Asset Inventory - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2024-07-16
Last date published
2024-10-15
Category
Administrator Guide
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XDR/Cortex-XDR-Documentation
Abstract

From the Cortex XDR management console, you can manage your different network assets.

Cortex XDR provides a central location from which you can view and investigate information relating to assets in your network. Using your defined internal network configurations, Broker VM Network Mapper, Cortex XDR agent, EDR data collected from firewall logs, and logs from third-party vendors, Cortex XDR is able to aggregate and display a list of all the assets located within your network. As soon as Cortex XDR begins receiving network assets, you can view the data in AssetsAsset Inventory.

The following are some of the main features available to you on these pages.

  • When any row in the table is selected, a side panel on the right with greater details is displayed, where you can view additional data divided by sections. The section heading names and data displayed change depending on the source of the assets.

  • Depending on the cell you’ve selected in the table, different right-click pivot menus are available, such as Open IP View and Open in Quick Launcher.

  • You can export the tables and respective asset views to a tab-separated values (TSV) file.

You can toggle between the Legacy View and Advanced View on the page. The Legacy View displays a list of all the assets located within your network according to their IP address., while the

  • Advanced View (default)—Includes the following features:

    • You can view the data in a table format by accessing the pages for All Assets and Specific Assets, including On-Prem Assets and Cloud Compute Instances.

    • The table columns provide newly structured data with updated filtering capabilities to improve your asset visibility.

    • When any row in a table is selected, a side panel on the right with greater details is displayed, where you can view additional data divided by sections. The section heading names and data displayed change depending on the source of the assets.

    • Depending on the cell you’ve selected in the table, different right-click pivot menus are available, such as Open IP View and Open in Quick Launcher.

    • You can export the tables and respective asset views to a tab-separated values (TSV) file.

To easily investigate your asset inventory using the Legacy View.

  1. Select AssetsAsset Inventory.

  2. In the Page layout notification, toggle to the Legacy view.

  3. Filter and review your assets.

    By default, the Assets table is filtered according to unmanaged assets over the last 7 days. The following table describes both the default and optional fields in the table, and the network prerequisites required by Cortex XDR to retrieve the data.

    Field

    Description

    Prerequisites

    AGENT ID

    The ID of the agent installed on the asset. Cortex XDR only displays agents that send EDR data captured in the firewall logs.

    AGENT INSTALLED

    Whether or not the asset has an agent installed.

    AGENT VERSION

    The version of the agent installed on the asset. Cortex XDR only displays agents that send EDR data captured in the firewall logs.

    COLLECTOR RUNNING

    Whether or not a Pathfinder Data Collector is currently running on the asset.

    FIRST TIME SEEN

    Timestamp of when the IP address was first seen in the logs.

    HOST NAME

    Host name of the asset, if available.

    The asset requires at least one of the following.

    • An installed Cortex XDR agent

    • A running Cortex XDR collector

    • A Global Protect client 9.1 or a later release, configured to send HIP Match logs

    • Associated DHCP logs covering this asset are sent to Cortex XDR

    IP ADDRESS

    IP address related to the last asset associated with it.

    LAST TIME SEEN

    Timestamp of when the IP address was last seen in the logs.

    MAC ADDRESS

    Mac address of the asset.

    The asset requires at least one of the following:

    • An installed Cortex XDR agent

    • A running Cortex XDR collector

    • For Mac endpoints, a Global Protect client 9.1 or a later release, configured to send HIP Match logs

    • Associated DHCP logs covering this asset are sent to Cortex XDR

    MAC ADDRESS VENDOR

    Vendor name of the Mac address of the asset.

    The asset requires at least one of the following:

    • An installed Cortex XDR agent

    • A running Cortex XDR collector

    • For Mac endpoints, a Global Protect client 9.1 or a later release, configured to send HIP Match logs

    • Associated DHCP logs covering this asset are sent to Cortex XDR

    PLATFORM

    Platform running on the asset.

    The asset requires at least one of the following:

    • An installed Cortex XDR agent

    • A running Cortex XDR collector

    • A Global Protect client 9.1 or a later release, configured to send HIP Match logs

    RANGE NAMES

    Name of the IP address range allocated to the IP address.

    You can export your filtered results to a TSV file.