Cortex XSIAM enables you to view all external assets from the various asset categories on the All Assets page.
Note
Ingesting and Viewing Cloud Compute Instances for Cloud Inventory Assets requires a Cortex XSIAM Pro per GB license.
Note
Viewing Unassociated Responsive IPs, Domains, and Certificates data for Attack Surface Management requires the Attack Surface Management add-on.
The All Assets page enables you to view all your assets from various asset categories. Each asset is available in Cortex XSIAM in different ways depending on the asset category and Cortex XSIAM license as explained in the following table.
Asset Category | Availability in Cortex XSIAM | License Required |
|---|---|---|
On-Prem | Automatically available | Any license |
Cloud Compute Instance | Requires configuring either a Cloud Inventory data collector or Agents that are installed on the Cloud Compute Instances. | Any license |
Unassociated Responsive IPs | Automatically available | Attack Surface Management add-on |
Domain | Automatically available | Attack Surface Management add-on |
Certificate | Automatically available | Attack Surface Management add-on |
To view the All Assets page, select → .
By default, the All Assets page displays all assets according to the asset name. To search for specific assets, use the filters above the results table to narrow the results. You can export the tables and respective asset views to a tab-separated values (TSV) file. From the All Assets page, you can also manage the asset's output using the right-click pivot menu.
The All Assets table is comprised of a number of common fields that are available when viewing any of the Specific Assets pages. The TYPE field is only available in the All Assets table as this field determines the Specific Assets categories, and can be used to filter the different types of assets from the entire list of assets.
When any row in the table is selected, a side panel on the right with greater details is displayed, where you can view additional data divided by sections. The section heading names and data displayed change depending on the source of the assets.
The following table describes the fields that are available when viewing All Assets in alphabetical order.
Note
Certain fields are exposed and hidden by default. An asterisk (*) is beside every field that is exposed by default.
Field | Description |
|---|---|
ACTIVE EXTERNAL SERVICES TYPES* | An array column that displays all the active Service types observed for this asset. |
ASM IDs | The ASM identifiers for this asset, indicate it is exposed to the Internet. |
BUSINESS UNITS* | A Business Unit is a designation to classify assets. tracks business units as a means to identify owning organizations of these assets. Business units become extremely important when an organization has subsidiaries and groups established through M&A activities. |
CLOUD PROVIDER* | The cloud provider used to collect these cloud assets is either GCP, AWS, or Azure. NoteThis field only displays with a Cortex XSIAM Pro TB license. |
CLOUD ID* | Displays the Resource ID as provided by the cloud provider. NoteThis field only displays with a Cortex XSIAM Pro TB license. |
EXTERNALLY DETECTED PROVIDERS* | The provider of the asset is determined by an external assessment. |
FIRST OBSERVED* | When the asset was first observed via any of the sources. |
HAS ACTIVE EXTERNAL SERVICES* | A boolean value that displays whether the asset has any active external services. Use this filter to narrow down the asset inventory to internet-facing assets, and get a clear view of the organization's attack surface. |
HAS XDR AGENT* | Boolean value indicating if this asset has a Cortex XSIAM agent installed on it. |
IP ADDRESSES* | Array column specifying a list of IPs associated with this asset. |
IP RANGE NAMES* | Names of the IP address ranges allocated to the IP addresses. |
LAST OBSERVED* | When the asset was last observed via any of the sources. |
MAC ADDRESSES* | MAC addresses associated with this asset. |
NAME* | Displays the name that describes the asset as provided by the source, if provided. |
OPERATING SYSTEM* | The operating system reported by the source for this asset. |
REGION* | Displays the region as provided by the Cloud provider. NoteThis field only displays with a Cortex XSIAM Pro TB license. |
SOURCES* | An array column that displays all the sources that provided observations for this asset. |
TYPE* | Type of asset, which can be defined as one of the following. NoteThe options available are dependent on your Cortex XSIAM license.
This field is unique to the All Assets table. |
XDR AGENT ID | If there is an endpoint installed on this asset, this is the endpoint ID. |