sevco.io

Asset Details Overview

Suggest Edits

Overview

In addition to the information found on the Live Inventory page, you can also view additional information about specific assets on their Details page.

Asset Details pages can be accessed by identifying the asset you would like to view in the Asset List on the Live Inventory page, opening its dropdown, and selecting the See Details link.

Navigating to an Asset's details page


Data Aggregation

The left panel of the Details page displays information that has been aggregated from all of its associated Integrations.

Notice how this Device has three Internal IPs listed. If we look at data collected from Illumio, Automax and MalwareBytes we will find that they have identified 10.20.199.156 as the Device's Internal IP.

Switching between Integrations and highlighting matching Internal IP addresses


However, when we look at Lansweeper we will also see a second Internal IP, 10.41.212.101 listed. Both of these are included in the left panel.

Viewing Lansweeper, which has an additional Internal IP address, and showing that it is also listed in the left panel


Source Telemetry

As we stated earlier, the right panel of the Details page allows you to review information about assets by Integration. Users can select a Source Integration at the top of the page to view the most recent information it has collected about an asset.

Additionally, the right panel also allows you to view any telemetry events associated with that asset by Integration. This feature functions very similarly to the Event History section of the Telemetry page.

Navigating between Integrations to view associated Telemetry events


Asset History

ℹ️

Asset History functionality is only available for Devices at this point in time.


The Asset Details page has an additional Asset History feature for Devices. This feature allows users to compare the current attribute values of a device against values captured in past telemetry events.

Example of Device Snapshot


Telemetry events can be captured as frequently as every minute. As such, it may take several clicks to get to the event you are interested in viewing.

Select the bar on the timeline that corresponds with the day of the event you would like to review. Next, the hour followed by the exact minute it took place.

GIF highlighting timeline


Once the event has been selected, its timeline bar will turn yellow and a timestamp will appear in the header. Past data that differs from current data will also be displayed in yellow.

Take the image below for example, where we can see that the Internal IP reported on 12/01/2022 09:14 AM differs from the Internal IP currently associated with the device.

Highlighting Differences in IP and report date


Once you have finished viewing a snapshot, you can reset the timeline by selecting the Reset to current device button.

Select Reset button


Software

Integrations that have been configured to collect Software assets will have an additional Software tab. Select this tab to view a complete list of software associated with a Device.

Selecting Software tab


Click here to learn more about Software assets.


Vulnerabilities

Integrations that track vulnerabilities will have an additional Vulnerabilities (Vulns) tab. Select this tab to view a complete list of vulnerabilities for a Device.

Selecting Vulns tab


Click here to learn more about Software assets.


Correlation Viewer

The Correlation Viewer is a graphical representation of how the Asset Correlation Engine (ACE) built the relationships between source records to identify the unified asset. Users can use this tool to better understand why Device assets are correlated. It may also be used to identify potential correlation issues for Sevco to resolve. Select the Correlation tab at the top of the page to access this feature.


Each node corresponds with one of your Source asset records along with when it was Last Observed () by Sevco, as well as its Last Activity () timestamp according to the Source.


Select a node to view what other Source asset records it correlates to. Each line represents a correlation (relationship) between two Source asset records.


Hover over a line to view the correlating attributes between asset records that identified them as being the same asset.


Line thickness represents the level of confidence in a correlation. Thicker lines indicate a higher confidence level while thinner lines indicate a lower confidence level.

  • A higher number of attribute correlations increases confidence
  • Attribute type also impacts confidence levels. For example, a MAC Address correlation generally increases confidence more than a Hostname


Click and drag a node to change its position. The Correlation graph is responsive and will adjust other nodes accordingly.

Updated 4 months ago