To view the details of an asset
- Go to Environment > Assets.
- Next to the asset name whose details you want to review,
click the icon .
- Select Full Details.
Click the icon to bookmark an item for quick access. Clicking the icon on the secondary menu shows the bookmarked items and provides links to them.
In the upper left side of the page, you see the name and IP address, along with other fields that describe the particular assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers.. One of these fields is the Create event if asset stops sending data. Use this field to configure a period of time. USM Anywhere starts generating events when the asset has not received messages within the configured period of time. See Created Events when an Asset Stops Sending Data for more information.
On the right, you see the status summary for your asset. It displays the total number of alarmsAlarms provide notification of an event or sequence of events that require attention or investigation., eventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall., vulnerabilities, and configuration issuesAn identified configuration of software that is deployed, or features of software that is in use, which is known to be insecure.. The circle can display in orange (for alarms and configuration issues), blue for events, and red for vulnerabilities. The number inside each circle indicates the number of alarms, events, vulnerabilities, and configuration issues for the asset. You can click each circle to explore the information of each one.
Note: Configuration Issues are only available for AWSSuite of cloud computing services from Amazon that make up an on-demand computing platform. and AzureMicrosoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers. Sensors.
Important: The alarms and events counts are not updated in real time, they are calculated every hour. If the counts are not updated, it can happen because new events or alarms are in your environment after the last count.
Important: The vulnerabilities and configuration issues counts are updated after every scan.
Below the status summary, you can see this information:
- Agent Status. If there is a deployed agent, it displays the connection status of the AlienVault Agent. You can deploy an agent from here.
See The AlienVault Agent
- Credentials. If the credential has been associated to the asset, it displays its name. You can assign and create the credential from here. See Managing Credentials in USM Anywhere for more information.
- Last Scanned. If it exists, the date of the latest scan. You can schedule jobs from here. See Scheduling Asset Scans for more information.
In the lower side of the page, there is a table area with tabs, some of them correspond to the circles. Each tab contains a table with records, if present, for your asset.
|Asset Groups||Asset groupsAsset groups are administratively created objects that group similar assets for specific purposes. on which the asset is included.|
|Software||Software installed on the asset.|
|Services||Services available on the asset.|
|Plugins||PluginsPlugins specify how to collect and normalize raw information from devices to create events that can then be analyzed to determine threats and vulnerabilities. enabled for the asset.|
|Alarms||Alarms related to the asset.
|Events||Events related to the asset. Click an event to see its details.|
|Vulnerabilities||Vulnerabilities related to the asset. You can filter the active or inactive vulnerabilities by clicking the specific radio button. Click a vulnerabilityA known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security. to see its details.|
|Configuration Issues||Information about operational processes. You can filter the active or inactive configuration issues by clicking the specific radio button. Click a configuration issue to see its details.|
|Scan History||List of the asset scans already run. It includes a time-stamp of the scan, the scan type, the status, and the details of each scan. You can also click the Scan Details link here to download a file containing the details of the most recent authenticated asset scan here for up to a week after the scan was run.|
|File Integrity||This tab is available if the AlienVault Agent has been deployed in the asset. It displays stats about File Integrity Monitoring Events. You can configure a time slot on which the events were received. These slots can be last hour, 24 hours, 7 days, 30 days, or 90 days.
This tab is available if the AlienVault Agent has been deployed in the asset. It displays information about the agent. You can see the status of the agent (connected or not) and the current version. You can configure a time slot on which the events were received. These slots can be last hour, 24 hours, 7 days, 30 days, or 90 days. You can also see the query history.
In the upper right side of the page is the Actions button. Use this button to perform actionsIn USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. on the asset. These consist of:
- Configure Asset: See Editing the Assets for more details.
- Delete Asset: See Deleting the Assets for more details.
- Add to Asset Group: See Creating an Asset Group for more details.
- Agent Query: See The AlienVault Agent Queries for more details. This option is available for users whose role is Analyst or Manager.
- Asset Scan: This option displays or not depending on the sensorSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. associated with the asset. See Running Asset Scans for more details.
- Authenticated ScanAuthenticated scans are performed from inside the machine using a user account with appropriate privileges.: See Running Authenticated Asset Scans for more details.
- Assign credentials: See Managing Credentials in USM Anywhere for more details.
- Schedule Scan Job: See Scheduling Asset Scans for more details.