- 24 Apr 2023
- 6 Minutes to read
- Print
- DarkLight
- PDF
Asset Profile Page - Complex Fields
- Updated on 24 Apr 2023
- 6 Minutes to read
- Print
- DarkLight
- PDF
The Tables section shows fields that can be presented in a table view, these are also known as complex fields.
You can see all of the complex fields in the Tables section.
The complex fields which are displayed depend on the data fetched by your system. A set of predefined fields are displayed.
Click on a complex field to display its table. If a complex field is brought only from a specific adapter connection, it is not displayed by default. You can add new complex fields to this left pane, even if they are fetched by one specific adapter.
Displaying Complex Fields
Fields which are made up of a number of different parameters are displayed in blue in the All Fields table. Click on any of those fields to display them as a table under Tables.
Each Complex Field is displayed as a table. The column on the right hand side displays the Adapter Connections column which lets you identify the source for each row. Each table consist of the following elements, in addition to the data displayed:
Search bar - free text search on the table results
Adapter Connections - Filter the display by specific adapter connections
Total - the total number of displayed results is displayed on the top left side of the table
Reset - Clear all search and filters of the display
Export CSV - Export the table to a CSV file.
Navigation and pagination - by default, 20 results are displayed in each of the tables page. You can change the number of results per page and choose between 20, 50 or 100, by clicking the appropriate icon on the bottom left side of the table.
Using the pagination bar on the bottom right side of the table to move between the pages of the table.
Managing the Complex Fields
You can manage the list of complex fields that are displayed in order to only see fields that interest you.
Any complex field can be shown as a table (including fields that were fetched from a specific adapter connection). Click on a field shown in blue in the main table to display this as a table, and display its link in Tables in the side panel. Any asset that belongs to that complex field will then be displayed on the table. You can choose Pin to list to save the complex field table to your display.
Once you pin a complex field, this display is saved for you. Next time you open the system, these fields will be displayed. Note pinned fields are only displayed if they contain data for the asset that you selected. If you do not want to see that complex field any more, click unpin to remove the field from the display. Default Complex Field tables are also part of the display. You can also unpin these tables if you are not interested in seeing them. Pinning and unpinning Complex Field tables only affects assets for your user account, and not for other people using the system.
Pinned and unpinned Complex Fields affect all of the assets on your system, not only this specific asset.
Exporting Complex Field Tables
You can export Complex Field Tables to a CSV file.
To export the results displayed, select Export CSV. A CSV file is created and downloaded to your system.
The CSV file is named according to the table, with the current date in UTC.
Complex Fields Available
This page details some of the complex fields that are displayed on the Asset Profile page. The complex fields which are displayed depend on the data fetched by your system. In addition you can select a complex field in the Asset Profile table and click on it to display it in the list of complex fields. Refer to Managing the Complex Fields for information.
The following tables may be displayed, depending on the collected data.
Associated Devices
The Associated Devices table lists the devices associated with that user.
Each this includes the Device Name, Device Serial, Device Status, the Device Unique ID and the Device Labels.
Click on a device to open it on the Devices page.
Agent Versions
The Agent Versions table lists the agents installed on the device.
Each agent details includes its name, its version and its status.
Connected Hardware
The Connected Hardware table lists registry logged connected hardware.
Firewall Rules
The Firewall Rules table lists firewall rules that define allowed or denied traffic to and from virtual machines.
Each rule consists of the following information:
- Name and Source - for example, AWS security group or GCP firewall rule.
- Allow / Deny - action is either allow or deny access.
- Direction - incoming (INGRESS) or outgoing (EGRESS) traffic, not both.
- Target – target subnet. Firewall rule applies to any IP address is displayed as “0.0.0.0/0” for IPv4 and as “::/0” for IPv6.
- Protocol – internet protocol for which the rule applies. If protocol value is ‘Any’, the firewall rule applies for all protocols.
- From Port, to Port – range of ports for which the rule applies. If ports values are not specified, the firewall rule applies for all ports.
For example:
- ‘Rule 1’ allows outgoing traffic to any IP address using any protocol.
- ‘Rule 2’ denies incoming traffic from a specific subnet (108.162.192.0/18) using TCP port 443.
Name | Source | Allow/Deny | Direction | Target | Protocol | From Port | To Port |
---|---|---|---|---|---|---|---|
Rule 1 | AWS Instance Security Group | Allow | EGRESS | 0.0.0.0/0 | Any | ||
Rule 2 | AWS Instance Security Group | Deny | INGRESS | 108.162.192.0/18 | TCP | 443 | 443 |
Hard Drives
The Hard Drives table lists hard drives installed on the device, including their file system, total and free sizes.
Installed Software
The Installed Software table lists installed software on the device, including its version and vendor.
Local Admins
The Local Admins table lists admin users identities logged on to this device.
Network Interfaces
The Network Interfaces table lists network interfaces collected by the different adapters, including MAC addresses, IP addresses and subnet addresses.
Open Ports
The Open Ports table lists ports open to the world, including the access protocol and the service name.
OS Installed Security Patches
The OS Installed Security Patches table lists installed security patches on the device, for Windows devices.
OS Available Security Patches
The OS Available Security Patches table lists available security patches on the device, for Windows devices.
Qualys Vulnerabilities
The Qualys Vulnerabilities table lists vulnerabilities fetched from Qualys Cloud Platform adapter connections.
Rapid7 Vulnerabilities
The Rapid7 Vulnerabilities table lists vulnerabilities fetched from Rapid7 Nexpose and InsightVM adapter connections.
Running Processes
The Running Processes table lists running processes collected from the device.
Services
The Services table lists running and stopped services collected from the device.
Shares
The Shares table lists shared folders on the device, including the name, description and the path
Users
The Users table lists user identities logged on to this device, including SID, username, last use time and indications whether the user is local and/or active user.
Vulnerable Software
The Vulnerable Software table lists vulnerable software and vulnerability details, including:
- CVE ID - link to the CVE details in the NIST National Vulnerability Database (NVD).
- Software Name and Software Vendor - If the CVE is applicable for multiple software, these field are populated as "Multiple Software" and "Multiple Vendors".
- Common Vulnerability Scoring System (CVSS) - with a v2.0 or v3.0 rating as was fetched from source.
- CVE severity - LOW/MEDIUM/HIGH/CRITICAL value which is based on the CVSS rating.
- CVE description, synopsis and reference
- CVE Vector information
CISA Known Exploited Vulnerabilities
The CISA Known Exploited Vulnerabilities table displays additional details from the CISA catalog of existing CVEs of vulnerabilities detected in your software.
The details include:
- CVE ID - link to the CVE details in the NIST National Vulnerability Database (NVD).
- Vendor and Product - The vendor name and product name. If the CVE is applicable for multiple software, these fields are populated as "Multiple Software" and "Multiple Vendors".
- Action - Describes recommended action to mitigate the vulnerability.