Skip to content

NinjaOne Capabilities

When NinjaOne is connected, the AI agent can perform the following actions during ticket triage.

Device Information

ToolDescriptionRisk Level
Get Device InfoRetrieve device details including online status, OS, system info, and network identifiersLow
Search DevicesSearch for devices by name, device class, or online statusLow
Get Network InfoRetrieve network interfaces, IP addresses, and MAC addressesLow
Get Logged UsersList currently logged-in users on a deviceLow
Get Installed SoftwareGet installed software inventory including name, version, publisher, and install dateLow
Get Disk DrivesGet disk drive information including model, size, status, and SMART capabilityLow
Get Storage VolumesGet storage volumes including capacity, free space, and BitLocker statusLow
Get CPU InfoGet processor information including name, cores, clock speed, and architectureLow

Security and Compliance

ToolDescriptionRisk Level
Get Device AlertsGet active alerts for a device including severity and sourceLow
Get OS PatchesGet OS patches including KB number, severity, and approval statusLow
Get Windows ServicesGet Windows services including state (Running/Stopped) and start typeLow

Cross-Device Queries

These tools query data across all devices in your NinjaOne environment, useful for fleet-wide investigations.

ToolDescriptionRisk Level
Search All SoftwareSearch software inventory across all devicesLow
Query Antivirus StatusGet antivirus status across all devices including product name and real-time protectionLow
Query Antivirus ThreatsGet detected threats across all devices including threat name and severityLow
Query Device HealthGet device health summary across all devices including disk health and resource usageLow
Query Logged-On UsersGet all devices with their logged-on users in a single queryLow

Script Execution

ToolDescriptionRisk LevelApproval
List Available ScriptsList scripts available to execute against a deviceLowNone
Run ScriptExecute a script on a device. Returns job information for trackingHighAlways
Get Script ResultsRetrieve recent script execution activities with status and outputLowNone

Script execution is classified as high-risk and always requires explicit approval. The agent will present the script details and wait for technician or manager confirmation.

Example Workflows

Diagnosing a slow computer: The agent searches for the device by hostname, checks CPU and disk info, reviews installed software for resource-heavy applications, and queries device health for resource usage alerts.

Checking patch compliance: The agent queries OS patches across the fleet, filters for unapproved patches, and correlates with active alerts to identify vulnerable devices.

Running a remediation script: The agent lists available scripts for the device, presents the options to the technician, and after approval executes the selected script. It then polls for the script result and reports back.