The Reveal Platform is designed to monitor both individual user machines and centralized servers for threats. Currently there is a distinction made in the operator UI between these two types of devices.
In some cases, it is possible for devices that are used by an individual to appear in the Servers list. This is most likely because of the way it was enrolled to the Reveal Platform.
If an agent is enrolled using a individual enrollment bundle, which had a Digital Passport user associated with it, that device will always be tied to that user and will appear as a personal device.
If, however, an agent is enrolled using a multiple-use bundle, that device will not initially have a user associated and will appear as a Server. The Reveal Platform will only be able to associate that device with a user if it is integrated with the same directory service as the Reveal Platform. If the machines do not use a centralized authentication mechanism then they will always appear as Servers. These scenarios include (but are not limited to):
- Linux machines
- MacOS machines
- Windows machines using local authentication
In these scenarios, we would recommend deploying agents with individual user-associated bundles.
Shared Windows workstations may also appear as Servers whilst no user is logged in.