- Filters and host groups (“show me all hosts where
vendor = AWSandos_family = Linux”). - Compliance checks (“RAM > 12 GB”, “OS version contains
SLES 15”). - System alerts (NVD matching uses OS version and installed packages; SAP Security Note matching uses installed SAP components when the SAP integration is enabled).
Operating system
| Category | Examples |
|---|---|
| OS identity | OS family, distribution, version, kernel version, architecture |
| Hardware | Vendor, model, CPU count, total memory, swap, disk size |
| Networking | Primary hostname, IP addresses, FQDN |
| Security posture | SELinux mode, firewall state, fail2ban status |
| Performance | Active tuned profile, key sysctl values |
| Scheduling | Root crontab entries |
uname, dmidecode, getenforce, tuned-adm, etc.) using the agent’s service user with the sudo access listed in Prerequisites.
On Windows, OS properties come from WMI queries and the registry: Get-CimInstance, Get-WmiObject, Get-Process, Get-Service, and registry reads for installed-software data.
Packages and dependencies
For NVD vulnerability matching, the agent collects:- System packages with versions, from the native package manager (e.g.,
rpm -qa,dpkg -l). - Python dependencies with versions, for environments where Python tooling is relevant.
Application-specific properties
Beyond the standard OS data set, the agent can collect properties specific to the applications running on a host. The current first-class application integration is SAP — when enabled, the agent collects installed components, kernel versions, profile parameters, transport state, and related properties from SAP hosts. See SAP integration for the full scope. Other application-specific collectors can be added during white-glove setup based on what your environment runs.Custom properties
The list of properties the agent collects is not fixed. During white-glove setup we can configure the agent to collect additional properties specific to your environment — anything reachable from the service-user’s permissions on the host. Common examples:- Output of an internal compliance script your team already runs.
- Specific file contents or hashes (e.g., the contents of
/etc/sshd_config, a checksum of a configuration baseline). - Custom registry keys on Windows.
- Application-specific configuration values not in the default set.
Where to see what’s collected
To see what properties exist for any host, open the Hosts page in the Luumen UI and click a host. The detail view lists every property the agent has reported for that host, grouped by category. To see the raw data the agent reads on each run, open the per-host log on the Patch server atlog/[date]/checks/[host_ip].log. Property names in the log are the agent’s internal names and are close to but not always identical to the UI labels.
How the data is used downstream
Captured properties feed several parts of the platform:| Use | What it reads |
|---|---|
| Host groups (filters) | Any property — you build filters in the UI by combining property + operator + value |
| Compliance checks | Any property, evaluated by the rule builder on every run |
| NVD vulnerability matching | OS version, system packages, Python dependencies |
| SAP Security Notes matching (when SAP integration is enabled) | Installed SAP components |