Sign in Subscribe
By Robert at Fieldmark

Make tracking assets a breeze with Cross-Agent Verification (XAV)

Make tracking assets a breeze with Cross-Agent Verification (XAV)

Ever chase down a device only to find the consoles disagree? Your RMM says “installed,” the EDR shows no recent check-ins, and the MDM claims the laptop is enrolled — all at once. That’s the exact problem Fieldmark’s Cross-Agent Verification (XAV) was built to solve.

XAV isn’t another single-pane-of-glass that repeats whatever each vendor reports. It ingests the raw, factual telemetry each agent produces, correlates device identity across platforms, and presents a single, searchable history for every asset. Want to know what happened to a device or when it last phoned home? Search once in XAV and you’ll see the full story — across every product that ever touched that endpoint.

The core problem: fragmented truth

Tools lie — not maliciously, but by scope. Each agent only knows its own world:

  • RMMs can tell you a binary “installed” flag and maybe a last seen timestamp from their own check-ins.
  • EDRs know about process health, agent updates, and suspicious behaviors — but only if the agent is running and talking.
  • MDMs report config and enrollment status, which doesn’t reveal whether a dependent service is running locally.
  • DNS filters, patch managers, remote access clients — each has a partial picture.

When something goes wrong (reimaged device, failed service, network isolation, stale configs), you end up opening multiple consoles, exporting reports, cross-referencing CSVs, and still feeling uncertain.

How XAV turns that chaos into clarity

XAV does three key things that dramatically simplify asset tracking:

  1. Aggregate raw telemetry
    Instead of relying on each vendor’s summary view, XAV collects the actual telemetry — process lists, service states, check-in timestamps, TLS fingerprints, enrollment IDs — whatever each agent reports. This gives you ground truth, not an interpreted summary.
  2. Correlate device identities across platforms
    Different tools call the same laptop different things (hostname, serial, device ID, enrollment token). XAV stitches these identifiers together so one search returns every record tied to that physical device — even if names changed after a reimage.
  3. Show a unified timeline & history
    For any asset you query, XAV builds a timeline: agent installs/uninstalls, updates, registration events, user logins, last check-ins per platform, and notable gaps. The timeline makes it obvious when something diverged and which agent first reported the change.

Practical example: Find the missing device in 30 seconds

Scenario: A manager reports a laptop “disappeared” from reporting after a weekend update.

Instead of opening three consoles, here’s what you do in XAV:

  1. Search for the device (hostname / serial / user email / IP).
  2. Instantly see an aggregated card:
    • Latest known user: alice@corp
    • Last check-ins: EDR 2025-11-01 03:12, RMM 2025-10-29 22:01, MDM 2025-11-01 03:10
    • Recent events: EDR: service crash 2025-11-01 02:58, OS update 2025-10-31 23:45
    • Network footprint: last seen on VPN subnet, then private IP disappeared
  3. Open the timeline view to see the sequence: update → EDR crash → RMM stopped checking in → user reimaged machine 2025-11-02 08:12 (detected because serial remained but hostname changed)
  4. Decide: push a remote recovery, reach out to the user, or mark device for replacement — armed with the entire history.

No CSVs, no “did you check this console?” slack threads. Just one search, full context.

What XAV surfaces that single-platform views miss

  • Agent-level health versus installed flag — XAV shows whether the agent process/service is actually running, its version, and last successful handshake with its vendor backend.
  • Silent failures — a device can be “installed” but unable to reach its management console. XAV highlights divergent last-seen times and inconsistent telemetry.
  • Identity drift — reimages, hostname changes, user churn — XAV reconciles multiple identifiers so you don’t lose the asset history.
  • Cross-agent corroboration — if two platforms disagree about a device state, XAV flags the discrepancy and points to the earliest indicator.
  • User context — who last used the device, when, and from what network — useful for triage and incident response.

Use cases beyond triage

While tracking a missing laptop is the obvious win, XAV helps across the board:

  • Audit & compliance — quickly prove which devices had a given agent and when it reported data (useful for audits and policy compliance).
  • Onboarding / offboarding — verify that an agent was installed and healthy for a new hire’s machine before granting access.
  • Patch validation — confirm that patch agents and EDRs updated successfully across the fleet, and find outliers fast.
  • Incident response — reconstruct device activity across multiple vendors in minutes, not days.

Built for how teams actually work

We designed XAV for teams that don’t have time to become data-integration experts. Connect your existing platforms, and XAV does the heavy lifting:

  • Lightweight ingestion pipelines for agent telemetry (no agent bloat).
  • Smart identity correlation that tolerates hostname changes, reimages, and VPN-only devices.
  • High-density timelines that compress months of events into an actionable narrative.
  • Role-based access so SOC, IT, and auditors each see what they need.

Robert Katic - Founder, Fieldmark.io

Subscribe to Fieldmark XAV

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe