To view the details of an asset
- Go to Environment > Assets.
- Next to the asset name whose details you want to review,
click the icon .
- Select Full Details.
To the left of an item, click the star symbol to mark it as a bookmark for quick access. Clicking the icon on the secondary menu shows the bookmarked items and a link to them.
In the upper left side of the page, you see the name and IP address, along with other fields that describe the particular assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers..
On the right, you see the status summary for your asset. It displays the total number of alarmsAlarms provide notification of an event or sequence of events that require attention or investigation., eventsAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall., vulnerabilities, and configuration issuesAn identified configuration of software that is deployed, or features of software that is in use, which is known to be insecure.. The circle can display in orange (for alarms and configuration issues), blue for events, and red for vulnerabilities. The number inside each circle indicates the number of alarms, events, vulnerabilities, and configuration issues for the asset. You can click each circle to explore the information of each one.
Note: Configuration Issues are only available for AWSSuite of cloud computing services from Amazon that make up an on-demand computing platform. and AzureMicrosoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers. Sensors.
Important: The alarms and events counts are not updated in real time, they are calculated every hour. If the counts are not updated, it can happen because new events or alarms are in your environment after the last count.
Important: The vulnerabilities and configuration issues counts are updated after every scan.
Below the status summary, you can see this information:
- The connection status of the AlienVault Agent.
See The AlienVault Agent
- If the asset has an associated credential or not. You can assign the credential from here. See Managing Credentials in USM Anywhere for more information.
- If it exists, the date of the latest scan. You can schedule jobs from here. See Scheduling Asset Scans for more information.
In the lower side of the page, there is a table area with tabs, some of them correspond to the circles. Each tab contains a table with records, if present, for your asset.
|Asset Groups||Asset groupsAsset groups are administratively created objects that group similar assets for specific purposes. on which the asset is included.|
|Software||Software installed on the asset.|
|Services||Services available on the asset.|
|Plugins||PluginsPlugins specify how to collect and normalize raw information from devices to create events that can then be analyzed to determine threats and vulnerabilities. enabled for the asset.|
|Alarms||Alarms related to the asset.
|Events||Events related to the asset. Click an event to see its details.|
|Vulnerabilities||Vulnerabilities related to the asset. You can filter the active or inactive vulnerabilities by clicking the specific radio button. Click a vulnerabilityA known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security. to see its details.|
|Configuration Issues||Information about operational processes. You can filter the active or inactive configuration issues by clicking the specific radio button. Click a configuration issue to see its details.|
|Scan History||List of the asset scans already run. It includes a time-stamp of the scan, the scan type, the status, and the details of each scan.|
|File Integrity||This tab is available if the AlienVault Agent has been deployed in the asset. It displays stats about File Integrity Monitoring Events. You can configure a time slot on which the events were received. These slots can be last hour, 24 hours, 7 days, 30 days, or 90 days.
This tab is available if the AlienVault Agent has been deployed in the asset. It displays information about the agent. You can see the status of the agent (connected or not) and the current version. You can configure a time slot on which the events were received. These slots can be last hour, 24 hours, 7 days, 30 days, or 90 days. You can also see the query history.
In the upper right side of the page is the Actions button. Use this button to perform actionsIn USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. on the asset. These consist of:
- Configure Asset: See Editing the Assets for more details.
- Delete Asset: See Deleting the Assets for more details.
- Add to Asset Group: See Creating an Asset Group for more details.
- Agent Query: See The AlienVault Agent Queries for more details. This option is available for users whose role is Analyst or Manager.
- Asset Scan: This option displays or not depending on the sensorSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. associated with the asset. See Running Asset Scans for more details.
- Authenticated ScanAuthenticated scans are performed from inside the machine using a user account with appropriate privileges.: See Running Authenticated Asset Scans for more details.
- Assign credentials: See Managing Credentials in USM Anywhere for more details.
- Schedule Scan Job: See Scheduling Asset Scans for more details.