Assets

An asset refers to any resource within an organization's network that requires protection. The Assets tab provides visibility on the Users and Devices assets protected by Infinity XDRClosed Extended Detection & Response/XPRClosed Extended Prevention & Response. It serves as a starting point for investigating incidents, allowing you to examine individual users and devices and then pivot to related incidents for detailed analysis.

For each asset, information is collected and displayed in one of the following categories:

  • Asset operational configuration (such as Asset Name, Operating System and Version)

  • IncidentClosed Correlation of one or more insights into a security incident potentially impacting your environment. It can be based on insights generated from one or more products. Priority and Related Incidents

    In Infinity XDR/XPR, all incidents have a defined priority and can be associated with one or more assets. The incident priority of an asset is derived from the incidents it is associated with, according to the following criteria:

    • Incidents that are not in Closed state and not marked as Prevented are considered to determine the Incident Priority. These are the incidents that require action by the user.

    • Some incidents that impact a large number of assets are excluded from determining the Incident Priority. Such incidents are considered as Filtered.

    The Incident Priority is set to the highest priority of the incidents that meet the above criteria. For example, if there are one or more associated incident(s) with Critical priority, then the Incident Priority of the asset is set to Critical.

    In addition, the Related Incidents shows the total number of incidents related to the asset. The tool tip for the count shows the number of associated incidents in each priority category. If applicable, it also shows the number of the filtered incidents and the total number of incidents, as shown in the example below.

  • Related Assets

    There are interrelations between users and devices. For example, users access a network through one or more device. These relationships are displayed in the Related Devices / Usernames field.

  • Activity Time

    When the system receives any data on an asset, it updates the Last Activity time for that asset. When you select a time filter for asset display, filtering is done based on the Last Activity time of the assets.

    For example, if an asset has not communicated in the last week, it will not be displayed when the time filter is selected as Last Week. However, it will be displayed when the filter covers a period which is longer than a week.