
  • Engineering Stations
  • Engineering Workstations
  • Ereaders
  • Field Devices
  • Fillers
  • Firewalls
  • Fitness
  • Fluoroscopy
  • Frames
  • Game Consoles
  • Game Machines
  • Gaming
  • Gateways
  • General Imaging
  • Generic IO's
  • Generic OT's
  • Generic Rack Components
  • HMI Panels
  • HMI
  • HVACs
  • Historians
  • Hotspots
  • Household Appliances
  • Hypervisor
  • I/O
  • IOT Gateways
  • IP Cameras
  • Imaging Workstations
  • Industrial Managed Switches
  • Industrial PC
  • Industrial Robots
  • Infusion Docking Stations
  • Infusion Pumps
  • Interactive Kiosks
  • Intercoms
  • Intrusion Prevention Systems
  • Keyboards
  • Kitchen Display Systems
  • Lab Equipment
  • Laptops (by adapter)
  • Laptops
  • Life Supports
  • Lightings
  • MRIs
  • Malicious
  • Mammography
  • Material Transport
  • Measuring Instruments
  • Media Controllers
  • Media Players
  • Media Writers
  • Medication Dispensing Systems
  • Mobile Phones
  • Monitoring Equipment
  • Monitors
  • Motor Controllers
  • Mouses
  • Navigation Control Systems
  • Nuclear Medicine
  • Nurse Call
  • Operator Workstations
  • Optometry Systems
  • PACSs
  • PDUs
  • PFT Systems
  • PLCs
  • POC Diagnostics
  • Panel PCs
  • Panels
  • Patch Panels
  • Patient Monitors
  • Payment Terminals
  • Pentests
  • Personal Computers
  • Pill Counters
  • Pneumatic Tube Systems
  • Points of Sale
  • Postage Meters
  • Power Monitors
  • Printers
  • Product Scanners
  • Projectors
  • Radiology Injection
  • Radiology Systems
  • Remote IO's
  • Routers
  • SCADA Clients
  • SCADA Servers
  • Safes
  • Scanners
  • Security Equipment
  • Sensors
  • Servers
  • Servo Drives
  • Single-Board Computers
  • Smart Cameras
  • Smart Glasses
  • Smart Switches
  • Speakers
  • Sterilizations
  • Storage Server
  • Storage and Transport
  • Surgical Systems
  • Switches
  • TVs
  • Tablets
  • Telehealth Systems
  • Telephony Systems
  • Terminal Servers
  • Therapeutics
  • Thermostats
  • Thin Client
  • Treatment Equipment
  • Triggers
  • Trucks
  • UPS
  • Ultrasounds
  • VCs
  • VLANs
  • VR Headsets
  • Ventilators
  • Video Broadband Devices
  • Video Surveillance
  • Virtual Assistants
  • Virtual Machines
  • VoIPs
  • Vulnerability Scanners
  • WAN Optimizers
  • WLCs
  • Watches
  • Weather Instruments
  • Wireless Equipment
  • Workstations
  • X-Rays

Relationship between group, category, and type

When Armis detects a device type, its category and group are automatically derived according to the hierarchy type -> category -> group.
The full hierarchy tree can be seen here:

OT
    Automations
    • Access Controls
    • AC Drives
    • Alarms
    • Charging Stations
    • Controllers
    • Cooling Units
    • Elevator Panels
    • Household Appliances
    • HVACs
    • IOT Gateways
    • Lightings
    • Navigation Control Systems
    • Panels
    • PDUs
    • Postage Meters
    • Safes
    • Security Equipment
    • Thermostats
    • Triggers
    • UPS
    Manufacturing Equipment
    • Barcode Readers
    • Engineering Stations
    • Engineering Workstations
    • Field Devices
    • Generic IO's
    • Generic OT's
    • Historians
    • HMI
    • HMI Panels
    • Industrial Managed Switches
    • Industrial PC
    • Industrial Robots
    • I/O
    • Motor Controllers
    • Operator Workstations
    • PLCs
    • Power Monitors
    • Remote IO's
    • SCADA Clients
    • SCADA Servers
    • Servo Drives
    • Smart Cameras
    • Thin Client
IoT
    Automotives
    • Cars
    • Dash Cams
    • Driver Terminals
    • Electric Scooters
    • Trucks
    Displays
    • Interactive Kiosks
    • Kitchen Display Systems
    • Monitors
    • Projectors
    • TVs
    Generic IOTs
    • Attendance Systems
    • Beacons
    • Sensors
    • Smart Switches
    Imaging
    • Digital Cameras
    • IP Cameras
    • Printers
    • Scanners
    Instruments
    • Game Machines
    • Measuring Instruments
    • Weather Instruments
    Multimedia
    • Audio Headsets
    • AV Transmitters
    • DVRs
    • Game Consoles
    • Media Controllers
    • Media Players
    • Speakers
    • Video Broadband Devices
    • Video Surveillance
    • Virtual Assistants
    • VR Headsets
    Payments
    • ATMs
    • Credit Card Reader
    • Drive Thru Equipment
    • Payment Terminals
    • Points of Sale
    • Product Scanners
    Security
    • Firewalls
    • Intrusion Prevention Systems
    • Malicious
    • Vulnerability Scanners
    Toys
    • Drones
IT
    Communications
    • Analog Gateways
    • DSPs
    • Intercoms
    • Telephony Systems
    • VCs
    • VoIPs
    • Wireless Equipment
    Computers
    • Desktops
    • Hypervisor
    • Laptops
    • Laptops (by adapter)
    • Personal Computers
    • Single-Board Computers
    • Servers
    • Storage Server
    • Virtual Machines
    Inputs
    • Gaming
    • Keyboards
    • Mouses
    Network Equipment
    • Access Points
    • Access Point Interface
    • Amplifiers
    • Appliances
    • Gateways
    • Hotspots
    • Pentests
    • Routers
    • Switches
    • VLANs
    • WAN Optimizers
    • WLCs
    Server Rack Components
    • Cabinets
    • Cable Managers
    • Chassis
    • Fillers
    • Frames
    • Generic Rack Components
    • Patch Panels
IoPT
    Handhelds
    • Ereaders
    • Mobile Phones
    • Tablets
    Wearables
    • Smart Glasses
    • Watches
IoMT
    Medical
    • Acute Cares
    • Anesthesia Machines
    • Angiography
    • Biopsy Systems
    • Carts
    • Central Stations
    • CR Systems
    • CTs
    • Defibrillators
    • Diagnostics
    • Dialysis Machines
    • ECGs
    • EEGs
    • Emergency Response
    • Endoscopy
    • Fitness
    • Fluoroscopy
    • General Imaging
    • Imaging Workstations
    • Infusion Docking Stations
    • Infusion Pumps
    • Lab Equipment
    • Life Supports
    • Mammography
    • Material Transport
    • Media Writers
    • Medication Dispensing Systems
    • Monitoring Equipment
    • MRIs
    • Nuclear Medicine
    • Nurse Call
    • Optometry Systems
    • PACSs
    • Panel PCs
    • Patient Monitors
    • Pill Counters
    • PFT Systems
    • Pneumatic Tube Systems
    • POC Diagnostics
    • Radiology Injection
    • Radiology Systems
    • Sterilizations
    • Storage and Transport
    • Surgical Systems
    • Telehealth Systems
    • Terminal Servers
    • Therapeutics
    • Treatment Equipment
    • Ultrasounds
    • Ventilators
    • Workstations
    • X-Rays

Updated 4 months ago