Using the Unified Asset Inventory page - Administrator Guide - Cortex XSIAM - Cortex

Using the Unified Asset Inventory page - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product

Cortex XSIAM

Creation date

2024-02-26

Last date published

2024-04-25

Filtering assets

Click the filter icon to narrow results and search for specific assets.

By default the filter is set to Source: XSIAM, to filter based on the attributes in the aggregated asset.

To search based on data received from a specific source within an aggregated asset, filter by the specific data source. For example, select the source Cortex XDR Agent to filter based on the asset data provided by the XSIAM agent.

In all cases, a list of aggregated assets that match the filter is displayed.

The following is a list of the fields displayed on the Unified Asset Inventory page. The assets shown and their data depend on your licensing and add-ons.

Field	Description
Data sources	Data sources that are attributed to an asset.
Name	Displays the name that describes the asset.
Cloud provider	The cloud provider that hosts cloud assets, such as GCP, AWS, or Azure.
Category	Asset types given by each cloud vendor are normalized into this field.
Class	Grouping of assets according to industry standards. For example, Compute, Network, and Storage.
Cloud ID	Displays the Resource ID as provided by the cloud provider.
Cloud GEO region	The normalized value indicates the geographic region, such as North America or the Middle East.
Cloud region	The normalized value of the region.
Cloud zone	Identifies the normalized zones within which cloud resources are deployed.
Cloud project	Displays the project name associated with the respective Cloud provider: AWS: Account GCP: Project Microsoft Azure: Subscription
Cloud project ID	Displays the associated project ID as provided by the Cloud provider.
Cloud project hierarchy	Organizational structure of cloud projects. Shows the hierarchy of ownership with the cloud vendor.
Operating system family	The operating system of the asset. For example, for Windows 10 and Windows Server 2019, Windows will be listed as the operating system family.
Operating system	The operating system of the device.
Source tags	The collection of tags that are associated with the asset in each source e.g. cloud tags.
Activity status	Activity status can be live unseen or deleted.
Agent identifier	The ID of the endpoint protection agent installed on the asset.
Agent exists	If there is an endpoint protection agent.
Is externally accessible	Specifies whether the asset is accessible externally.
Vulnerability score	Based on CVEs with the highest severity.
CVEs	The CVEs as reported by data sources.
IPV4 addresses	IPV4 addresses belonging to the asset.
MAC addresses	MAC Addresses belonging to the asset.
IPV4 public addresses	IPV4 public addresses belonging to the asset.
IPV6 addresses	IPV6 addresses belonging to the asset.
Has active external services	Indicates whether a system or network has active services accessible from external networks.
Active external service types	Specifies the types or categories of services running and accessible from external networks.
First seen	Timestamp of when the asset was first seen by the source that reported it.
Last seen	Timestamp of when the asset was last seen by the source that reported it.
Certificate details formatted issuer org	The issuing organization of the certificate.
Certificate algorithm	Specifies the cryptographic algorithm used for generating digital signatures within the certificate.
Certificate classifications	Certificate classifications categorize digital certificates based on their attributes.
Domain resolves	Whether or not a domain name successfully resolves to an IP address.
Device category	The classification or type of device within a network infrastructure.
Device model	The specific model or version of a device within a network infrastructure.