Inventory Management

Gaining an overview of IT inventory and asset information is critical for avoiding compromise and verifying systems are in the correct state.

Traditionally, inventory information is kept in spreadsheets or manually-maintained asset databases that, in today’s fast-paced world, grow out of date the minute they are created. Furthermore, non-technical users often have trouble generating the reports they need because the user interfaces are difficult to use and understand.

The result is often a demand for system administrators and engineers to collect data and make custom reports upon request, which leads to high cost and long wait times to get the required reports.

CFEngine Enterprise’s inventory management features help fill this gap by providing near real-time inventory information automatically collected and an easy-to-use inventory management reporting interface.

CFEngine’s inventory management features can easily answer common questions such as:

  • What version of our web application is running, and where?
  • What is the distribution of the OS versions?
  • Which nodes have less than 10% disk free?
  • Which nodes have port 25 open?
  • Which nodes belong to a certain subnet?
  • Which nodes have Splunk installed?
  • Which nodes are patched against the latest SSL vulnerability?
  • Which nodes have proper security settings?

Inventory reporting interface

CFEngine Enterprise provides you with a graphical user interface called Mission Portal which provides visibility into your infrastructure. The easy-to-use inventory management UI offers you full reports of your inventory information – allowing you to filter, sort, and export reports & graphs.



Want to see more examples of various valuable reports?

  • Out of the box attributes

    As soon as you install CFEngine on a node, many inventory attributes are immediately collected and ready for reporting in the inventory management reporting interface.




    It is easy to add any of these attributes to generate a report, even for non-technical users, allowing for complete self-service.




    Inventory attributes can also easily be graphed, to detect anomalies or see the distribution across the environment.




    Even though CFEngine Enterprise provides many useful attributes out of the box, there is often environment-specific information you would like to add to CFEngine’s inventory.

    If a sudden security issue emerges, you can extend and use inventory reporting to check which nodes are vulnerable and prove compliance. First, use the inventory reporting interface to detect which nodes are affected. Secondly, use CFEngine to deploy a fix. After the fix is applied, you can go back to the report to verify that the affected nodes are remediated.

    Another popular use-case is to have CFEngine run a command, e.g. a hardware status tool, and collect inventory from the output of this command. This approach allows for endless opportunities when it comes to reporting of node inventory!




    To learn more, you can see the tutorial on how to report on custom inventory and how to report and remediate security vulnerabilities.