Device

📘
Go straight to the API reference.

The device entity is the most significant building block in the Armis ecosystem.
In the context of this API, a "device" doesn't refer to a specific instance of a device (e.g., my cellphone), but rather to a device profile.

Device profile

A device profile is a term that represents devices that share similar properties, such as the same brand (e.g., Apple) or the same operating system (e.g., macOS 11).

Supported properties

Property	Meaning	Example
`industry`	The industry in which we detected the device profile, as defined by the North American Industry Classification System (NAICS)	`Accommodation and Food Services`
`group`	The top-level classification of the device as defined by Armis	`IT`
`category`	The category of the device as defined by Armis	`Computers`
`type`	The type of the device as defined by Armis	`Personal Computers`
`brand`	The brand (a.k.a manufacturer)	`Apple`
`model`	The model	`MacBook Pro (15-inch, 2019)`
`osName`	The name of the operating system	`macOS`
`osVersion`	The version of the operating system	`11.6.4`
`osTitle`	The name of the operating system with its major-version	`macOS 11`

Supported calculations

Name	Meaning
`share`	The ratio of the amount of devices of the current grouping out of all devices matching the search criteria.
`avgRisk`	The average risk of the devices matching the search criteria and grouping.
`bucket`	How many devices are in the current grouping, as buckets of order of magnitude
`avgOrgShare`	The average share in an organization of the devices matching the search criteria and grouping. Must be explicitly requested to be calculated.

Related entities

The device entity can be filtered not only by its own properties (described previously), but also by the properties of its related entities.

CVE

When filtering a device by its related CVEs, it means that we consider only devices that are vulnerable to the matching CVEs.

📘
To learn more about the cve entity, see the documentation page.

Threat

When filtering a device by its related threats, it means that we consider only devices that were actually attacked by the matching threats.

📘
To learn more about the threat entity, see the documentation page.

Explorer

You can play with the device API directly in the explorer page in the management console.

Example use-cases

Market share of mobile phone operating systems: (explore)

/api/v1/device/_search?groupBy=osTitle&type[eq]=Mobile Phones

[
    {
        "osTitle": "iOS 15",
        "share": 0.556
    },
    {
        "osTitle": "Android 12",
        "share": 0.1302
    },
    {
        "osTitle": "iOS 14",
        "share": 0.0819
    },
    ...,
]

Which PLCs are the least risky? (explore)

/api/v1/device/_search?groupBy=brand&groupBy=model&calculate=avgRisk&orderBy=avgRisk:asc&type[eq]=PLCs

[
    {
        "brand": "Contemporary Control",
        "model": "SIMATIC S7-300, CPU319-3 PN/DP, 2 MB",
        "avgRisk": 2
    },
    {
        "brand": "Rockwell Automation",
        "model": "2080-LC50-24QWB",
        "avgRisk": 2
    },
    ...,
]

Which industry is mostly affected by the Log4Shell zero-day vulnerability? (explore)

/api/v1/device/_search?groupBy=industry&calculate=share&cve.id[eq]=CVE-2021-44228

    {
        "industry": "Manufacturing",
        "share": 0.6183
    },
    {
        "industry": "Health Care and Social Assistance",
        "share": 0.1824
    },
    ...,

Enums and lists

Some fields that are available for filtering and grouping the device entity are populated with a closed list of possible values, as described next:

industry: The industry in which we detected the device profile, as defined by the North American Industry Classification System (NAICS)

Accommodation and Food Services
Administrative and Support and Waste Management and Remediation Services
Agriculture, Forestry, Fishing and Hunting
Arts, Entertainment, and Recreation
Construction
Educational Services
Finance and Insurance
Health Care and Social Assistance
Information
Management of Companies and Enterprises
Manufacturing
Mining
Other Services (except Public Administration)
Professional, Scientific, and Technical Services
Public Administration
Real Estate Rental and Leasing
Retail Trade
Transportation and Warehousing
Utilities
Wholesale Trade

group: The top-level classification of the device as defined by Armis

IT (Information Technology)
IoMT (Internet of Medical Things)
IoPT (Internet of Personal Things)
IoT (Internet of Things)
OT (Operational Technology)

category: The category of the device as defined by Armis

Automations
Automotives
Communications
Computers
Displays
Generic IOTs
Handhelds
Imaging
Inputs
Instruments
Manufacturing Equipment
Medical
Multimedia
Network Equipment
Payments
Security
Server Rack Components
Toys
Wearables

type: The type of the device as defined by Armis

3D Printers
AC Drives
ATA Boxes
ATMs
AV Transmitters
Access Controls
Access Points
Access Readers
Access Solutions
Acute Cares
Alarm Systems
Alarms
Amplifiers
Analog Gateways
Anesthesia Machines
Angiography
Appliances
Attendance Systems
Audio Headsets
Automatic Counters
Barcode Readers
Beacons
Biometric Scanners
Biopsy Systems
Body Cameras
Building Control Systems
CR Systems
CTs
Cabinets
Cable Managers
Cars
Carts
Cash Deposit Machines
Central Stations
Charging Stations
Chassis
Conference Control Systems
Controllers
Cooling Units
Credit Card Reader
DSPs
DVRs
Dash Cams
Defibrillators
Desktops
Diagnostics
Dialysis Machines
Digital Cameras
Door Control Modules
Doorbells
Drive Thru Equipment
Driver Terminals
Drones
ECGs
EEGs
Electric Scooters
Elevator Panels
Emergency Response
Endoscopy
Engineering Stations
Engineering Workstations
Ereaders
Field Devices
Fillers
Firewalls
Fitness
Fluoroscopy
Frames
Franking Machines
Game Consoles
Game Machines
Gaming
Gateways
General Imaging
Generic IO's
Generic OT's
Generic Rack Components
HMI Panels
HMI
HVACs
Historians
Hotspots
Household Appliances
Hypervisor
I/O
IOT Gateways
IP Cameras
Imaging Workstations
Industrial Managed Switches
Industrial PC
Industrial Robots
Infusion Docking Stations
Infusion Pumps
Interactive Kiosks
Intercoms
Intrusion Prevention Systems
Keyboards
Kitchen Display Systems
Lab Equipment
Laptops (by adapter)
Laptops
Life Supports
Lightings
MRIs
Malicious
Mammography
Material Transport
Measuring Instruments
Media Controllers
Media Players
Media Writers
Medication Dispensing Systems
Mobile Phones
Monitoring Equipment
Monitors
Motor Controllers
Mouses
Navigation Control Systems
Network Video Recorders
Nuclear Medicine
Nurse Call
Operator Workstations
Optometry Systems
PACSs
PDUs
PFT Systems
PLCs
POC Diagnostics
Panel PCs
Panels
Patch Panels
Patient Monitors
Payment Terminals
Pentests
Personal Computers
Pill Counters
Pneumatic Tube Systems
Points of Sale
Postage Meters
Power Monitors
Printers
Product Scanners
Projectors
Radiology Injection
Radiology Systems
Remote Console Managers
Remote IO's
Routers
SCADA Clients
SCADA Servers
Safe Deposit Boxes
Safes
Scanners
Security Equipment
Sensors
Servers
Servo Drives
Single-Board Computers
Smart Cameras
Smart Glasses
Smart Switches
Speakers
Sterilizations
Storage Server
Storage and Transport
Surgical Systems
Switches
TVs
Tablets
Telehealth Systems
Telephony Solutions
Telephony Systems
Terminal Servers
Therapeutics
Thermostats
Thin Client
Time Recording Terminals
Treatment Equipment
Triggers
Trucks
UPS
Ultrasounds
VCs
VLANs
VR Headsets
Ventilators
Video Broadband Devices
Video Surveillance
Virtual Assistants
Virtual Desktops
Virtual Machines
Virtual Servers
VoIPs
Voice Gateways
Vulnerability Scanners
WAN Optimizers
WLCs
Watches
Weather Instruments
Wireless Equipment
Wireless Presentations
Workstations
X-Rays

Relationship between `group`, `category`, and `type`

When Armis detects a device type, its category and group are automatically derived according to the hierarchy type -> category -> group.
The full hierarchy tree can be seen here:

OT

Automations

Access Controls
AC Drives
Alarms
Attendance Systems
Automatic Counters
Building Control Systems
Charging Stations
Controllers
Cooling Units
Door Control Modules
Elevator Panels
Household Appliances
HVACs
IOT Gateways
Lightings
Monitoring Equipment
Navigation Control Systems
Panels
PDUs
Postage Meters
Safes
Security Equipment
Thermostats
Time Recording Terminals
Triggers
UPS

Manufacturing Equipment

Barcode Readers
Engineering Stations
Engineering Workstations
Field Devices
Generic IO's
Generic OT's
Historians
HMI
HMI Panels
Industrial Managed Switches
Industrial PC
Industrial Robots
I/O
Motor Controllers
Operator Workstations
PLCs
Power Monitors
Remote IO's
SCADA Clients
SCADA Servers
Servo Drives
Smart Cameras
3D Printers

IoT

Automotives

Cars
Dash Cams
Driver Terminals
Electric Scooters
Trucks

Displays

Interactive Kiosks
Kitchen Display Systems
Monitors
Projectors
TVs

Generic IOTs

Beacons
Sensors
Smart Switches

Imaging

Body Cameras
Digital Cameras
IP Cameras
Printers
Scanners
Video Surveillance

Instruments

Game Machines
Measuring Instruments
Weather Instruments

Multimedia

Audio Headsets
AV Transmitters
DVRs
Game Consoles
Media Controllers
Media Players
Speakers
Video Broadband Devices
Virtual Assistants
VR Headsets
Wireless Presentations

Payments

ATMs
Cash Deposit Machines
Credit Card Reader
Drive Thru Equipment
Franking Machines
Payment Terminals
Points of Sale

Security

Access Solutions
Access Readers
Alarm Systems
Doorbells
Firewalls
Intrusion Prevention Systems
Malicious
Safe Deposit Boxes
Vulnerability Scanners
Network Video Recorders

Toys

Drones

IT

Communications

Analog Gateways
ATA Boxes
DSPs
Intercoms
Telephony Systems
VCs
VoIPs
Wireless Equipment
Conference Control Systems
Telephony Solutions
Voice Gateways

Computers

Desktops
Hypervisor
Laptops
Laptops (by adapter)
Personal Computers
Single-Board Computers
Servers
Storage Server
Thin Client
Virtual Machines
Virtual Desktops
Virtual Servers

Inputs

Biometric Scanners
Gaming
Keyboards
Mouses

Network Equipment

Access Points
Access Point Interface
Amplifiers
Appliances
Gateways
Hotspots
Pentests
Routers
Switches
VLANs
WAN Optimizers
WLCs
Remote Console Managers

Server Rack Components

Cabinets
Cable Managers
Chassis
Fillers
Frames
Generic Rack Components
Patch Panels

IoPT

Handhelds

Ereaders
Mobile Phones
Product Scanners
Tablets

Wearables

Smart Glasses
Watches

IoMT

Medical

Acute Cares
Anesthesia Machines
Angiography
Biopsy Systems
Carts
Central Stations
CR Systems
CTs
Defibrillators
Diagnostics
Dialysis Machines
ECGs
EEGs
Emergency Response
Endoscopy
Fitness
Fluoroscopy
General Imaging
Imaging Workstations
Infusion Docking Stations
Infusion Pumps
Lab Equipment
Life Supports
Mammography
Material Transport
Media Writers
Medication Dispensing Systems
MRIs
Nuclear Medicine
Nurse Call
Optometry Systems
PACSs
Panel PCs
Patient Monitors
Pill Counters
PFT Systems
Pneumatic Tube Systems
POC Diagnostics
Radiology Injection
Radiology Systems
Sterilizations
Storage and Transport
Surgical Systems
Telehealth Systems
Terminal Servers
Therapeutics
Treatment Equipment
Ultrasounds
Ventilators
Workstations
X-Rays

Device

Device

📘
Go straight to the API reference.

Device profile

Supported properties

Supported calculations

Related entities

CVE

📘
To learn more about the `cve` entity, see the documentation page.

Threat

📘
To learn more about the `threat` entity, see the documentation page.

Explorer

Example use-cases

Enums and lists

Relationship between `group`, `category`, and `type`

Device

📘Go straight to the API reference.

Device profile

Supported properties

Supported calculations

Related entities

CVE

📘To learn more about the cve entity, see the documentation page.

Threat

📘To learn more about the threat entity, see the documentation page.

Explorer

Example use-cases

Enums and lists

Relationship between group, category, and type

📘
Go straight to the API reference.

📘
To learn more about the `cve` entity, see the documentation page.

📘
To learn more about the `threat` entity, see the documentation page.

Relationship between `group`, `category`, and `type`