Assets

The assets dashboard displays an overview of the network assets currently tracked by Threat Defender.

If automatic asset tracking is enabled, Threat Defender automatically learns the MAC addresses of the devices in the network and creates individual assets for them in the database. If your network contains devices with multiple MAC addresses, Threat Defender creates an individual entry for each MAC address. You have to consolidate them manually.

To manually add a new asset to be tracked by Threat Defender, e.g. for devices that are located in subnets, click the ADD button above the overview panels (see Asset Settings).

Click CREATE REPORT if you wish to create a downloadable PDF report on the asset database. The report contains the entire assets table.

The overview panels show the total number of assets by category:

  • Current - the total number of assets currently stored in the database of Threat Defender.
  • Created - the number of assets created in the last day.
  • Updated - the number of assets updated in the last day.

The table displays the assets in the network. To manage multiple assets at once, mark their checkboxes in the first table column. You can then perform the following List Actions:

  • Operations: Add tags to the selected assets or remove tags from them. You can also merge several assets into one Primary Asset.
  • Delete: Delete the selected assets from the database.
  • Reset Last Seen: Delete the metadata currently stored in the Last Seen section of the selected assets.

Additionally, the overview table displays the following information:

Field Description
Created At The date and time the asset was created in Threat Defender.
Name The name of the asset.
User The user assigned to this asset.
Gateway The icon in this column indicates whether the asset is a gateway () or not (). For gateways, the IP addresses are not tracked.
Tags The tags assigned to the asset.
MAC Addresses The MAC addresses tracked for the asset.
IP Addresses The IP addresses tracked for the asset.
Last Seen The metadata collected for the asset when Threat Defender last saw it. Click to show additional information and to show less information.

The buttons in the last table column allow you to directly access the reporting section under Analytics for the outbound () and inbound () traffic of the asset. You can also view the details of the asset and edit or delete it.

As long as the automatic discovery of assets is enabled, deleted assets will continuously be relearned while they are connected to the network. To permanently delete an asset, you need to disable automatic asset tracking first.

Asset Details

To see further details on an asset, click in the overview table or double-click its row. The details page displays the available information on the asset in several tabs.

The buttons at the top of the page allow you to edit or delete the asset. Click CREATE FULL REPORT or CREATE SUMMARY REPORT if you wish to create a downloadable PDF report on the asset. The full report contains all information displayed in the details page, including the charts. The summary report contains only the data tables.

Asset

The Asset tab displays the configuration of the asset:

Field Description
Assigned User The user assigned to the asset.
Tags The tags assigned to the asset.
Gateway This field indicates whether the asset is a gateway () or not (). For gateways, the IP addresses are not tracked.
Note A short description of the asset, if available.
Created At The date and time the asset was created in Threat Defender.
Updated At The date and time the asset was last updated in Threat Defender.

Last Seen

The Last Seen tab displays all information collected on the asset when Threat Defender last saw it, i.e. when it was last active in the network.

Field Description
Seen The date and time when Threat Defender last saw the asset in the network.
Operating System The operating system running on the asset.
VLAN The VLAN the asset belongs to.
IPv4 Addresses The IPv4 addresses last used by the asset.
IPv6 Addresses The IPv6 addresses last used by the asset.
DHCP Request Name The DHCP request name.
DHCP Offer Name The DHCP offer name.
User The user who was last mapped to the asset.

Click RESET DATA to reset the tracking information Threat Defender gathered dynamically for this asset.

Addresses

The Addresses tab displays the IP and MAC addresses used by the asset:

Field Description
Created At The date and time the IP or MAC address was created in Threat Defender.
Updated At The date and time the IP or MAC address was last updated in Threat Defender.
IP Address The IP address tracked by Threat Defender.
MAC Address The MAC address tracked by Threat Defender.
Name The name of the IP or MAC address.

The buttons in the last column allow you to edit or delete the respective address.

Incidents

The Incidents tab displays an extract from the threat intelligence incident log that contains the incidents involving the asset:

Field Description
Created At The date and time the incident was created in Threat Defender.
Severity The severity logged for the incident.
Action The rule action logged for the incident. Actions are allow, reject and drop.
Rule The name of the rule that logged the incident.
Indicator The detected threat intelligence indicator.
Classification The applications and/or protocols involved in the event.
Assets The source and destination assets involved in the incident. Click an asset to directly access the relevant section in Analytics.
IP Addresses The source and destination IP addresses involved in the incident. Click an address to directly access the relevant section in Analytics.
Ports The source and destination ports involved in the incident.
Countries The source and destination countries of the flow involved in the incident. If a private IP range is used, the country is displayed as Unknown or invalid territory. Click a country to directly access the relevant section in Analytics.

Click the in the last table column to go to the log entry under Threats > Incident Logs.

Events

The Events tab displays log events involving the asset:

Field Description
Created At The date and time the event was created in Threat Defender.
State The state of the logged event, i.e. whether it was successful or failed.
Tag The tag assigns the event to a certain log.
Action The action logged for the asset.
Message A message describing the event.
Username The login name of the user involved in the event.
User IP Address The IP address of the user involved in the event.

Click the in the last table column to go to the log entry of the respective event.

Analytics

The Analytics tab shows charts that visualize the traffic information available for the asset. They are grouped in tabs by reporting period (last day, last week, last month).

Asset Settings

When you manually add a new asset to be tracked or edit an existing one, the settings screen is displayed with the following options:

Field Description
Name Enter the name of the asset.
Note Optional: Add a short description of the asset.
/ The slider switch indicates whether the asset is a gateway or not. For gateways, the IP addresses are not tracked.
User Optional: Assign a static user to the asset. You can only map one user per asset. Click into the field and select the user from the list. You can also type in the input field to narrow down the list to the users whose names contain the characters you are typing.
Tags Optional: Select the tags you want to assign to the asset or enter a new tag.
MAC Addresses Specify the MAC addresses assigned to the asset. Click into the field and select the addresses from the list. You can also type in the input field to narrow down the list to the addresses that contain the characters you are typing. Click next to an element to remove individual elements from the selection.
IP Addresses Specify the IP addresses to be assigned to the asset. Click into the field and select the addresses from the list. You can also type in the input field to narrow down the list to the addresses that contain the characters you are typing. Click next to an element to remove individual elements from the selection.
Last Seen The metadata collected for the asset when Threat Defender last saw it.

When you assign a MAC address to an asset, any asset already exisiting for this MAC address will be deleted.

The buttons at the bottom of the screen allow you to store your changes (SAVE) or to discard them (CANCEL).

Any changes of the asset settings will only be applied to future logging data. Any existing data sets in the database remain unchanged.

results matching ""

    No results matching ""