Specific Assets - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Cortex XDR
Creation date
Last date published
Administrator Guide


Ingesting and Viewing Cloud Compute Instances for Cloud Inventory Assets requires a Cortex XDR Pro per GB license.

The Specific Assets pages enable you to view specific assets from a designated asset category. Each specific table contains the common columns that are listed in the All Assets table and some additional specific columns that are relevant for the type of asset.

To view the Specific Assets pages, select AssetsAsset InventorySpecific Assets, and select a specific asset category.

By default, the Specific Assets pages display the assets according to the name of the asset. To search for specific assets, use the filters above the results table to narrow the results. You can export the tables and respective asset views to a tab-separated values (TSV) file. From the Specific Assets page, you can also manage the asset's output using the right-click pivot menu.

When any row in the table is selected, a side panel on the right with greater details is displayed, where you can view additional data divided by sections. The section heading names and data displayed change depending on the source of the assets.

The table below describes the following for the different Specific Assets pages.


The Specific Assets listed are dependent on your Cortex XDR license. For more information, see All Assets.

  • Specific Assets—The name of the specific asset page.

  • Description—A brief description of the assets included on the specific asset page.

  • Unique Fields—The unique fields that are only available when viewing this specific asset page, and are displayed in addition to the common fields listed for the All Assets page. These fields are exposed by default.

Specific Assets


Unique Fields

Cloud Compute Instance

Include assets that are managed by Agents, where the agent reported that the assets are in a cloud environment. In addition, the assets can be Cloud Compute Instances that were reported by a Cloud integration (i.e. Cloud Inventory data collector) with or without a Cortex agent.

Cortex XDR attempts to associate the data received from the agent and the data received from the Cloud Integration and tie them together into a single asset.

No specific unique fields are displayed in addition to the common fields.


Includes devices that have an Agent and also devices that were identified by various sources yet were not associated with an Agent, such as IoT devices.

Does not include devices that are in the cloud.

The following attributes are relevant for IoT devices and indicate the category and subcategory to which an IoT device belongs. For example, the category may identify network behaviors common to all security cameras. Respectively, the model identifies the model of the IoT device.





Certificates (also known as digital or public key certificates) are used when establishing encrypted communication channels to identify and authenticate a trusted party. The most common use of certificates is for SSL/TLS, HTTPS, FTPS, SSH, and VPN connections. The most common use of certificates is for HTTPS-based websites, which allow a web browser to validate that an HTTPS web server is an authentic website. Cortex XDR tracks information for each certificate, such as Issuer, Public key, Public Key Algorithm, Subject, Subject Alternative Names, Subject Organization, Subject Country, Subject State, and several “crypto health” checks.





A domain name attributed to an organization by Cortex XDR . Subdomains of attributed Domains are also tracked as Domains. When there are too many (>1k) recent subdomains for one domain, Cortex XDR collapses them into the parent domain.

RESOLVES—Indicates whether the domain has a DNS resolution.

Unassociated Responsive IPs

An IP that currently or has previously exposed an External Service which was detected by Cortex XDR and associated with the organization.

Only Responsive IPs and certificates that have at least one active Service are displayed in the Asset Inventory.

Externally detected Responsive IPs are matched with existing assets using the asset’s IP addresses. If the Responsive IP was matched to an existing asset, its data is added to the asset. Any externally detected Responsive IP that was not matched with an existing asset, is considered an independent asset of type “Unassociated External Responsive IP”.

No specific unique fields are displayed in addition to the common fields.