Unified Inventory - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Product
Cortex XPANSE
Version
2
Creation date
2024-03-28
Last date published
2024-05-22
Category
User Guide
Solution
Cloud
Abstract

View all the assets Cortex Xpanse has attributed to your organization (excluding services, websites, and IP ranges) in the Unified Inventory table.

The InventoryUnified Inventory page enables you to view all the assets that Cortex Xpanse has attributed to your organization on one page that you can sort, filter, and download. This list view does not include services, websites, or owned IPv4 or IPv6 ranges, which are derived from your assets.

Select any row in the list view to display details about the asset in the details pane.

The table below describes the fields in the Unified Inventory list view.

Field

Description

ACTIVE SERVICE TYPES*

An array column that displays all the active service types observed for this asset.

ASN Countries

ASN countries associated with an owned responsive IP or IP range.

ASN Handles

ASN handles associated with an owned responsive IP or IP range.

ASN Record Names

ASN Record Names associated with an owned responsive IP or IP range.

ASN Registries

ASN registries associated with an owned responsive IP or IP range.

ASSET TYPE*

Type of asset, which can be one of the following:

  • Certificate

  • Cloud Compute Instance

  • Domain

  • Owned Responsive IPs

  • Prisma Cloud Resources

ASM IDs

The ASM identifiers for this asset, indicate it is exposed to the Internet.

Business Unit Overrides

Indicates that the Business Unit (BU) assignment was updated by a user.

BUSINESS UNITS

Designation to classify assets by the organization that owns the asset.

CLOUD PROVIDER*

The cloud provider used to collect these cloud assets is either GCP, AWS, or Azure.

CLOUD ID*

Displays the Resource ID as provided by the cloud provider.

EXTERNALLY DETECTED PROVIDERS*

Indicates the provider for the IP address the service is hosted on.

Externally Inferred CVEs

Externally Inferred CVEs are identified by comparing the product name and version of active service, if identifiable, with CVES for those products in the National Vulnerability Database. Additional investigation may be required to confirm if the CVE is present. Select the asset in the list view to view the asset details, which include the list of all the externally inferred CVEs.

Externally Inferred Vulnerability Score

This score is based on the highest CVSSv3 score for Externally Inferred CVEs on the services for this asset.

FIRST OBSERVED*

When the asset was first observed via any of the sources.

HAS ACTIVE SERVICES*

Indicates whether the asset has any active services. Click the link to view the services.

HAS RELATED ALERTS

Indicates whether Xpanse created alerts related to this asset. Click the link to view the related alerts.

HAS RELATED INCIDENTS

Indicates whether Xpanse created incidents related to this asset. Click the link to view the related incidents.

INTERNAL IP RANGES

IP address ranges allocated to the IP addresses.

IPv4 ADDRESSES*

Array column listing the IPv4 addresses associated with this asset.

IPv6 ADDRESSES

Array column listing the IPv6 addresses associated with this asset.

LAST OBSERVED*

When the asset was last observed via any of the sources.

NAME*

Displays the name that describes the asset as provided by the source, if provided.

NOTES

Notes that were manually added to the asset in Expander.

OPERATING SYSTEM*

The operating system reported by the source for this asset.

REGION*

Displays the region as provided by the Cloud provider.

SOURCES*

An array column that indicates the source that provided observations for this asset.

TAGS

The following types of tags can be applied to assets:

  • IR—IP Range tag. Can be applied to owned IPv4 ranges.

  • AT—Asset Tag. Can be applied to domains, certificates, cloud compute instances, Prisma Cloud resources, and owned responsive IPs.

  • AR—Attribution Reason tag. These tags are applied by Xpanse and indicate whether an asset has been attributed to you because it Has Your Content or is Registration Only.

  • TR—Rules-Based tag. Custom tags that are systematically applied to assets based on rules that you define.