Viewing Assets Details

Role Availability Read-Only Investigator Analyst Manager

To view the details of an asset

  1. Go to Environment > Assets.
  2. Next to the name of the asset whose details you want to review, click the icon .
  3. Select Full Details.

    Details of an asset

Click the icon to bookmark an item for quick access.

Note: You can view your bookmarked items by going to the secondary menu and clicking the icon. This will display all of your bookmarked items and provide direct links to each of them.

In the upper left side of the page is the name and IP address of the asset, along with additional attributes that describe the particular asset An IP-addressable host, including but not limited to network devices, virtual servers, and physical servers.. One of these fields is the Create event if asset stops sending data. Use this field to configure the amount of time after which you want USM Anywhere to generate events if the asset has not received messages. See Events Created When an Asset Stops Sending Data for more information.

On the right is the status summary for your asset. It displays the total number of alarms Alarms provide notification of an event or sequence of events that require attention or investigation., events Any traffic or data exchange detected by LevelBlue products through a sensor or external devices such as a firewall., vulnerabilities, and configuration issues An identified configuration of deployed software or features of software that is in use, which is known to be insecure.. The circle can be orange (for alarms and configuration issues), blue for events, and red for vulnerabilities. The number inside each circle indicates the number of alarms, events, vulnerabilities, and configuration issues related to the asset. You can click each circle to view the full list of issues represented by that number.

Important: The alarms and events counts are not updated in real time but instead are calculated every hour. If the counts are not updated, it can happen because new events or alarms are in your environment after the last count.

The vulnerabilities and configuration issues counts are updated after every scan.

Below the status summary, you can see this information:

In the lower side of the page, there is a table area with tabs, some of them correspond to the circles. Each tab contains a table with records, if present, for your asset.

The following table lists the tabs you see on the page.

Asset Details View Tabs Description
Tab Name Description
Asset Groups Asset groups Asset groups are administratively created objects that group similar assets for specific purposes. on which the asset is included.
Software

Software that is installed on the asset.

Note: You need to run an authenticated asset scan to have a complete list of installed software.

Services

Services that are available on the asset.

Note: You need to run an authenticated asset scan to have a complete list of available services.

BlueApps BlueApps enabled for the asset.
Alarms Alarms related to the asset. There is a bubble graph that provides a graphical representation of alarms by intent. The blue circles indicate the number of times that an alarm in an intent occurred. A bigger circle indicates a higher number of alarms. You can hover over each of the circles to get the actual number of alarms per intent. In addition, clicking a blue circle displays a list of only the alarms corresponding to that circle. You can change the displayed period of time by clicking the Last 24 Hours filter.
Events Events related to the asset. Click an event to see its details.
Vulnerabilities

Vulnerabilities related to the asset. You can filter the active or inactive vulnerabilities by clicking the specific radio button. Click a vulnerability A known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security. to see its details.

Note: Multiple rows may display for the same vulnerability if it has been reported by more than one source. This may result in a discrepancy between the numbers displayed on the Vulnerabilities tab at the bottom and in the Vulnerabilities counter at the upper right of this page.

Configuration Issues Information about operational processes. You can filter the active or inactive configuration issues by clicking the specific radio button. Click a configuration issue to see its details.
Scan History List of the asset scans already run. It includes a time-stamp of the scan, the scan type, the status, and the details of each scan. You can also click the Scan Details link here to download a file containing the details of the most recent authenticated asset scan here for up to a week after the scan was run.
File Integrity This tab is available if the LevelBlue Agent has been deployed in the asset. It displays stats about File Integrity Monitoring Events. You can configure a time slot on which the events were received. These slots can be last hour, 24 hours, 7 days, 30 days, or 90 days. See File Integrity Monitoring for more information.
Agent

This tab is available if the LevelBlue Agent has been deployed in the asset. It displays information about the agent. You can see the status of the agent (connected or not) and the current version. You can configure a time slot on which the events were received. These slots can be last hour, 24 hours, 7 days, 30 days, or 90 days. You can also see the query history. See The LevelBlue Agent for more information. Users whose role is Manager, can also change the configuration profile. See LevelBlue Agent Configuration Profiles for more information.

In the upper right corner of the page is the Actions button. Use this button to perform the following actions In USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured BlueApp. on the asset. Your access to these actions may vary based on your user role. See Role-Based Access Control (RBAC) in USM Anywhere for more information: