Skip to main content

Device Overview

See a device's security score, live system stats, active alerts, network info, and recent sessions — all from one tab.

Updated this week

Introduction

The Overview tab is the first thing you see when you open a device in Level. It surfaces the information you're most likely to need at a glance: security posture, live system stats, active alerts, network details, and recent remote sessions.

You don't need to dig through sub-tabs to figure out whether something's wrong. If it is, the Overview will tell you.

Device Overview

Open any device from Devices (or any global view) and you'll land on the Overview tab by default.

The breadcrumb at the top shows the device's group path — for example, All devices → Human Resources → Benefits — so you always know where in the hierarchy a device lives.

Device Overview

Device Header

The header at the top of every Device Details page shows the device's name, online status, and any assigned tags.

  • Name — The device's nickname if one has been set, otherwise the hostname.

  • Status badge — Online, Offline, or Managed, updated in real time.

  • Tags — Colored tag pills (like VPN or WORKSTATION) show which tags are currently applied. Click any tag to get quick options: Edit tag, Remove tag, or View all tag targets.

The OS icon on the left side of the device name is a quick-access remote button. Left-click it to open a remote control session immediately. Right-click it to see all connection options — Remote control, Terminal, File explorer, Processes, and Services. The same options are available from the remote access button (screen icon) in the top-right button cluster.

Four buttons sit in the top-right corner:

  • Remote access dropdown (screen icon) — Launches remote control which also provides Terminal, File explorer, Processes, and Services directly from the remote control sidebar.

  • Flag dropdown (flag icon) — Flag this device with a note visible to your whole organization.

  • Tags dropdown (tag icon) — Add or remove tags. You can search existing tags or create a new one inline.

  • Actions — Device-level actions including Maintenance mode, Install all updates, Shut down, Restart, running scripts, group assignment, renaming, and Delete.

⚠️ WARNING: Deleting a device removes it from the Level console immediately. The Level agent uninstalls from the target device automatically within 5 minutes. If the device is offline when deleted, the uninstall command is sent the next time it comes online. To bring the device back under management, the agent will need to be reinstalled.

Flagging a Device

Flags are an org-wide way to mark a device that needs attention. When you flag a device, the flag and your note are visible to all technicians in your organization — both on the Overview tab and in the device listing.

To flag a device:

  1. Click the Flag button in the top-right header.

  2. Enter a reason in the Reason for flagging this device field.

  3. Click Create flag.

Flagging a Device

💡 TIP: Flags are separate from alerts — they don't come from monitors and don't trigger automations. Use flags for manual, human-attention callouts ("Waiting on user to confirm wipe" or "Do not restart — active deployment"). Use monitors for automated detection.

Quick Actions from the Overview

You can take most common device actions without leaving the Overview tab. The Actions menu covers:

  • Toggling Maintenance mode

  • Install all updates

  • Shut down or Restart

  • Run automation

  • Run saved script — runs a script immediately on this device

  • Add to recent script run — adds this device to an existing script run automation (see below)

  • Assign to group

  • Edit notes

  • Rename

  • Delete

Security Score

The security score is a 1–100 rating of the device's security posture. Every device gets a score, but the checks that make it up vary by OS. Each check shows a green checkmark (pass) or a red circle (fail). Failed checks lower the score.

Security Score

The score also displays a risk label — Low risk, Moderate risk, High risk, or Very high risk — based on the numeric value. Each check has a tooltip (?) explaining what it measures and what a passing status means.

Windows

  • Disk encryption — Whether the primary disk is encrypted (e.g., BitLocker).

  • OS version — Whether the OS is current and supported.

  • Auto-update — Whether updates are managed by a Level patch policy ("Managed") or auto-updates are enabled and configured ("Good").

  • Patch compliance — Whether all available required updates are installed.

  • Firewall — Whether Windows Firewall (or a recognized third-party firewall) is active and properly configured.

  • Antivirus — Whether an active, up-to-date AV product is detected.

  • Internet settings — Whether browser/internet security zones are configured appropriately.

  • User account control — Whether UAC is enabled.

  • Windows Security Center service — Whether the Security Center service is running.

  • Administrator accounts — The number of accounts with local admin privileges.

macOS

  • Firewall — Whether the macOS firewall is active.

  • Stealth mode — Whether stealth mode is enabled (prevents the device from responding to network probes).

  • Disk encryption — Whether FileVault is enabled on the primary disk.

  • Gatekeeper — Whether Gatekeeper is enabled (restricts app installs to trusted sources).

  • Patch compliance — Whether all available required updates are installed.

  • OS version — Whether the OS is current and supported.

Linux

  • Disk encryption — Whether the primary disk is encrypted.

  • Firewall — Whether a firewall (e.g., ufw) is active.

  • OS security — Whether a mandatory access control system (e.g., AppArmor, SELinux) is active.

  • Patch compliance — Whether all available required updates are installed.

  • OS version — Whether the OS is current and supported.

ℹ️ NOTE: The security score reflects what Level can observe through the agent. It's a useful signal, but it doesn't replace a dedicated security audit or compliance scan.

System Stats

Four widgets display live system performance data pulled from the device agent.

  • CPU — Current utilization percentage, with core count and clock speed. The sparkline shows recent utilization history.

  • Memory — Current usage as a percentage, with used GB vs. total GB. The sparkline shows recent usage history.

  • Disk — Free and total space for each partition on the device. Each partition shows a lock icon indicating whether it's encrypted. If encryption is active, a View encryption keys link appears in the widget header.

  • Uptime — Percentage uptime and average ping time in milliseconds to Level's infrastructure.

ℹ️ NOTE: Stats update when the agent checks in. There's a short polling interval, so the numbers may lag by a minute or two — they're not quite real-time.

Encryption Keys

If a partition is encrypted, Level stores the encryption key so it can be retrieved if needed. Click View encryption keys in the Disk widget to open the keys panel.

Disk Encryption Keys

The panel has two tabs:

  • Active — The current encryption key for each encrypted partition. Includes the partition name and the date the key was created. Click the copy icon to copy the key to your clipboard.

  • History — Previous keys for each partition, including when they were created and when they were archived.

⚠️ WARNING: Encryption keys are required to access encrypted data if a recovery is needed.

Location

Between the security score and system stats, Level displays the device's public IP address with a geocoded location and a small map.

Device Location

This reflects where the device's public IP resolves to geographically — useful for spotting devices connecting from unexpected locations. The location is derived from the IP and may not match the device's physical address exactly.

System Information

Below the location widget, the Overview surfaces key device metadata in three groups.

System Information

System

  • Hostname

  • Device type (Workstation, Server, etc.)

Operating system

  • OS name and version

  • OS architecture

Network

  • Public IP

  • Private IP

  • Default gateway

Access information

  • Last seen (last agent check-in timestamp)

  • Last logged in user

  • Last reboot time

  • System uptime

Notes

The Notes field is a freeform text area for recording anything relevant about this device — context, known issues, instructions for other technicians, whatever's useful.

Click Edit to open the notes editor. Notes are visible to any technician with access to this device. You can also edit notes from Actions → Edit notes without scrolling down.

Active Alerts

The Active Alerts panel lists any currently firing alerts for this device. Columns show severity, trigger details, when the alert started, and whether an automation ran in response.

Active Alerts

Click an alert row to expand it and see the full alert payload.

View all alerts (top-right of the panel) takes you to the device's Alerts tab, where you can see the full history including resolved alerts.

For alert configuration and severity definitions, see Monitors.

Recent Sessions

The Recent Sessions panel shows the last few connections to this device, including remote control, terminal, file explorer, processes, and services sessions. Columns show session type, date, duration, and which technician ran it.

Recent Sessions

This is a quick way to see who was on a device and what kind of access they used, without digging into full audit logs.

FAQ

  • What does the security score actually measure? Each check carries a different weight based on the severity of the issue it detects — a missing firewall hits the score harder than, say, a suboptimal internet settings configuration. The final 1–100 number reflects both how many checks pass and how significant the failing ones are. Level plans to make the score customizable in a future update.

  • Why are some security checks showing as failed? The agent checks whether a security tool is active and recognized, not just installed. An AV product that's disabled, expired, or not integrated with Windows Security Center will fail even if the software is present. Same for disk encryption — BitLocker installed but not encrypting the drive will show as failed. The security score can take up to 5 minutes to reflect changes after the agent checks in.

  • What's the difference between the Notes field here and notes in the Actions menu? They're the same field. Actions → Edit notes is just a shortcut to the same editor that appears at the bottom of the Overview tab.

  • Who can see and edit device notes? Any technician with access to the device's group can view notes. Edit access follows the same group-level permissions. For permission configuration, see Workspace → Permissions.

  • What happens when I flag a device? A flag and your note become visible to all technicians in your organization — in both the device listing and on the Overview tab. Flags don't trigger alerts, automations, or notifications. They're manual callouts for your team.

  • What's the difference between a flag and an alert? Alerts are generated automatically by monitors when a condition is detected (high CPU, a failing service, a missed patch, etc.). Flags are set manually by a technician to communicate something to the rest of the team. They serve different purposes and don't interact with each other.

Related Articles
Device Listing
Popular Resources
Reporting
Disk Usage Monitor
Device System
Did this answer your question?