Login
    Contents x
    Asset Profile Page - Complex Fields
    • 24 Apr 2023
    • 6 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Asset Profile Page - Complex Fields

    • Updated on 24 Apr 2023
    • 6 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    The Tables section shows fields that can be presented in a table view, these are also known as complex fields.
    You can see all of the complex fields in the Tables section.
    The complex fields which are displayed depend on the data fetched by your system. A set of predefined fields are displayed.

    ComplexFieldsN

    Click on a complex field to display its table. If a complex field is brought only from a specific adapter connection, it is not displayed by default. You can add new complex fields to this left pane, even if they are fetched by one specific adapter.

    Displaying Complex Fields

    Fields which are made up of a number of different parameters are displayed in blue in the All Fields table. Click on any of those fields to display them as a table under Tables.

    Comlex1

    Each Complex Field is displayed as a table. The column on the right hand side displays the Adapter Connections column which lets you identify the source for each row. Each table consist of the following elements, in addition to the data displayed:

    ComplexTablesa

    • Search bar - free text search on the table results

    • Adapter Connections - Filter the display by specific adapter connections

    • Total - the total number of displayed results is displayed on the top left side of the table

    • Reset - Clear all search and filters of the display

    • Export CSV - Export the table to a CSV file.

    • Navigation and pagination - by default, 20 results are displayed in each of the tables page. You can change the number of results per page and choose between 20, 50 or 100, by clicking the appropriate icon on the bottom left side of the table.
      Using the pagination bar on the bottom right side of the table to move between the pages of the table.

    Managing the Complex Fields

    You can manage the list of complex fields that are displayed in order to only see fields that interest you.

    Any complex field can be shown as a table (including fields that were fetched from a specific adapter connection). Click on a field shown in blue in the main table to display this as a table, and display its link in Tables in the side panel. Any asset that belongs to that complex field will then be displayed on the table. You can choose Pin to list to save the complex field table to your display.

    PintoList

    Once you pin a complex field, this display is saved for you. Next time you open the system, these fields will be displayed. Note pinned fields are only displayed if they contain data for the asset that you selected. If you do not want to see that complex field any more, click unpin to remove the field from the display. Default Complex Field tables are also part of the display. You can also unpin these tables if you are not interested in seeing them.

    Note:

    Pinning and unpinning Complex Field tables only affects assets for your user account, and not for other people using the system.
    Pinned and unpinned Complex Fields affect all of the assets on your system, not only this specific asset.

    Unpinfrom

    Exporting Complex Field Tables

    You can export Complex Field Tables to a CSV file.
    To export the results displayed, select Export CSV. A CSV file is created and downloaded to your system.
    The CSV file is named according to the table, with the current date in UTC.

    Complex Fields Available

    This page details some of the complex fields that are displayed on the Asset Profile page. The complex fields which are displayed depend on the data fetched by your system. In addition you can select a complex field in the Asset Profile table and click on it to display it in the list of complex fields. Refer to Managing the Complex Fields for information.

    The following tables may be displayed, depending on the collected data.

    Associated Devices

    The Associated Devices table lists the devices associated with that user.
    Each this includes the Device Name, Device Serial, Device Status, the Device Unique ID and the Device Labels.
    Click on a device to open it on the Devices page.

    AssociatedDEvices

    Agent Versions

    The Agent Versions table lists the agents installed on the device.
    Each agent details includes its name, its version and its status.
    AgentVersionsN

    Connected Hardware

    The Connected Hardware table lists registry logged connected hardware.

    ConnectedHardware

    Firewall Rules

    The Firewall Rules table lists firewall rules that define allowed or denied traffic to and from virtual machines.
    FirewallRules

    Each rule consists of the following information:

    • Name and Source - for example, AWS security group or GCP firewall rule.
    • Allow / Deny - action is either allow or deny access.
    • Direction - incoming (INGRESS) or outgoing (EGRESS) traffic, not both.
    • Target – target subnet. Firewall rule applies to any IP address is displayed as “0.0.0.0/0” for IPv4 and as “::/0” for IPv6.
    • Protocol – internet protocol for which the rule applies. If protocol value is ‘Any’, the firewall rule applies for all protocols.
    • From Port, to Port – range of ports for which the rule applies. If ports values are not specified, the firewall rule applies for all ports.



    For example:

    • ‘Rule 1’ allows outgoing traffic to any IP address using any protocol.
    • ‘Rule 2’ denies incoming traffic from a specific subnet (108.162.192.0/18) using TCP port 443.
    NameSourceAllow/DenyDirectionTargetProtocolFrom PortTo Port
    Rule 1AWS Instance Security GroupAllowEGRESS0.0.0.0/0Any
    Rule 2AWS Instance Security GroupDenyINGRESS108.162.192.0/18TCP443443

    Hard Drives

    The Hard Drives table lists hard drives installed on the device, including their file system, total and free sizes.

    Installed Software

    The Installed Software table lists installed software on the device, including its version and vendor.

    InstalledSoftware

    Local Admins

    The Local Admins table lists admin users identities logged on to this device.

    Network Interfaces

    The Network Interfaces table lists network interfaces collected by the different adapters, including MAC addresses, IP addresses and subnet addresses.

    NetworkInterfaces

    Open Ports

    The Open Ports table lists ports open to the world, including the access protocol and the service name.

    Note:
    The table is displayed only if collected from 'Enrich Device Data with Shodan' or from the following adapters: Amazon Web Services (AWS) with Shodan, Censys, Forescout CounterACT, CyCognito CyCAST Platform, Nmap Security Scanner, Qualys Cloud Platform.

    OpenPortsN

    OS Installed Security Patches

    The OS Installed Security Patches table lists installed security patches on the device, for Windows devices.

    OSInstalledSEcPAtches

    OS Available Security Patches

    The OS Available Security Patches table lists available security patches on the device, for Windows devices.

    Qualys Vulnerabilities

    The Qualys Vulnerabilities table lists vulnerabilities fetched from Qualys Cloud Platform adapter connections.

    Rapid7 Vulnerabilities

    The Rapid7 Vulnerabilities table lists vulnerabilities fetched from Rapid7 Nexpose and InsightVM adapter connections.

    Running Processes

    The Running Processes table lists running processes collected from the device.

    Services

    The Services table lists running and stopped services collected from the device.

    Shares

    The Shares table lists shared folders on the device, including the name, description and the path

    Users

    The Users table lists user identities logged on to this device, including SID, username, last use time and indications whether the user is local and/or active user.

    Users

    Vulnerable Software

    The Vulnerable Software table lists vulnerable software and vulnerability details, including:

    • CVE ID - link to the CVE details in the NIST National Vulnerability Database (NVD).
    • Software Name and Software Vendor - If the CVE is applicable for multiple software, these field are populated as "Multiple Software" and "Multiple Vendors".
    • Common Vulnerability Scoring System (CVSS) - with a v2.0 or v3.0 rating as was fetched from source.
    • CVE severity - LOW/MEDIUM/HIGH/CRITICAL value which is based on the CVSS rating.
    • CVE description, synopsis and reference
    • CVE Vector information

    VulnerableSW

    CISA Known Exploited Vulnerabilities

    The CISA Known Exploited Vulnerabilities table displays additional details from the CISA catalog of existing CVEs of vulnerabilities detected in your software.

    The details include:

    • CVE ID - link to the CVE details in the NIST National Vulnerability Database (NVD).
    • Vendor and Product - The vendor name and product name. If the CVE is applicable for multiple software, these fields are populated as "Multiple Software" and "Multiple Vendors".
    • Action - Describes recommended action to mitigate the vulnerability.

    CISAKnowUpdated


    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout