All Assets - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2024-07-16
Last date published
2024-10-10
Category
Administrator Guide
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XDR/Cortex-XDR-Documentation
Abstract

Cortex XDR enables you to view all external assets from the various asset categories on the All Assets page.

Note

Ingesting and Viewing Cloud Compute Instances for Cloud Inventory Assets requires a Cortex XDR Pro per GB license.

The All Assets page enables you to view all your assets from various asset categories. Each asset is available in Cortex XDR in different ways depending on the asset category and Cortex XDR license as explained in the following table.

Asset Category

Availability in Cortex XDR

License Required

On-Prem

Automatically available

Any license

Cloud Compute Instance

Requires configuring either a Cloud Inventory data collector or Agents that are installed on the Cloud Compute Instances.

Cortex XDR Pro TB license

To view the All Assets page, select AssetsAsset Inventory.

By default, the All Assets page displays all assets according to the asset name. To search for specific assets, use the filters above the results table to narrow the results. You can export the tables and respective asset views to a tab-separated values (TSV) file. From the All Assets page, you can also manage the asset's output using the right-click pivot menu.

The All Assets table is comprised of a number of common fields that are available when viewing any of the Specific Assets pages. The TYPE field is only available in the All Assets table as this field determines the Specific Assets categories, and can be used to filter the different types of assets from the entire list of assets.

When any row in the table is selected, a side panel on the right with greater details is displayed, where you can view additional data divided by sections. The section heading names and data displayed change depending on the source of the assets.

The following table describes the fields that are available when viewing All Assets in alphabetical order.

Note

Certain fields are exposed and hidden by default. An asterisk (*) is beside every field that is exposed by default.

Field

Description

ACTIVE EXTERNAL SERVICES TYPES*

An array column that displays all the active Service types observed for this asset.

ASM IDs

The ASM identifiers for this asset, indicate it is exposed to the Internet.

BUSINESS UNITS*

A Business Unit is a designation to classify assets. tracks business units as a means to identify owning organizations of these assets. Business units become extremely important when an organization has subsidiaries and groups established through M&A activities.

CLOUD PROVIDER*

The cloud provider used to collect these cloud assets is either GCP, AWS, or Azure.

Note

This field only displays with a Cortex XDR Pro TB license.

CLOUD ID*

Displays the Resource ID as provided by the cloud provider.

Note

This field only displays with a Cortex XDR Pro TB license.

EXTERNALLY DETECTED PROVIDERS*

The provider of the asset is determined by an external assessment.

FIRST OBSERVED*

When the asset was first observed via any of the sources.

HAS ACTIVE EXTERNAL SERVICES*

A boolean value that displays whether the asset has any active external services. Use this filter to narrow down the asset inventory to internet-facing assets, and get a clear view of the organization's attack surface.

HAS XDR AGENT*

Boolean value indicating if this asset has a Cortex XDR agent installed on it.

IP ADDRESSES*

Array column specifying a list of IPs associated with this asset.

IP RANGE NAMES*

Names of the IP address ranges allocated to the IP addresses.

LAST OBSERVED*

When the asset was last observed via any of the sources.

MAC ADDRESSES*

MAC addresses associated with this asset.

NAME*

Displays the name that describes the asset as provided by the source, if provided.

OPERATING SYSTEM*

The operating system reported by the source for this asset.

REGION*

Displays the region as provided by the Cloud provider.

Note

This field only displays with a Cortex XDR Pro TB license.

SOURCES*

An array column that displays all the sources that provided observations for this asset.

TYPE*

Type of asset, which can be defined as one of the following.

Note

The options available are dependent on your Cortex XDR license.

  • Cloud Compute Instance

  • On-Prem

This field is unique to the All Assets table.

XDR AGENT ID

If there is an endpoint installed on this asset, this is the endpoint ID.