All Assets - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-04-18
Category
Administrator Guide
Abstract

Cortex XSIAM enables you to view all external assets from the various asset categories on the All Assets page.

Note

Ingesting and Viewing Cloud Compute Instances for Cloud Inventory Assets requires a Cortex XSIAM Pro per GB license.

Note

Viewing Unassociated Responsive IPs, Domains, and Certificates data for Attack Surface Management requires the Attack Surface Management add-on.

The All Assets page enables you to view all your assets from various asset categories. Each asset is available in Cortex XSIAM in different ways depending on the asset category and Cortex XSIAM license as explained in the following table.

Asset Category

Availability in Cortex XSIAM

License Required

On-Prem

Automatically available

Any license

Cloud Compute Instance

Requires configuring either a Cloud Inventory data collector or Agents that are installed on the Cloud Compute Instances.

Any license

Unassociated Responsive IPs

Automatically available

Attack Surface Management add-on

Domain

Automatically available

Attack Surface Management add-on

Certificate

Automatically available

Attack Surface Management add-on

To view the All Assets page, select AssetsAsset Inventory.

By default, the All Assets page displays all assets according to the asset name. To search for specific assets, use the filters above the results table to narrow the results. You can export the tables and respective asset views to a tab-separated values (TSV) file. From the All Assets page, you can also manage the asset's output using the right-click pivot menu.

The All Assets table is comprised of a number of common fields that are available when viewing any of the Specific Assets pages. The TYPE field is only available in the All Assets table as this field determines the Specific Assets categories, and can be used to filter the different types of assets from the entire list of assets.

When any row in the table is selected, a side panel on the right with greater details is displayed, where you can view additional data divided by sections. The section heading names and data displayed change depending on the source of the assets.

The following table describes the fields that are available when viewing All Assets in alphabetical order.

Note

Certain fields are exposed and hidden by default. An asterisk (*) is beside every field that is exposed by default.

Field

Description

ACTIVE EXTERNAL SERVICES TYPES*

An array column that displays all the active Service types observed for this asset.

ASM IDs

The ASM identifiers for this asset, indicate it is exposed to the Internet.

BUSINESS UNITS*

A Business Unit is a designation to classify assets. tracks business units as a means to identify owning organizations of these assets. Business units become extremely important when an organization has subsidiaries and groups established through M&A activities.

CLOUD PROVIDER*

The cloud provider used to collect these cloud assets is either GCP, AWS, or Azure.

Note

This field only displays with a Cortex XSIAM Pro TB license.

CLOUD ID*

Displays the Resource ID as provided by the cloud provider.

Note

This field only displays with a Cortex XSIAM Pro TB license.

EXTERNALLY DETECTED PROVIDERS*

The provider of the asset is determined by an external assessment.

FIRST OBSERVED*

When the asset was first observed via any of the sources.

HAS ACTIVE EXTERNAL SERVICES*

A boolean value that displays whether the asset has any active external services. Use this filter to narrow down the asset inventory to internet-facing assets, and get a clear view of the organization's attack surface.

HAS XDR AGENT*

Boolean value indicating if this asset has a Cortex XSIAM agent installed on it.

IP ADDRESSES*

Array column specifying a list of IPs associated with this asset.

IP RANGE NAMES*

Names of the IP address ranges allocated to the IP addresses.

LAST OBSERVED*

When the asset was last observed via any of the sources.

MAC ADDRESSES*

MAC addresses associated with this asset.

NAME*

Displays the name that describes the asset as provided by the source, if provided.

OPERATING SYSTEM*

The operating system reported by the source for this asset.

REGION*

Displays the region as provided by the Cloud provider.

Note

This field only displays with a Cortex XSIAM Pro TB license.

SOURCES*

An array column that displays all the sources that provided observations for this asset.

TYPE*

Type of asset, which can be defined as one of the following.

Note

The options available are dependent on your Cortex XSIAM license.

  • Cloud Compute Instance

  • On-Prem

  • Certificate

  • Domain

  • Unassociated Responsive IPs

This field is unique to the All Assets table.

XDR AGENT ID

If there is an endpoint installed on this asset, this is the endpoint ID.