To view the details of an asset
- Navigate to ENVIRONMENT > ASSETS.
Click the blue chevron icon () located next to the asset name whose details you want to review.
- Select Full Details.
Click the star symbol to the left of an item to mark it as a bookmark for quick access. Clicking the Star icon () on the secondary menu shows the bookmarked items and a link to them.
On the upper left side of the page, you see the name and IP address, along with other fields that describe the particular assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers..
On the right, you see the status summary for your asset. It displays the total number of alarmsAlarms provide notification of an event or sequence of events that require attention or investigation., eventsAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall., vulnerabilities, and configuration issuesAn identified configuration of software deployed, or features of software in use, which is known to be insecure.. The circle can display in orange (for alarms and configuration issues), blue for events, and red for vulnerabilities. The number inside each circle indicates the number of alarms, events, vulnerabilities, and configuration issues for the asset. You can click on each circle to explore the information of each one.
Note: Configuration Issues are only available for AWSSuite of cloud computing services from Amazon that make up an on-demand computing platform. and AzureMicrosoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers. Sensors.
Important: The alarms and events counts are not updated in real time, they are calculated every hour. If the counts are not updated, it can happen because new events or alarms are in your environment after the last count.
Important: The vulnerabilities and configuration issues counts are updated after every scan.
Below the status summary, you can see
- the connection status of the AlienVault Agent.
See The AlienVault Agent
- if the asset has an associated credential or not. You can assign the credential from here. See Managing Credentials in USM Anywhere
- if it exists, the date of the latest scan. You can schedule job(s) from here. See Scheduling Asset Scans
At the bottom, there is a table area with tabs, some of them correspond to the circles. Each tab contains a table with records, if present, for your asset.
|Asset Groups||Asset groupsAsset groups are administratively created objects that group similar assets for specific purposes. on which the asset is included|
|Software||Software installed on the asset|
|Services||Services available on the asset|
|Plugins||PluginsPlugins specify how to collect and normalize raw information from devices to create events that can then be analyzed to determine threats and vulnerabilities. enabled for the asset|
|Alarms||Alarms related to the asset.
|Events||Events related to the asset. Click on an event to see its details|
|Vulnerabilities||Vulnerabilities related to the asset. You can filter the active or inactive vulnerabilities by clicking the specific radio button. Click on a vulnerabilityA known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security. to see its details|
|Configuration Issues||Information about operational processes. You can filter the active or inactive configuration issues by clicking the specific radio button. Click on a configuration issue to see its details|
|Scan History||List of the asset scans already run. It includes a time-stamp of the scan, the scan type, the status, and the details of each scan|
|File Integrity||This tab is available if the AlienVault Agent has been deployed in the asset. It displays stats about File Integrity Monitoring Events. You can configure a time slot on which the events were received. These slots can be last hour, 24 hours, 7 days, 30 days, or 90 days.
This tab is available if the AlienVault Agent has been deployed in the asset. It displays information about the agent. You can see the status of the agent (connected or not) and the current version. You can configure a time slot on which the events were received. These slots can be last hour, 24 hours, 7 days, 30 days, or 90 days. You can also see the query history.
On the upper right side of the page is the Actions button. Use this button to perform actionsIn USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. on the asset. These consist of
- Configure Asset, see Editing the Assets for further details.
- Delete Asset, see Deleting the Assets for further details.
- Add to Asset Group, see Creating an Asset Group for further details.
- Agent Query, see The AlienVault Agent Queries for further details. This option is available for users whose role is Analyst or Manager.
- Asset Scan. This option displays or not depending on the sensorSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. associated with the asset. See Running Asset Scans for further details.
- Authenticated ScanAuthenticated scans are performed from inside the machine using a user account with appropriate privileges., see Running Authenticated Asset Scans for further details.
- Assign credentials, see Managing Credentials in USM Anywhere for further details.
- Schedule Scan Job, see Scheduling Asset Scans for further details.