Assets table

The Assets table displays information about assets found by Arctic Wolf Agent, Internal Vulnerability Assessment (IVA) scanners, and External Vulnerability Assessment (EVA) scanners.

The table has these tabs:

Devices tab

In the Assets table, on the Devices tab, you can view all of your internal assets.

The table has these columns:
Note: Some fields are empty because of how the scan was configured.
  • Asset Criticality — The criticality of the asset. This is how important this asset is to the day-to-day operations at your company. The higher the criticality the bigger the business disruption in the event of an incident. Options include: Unassigned, None, Low, Medium, High, and Critical.

    For more information, see Edit asset criticality.

  • Asset State — The state of an asset on the network that Arctic Wolf is receiving a signal from and that has a timestamp within the last 120 days. The timestamp is the last time that the asset was observed by Arctic Wolf. Options include:
    • Active — Assets that have enough information for you to identify them in your environment.
    • Inactive — The behavior is different depending on the Source:
      • Agent — The Asset State automatically changes to Inactive when:
        • Arctic Wolf Agent is uninstalled from an asset that only had Agent as a Source.
        • The asset is deleted, and then the asset is removed from the Unified Portal after 120 days after the Last Seen date.

      • Other Source — The Asset State automatically changes to Inactive when the asset is deleted, and then the asset is automatically removed from the Unified Portal 120 days after the Last Seen date.​

    • Low Signal — Assets that have a timestamp, but do not have not enough information for you to identify them in your environment. For example, assets that only include an ​IP Address​, ​MAC Address​, ​Hostname, or Device Name​.
      Note: If you add context to a ​Low Signal ​asset, for example, by adding a ​Tags​ or ​Asset Criticality, the asset will no longer be considered ​Low Signal​.
  • Device Name — The name of the asset as it appears on the device or in the Unified Portal. Click the device name to view the asset profile.

    For more information, see View an asset profile.

    Note:
    • The Device Name defaults to the value found by the scan source, but you can edit the value in the Risk Dashboard.

      For more information, see Edit a device name

    • If the Device Name is <empty> and the Asset State is Inactive, it indicates that the asset is not receiving a signal because the associated Agent was deactivated or deleted. Assets that have not received a signal for 120 days are removed from the Assets page.

      If you expect the Asset State of an Inactive asset to be Active, make sure the Agent is installed or that the IVA scanner is scanning the IP address of that asset. For more information, see Install Arctic Wolf Agent or Managed Risk Scanners.

  • Category — The category of the asset. This information helps you to identify the purpose of the asset. Some options include: Desktop, Laptop, or Printer.
    Note: If there is not enough information to classify an asset, the asset appears in the Unassigned category.
  • Hostname — The hostname of the asset.
  • IP Address — The IP address that is associated with the asset.
    Note: It is possible to have more than one asset with the same IP Address because of DHCP behavior. If this occurs, you can ignore or delete the duplicate asset.
  • Last Seen — The most recent date and time that Arctic Wolf received a signal about the asset. This could be a signal from an Agent or scanner, or a log entry from DHCP. When a scan successfully completes, this date and time will match or be similar to the Last Successful Scan.
    Note: This value is not the last time that the asset was online.
  • Last Successful Scan — The date and time of the last complete scan of this asset. This updates when either IVA or Agent scans the device.
  • MAC Address — The media access control (MAC) address of the asset.
  • NetBIOS — The NetBIOS Name Service (NBNS) of the asset, if available.
  • Operating System — The OS of the asset and, if available, the version. For example, Ubuntu 20.04.6 LTS, openbsd, or Microsoft Windows Server 2019 Essentials 10.0.177/63.
  • OS Type — The type of OS identified on the asset. Options include: Linux, macOS, Windows, or Unknown if a non-standard OS is identified.
  • Risk Score — The highest risk score of all active risks for the asset.
  • Risks — The total number of risks found by all scanners that were observing the asset. Click the number link to view the risks in the Risks table.
  • Sources — The source that discovered the asset. Possible sources include: Agent, IVA or DHCP.
    Note: DHCP source information for assets is only available to your organization if they subscribe to Managed Detection and Response (MDR) and Managed Risk and have DHCP source information enabled. To determine if you have it enabled, see View log sources. To enable DHCP source information for your assets, submit a ticket to your Concierge Security® Team (CST).
  • Tags — The tags that are associated with the asset. They can help group assets for risk remediation.

External IPs tab

In the Assets table, on the External IPs tab, you can view external assets found while scanning IP address and domain targets.

The table has these columns:
  • Asset Criticality — The criticality of the asset. This is how important this asset is to the day-to-day operations at your company. The higher the criticality the bigger the business disruption in the event of an incident. Options include: Unassigned, None, Low, Medium, High, and Critical.

    For more information, see Edit asset criticality.

  • Asset Name — The IP address of the asset. Click the link to view more information in the Asset Profile table.
  • Asset State — The state of an asset on the network that Arctic Wolf is receiving a signal from and that has a timestamp within the last 120 days. The timestamp is the last time that the asset was observed by Arctic Wolf. Options include:
    • Active — Assets that have enough information for you to identify them in your environment.
    • Inactive — The behavior is different depending on the Source:
      • Agent — The Asset State automatically changes to Inactive when:
        • Arctic Wolf Agent is uninstalled from an asset that only had Agent as a Source.
        • The asset is deleted, and then the asset is removed from the Unified Portal after 120 days after the Last Seen date.

      • Other Source — The Asset State automatically changes to Inactive when the asset is deleted, and then the asset is automatically removed from the Unified Portal 120 days after the Last Seen date.​

    • Low Signal — Assets that have a timestamp, but do not have not enough information for you to identify them in your environment. For example, assets that only include an ​IP Address​, ​MAC Address​, ​Hostname, or Device Name​.
      Note: If you add context to a ​Low Signal ​asset, for example, by adding a ​Tags​ or ​Asset Criticality, the asset will no longer be considered ​Low Signal​.
  • Category — The category of the asset. This information helps you to identify the purpose of the asset. Some options include: Desktop, Laptop, or Printer.
    Note: If there is not enough information to classify an asset, the asset appears in the Unassigned category.
  • Domains — The domains that the asset is associated with. For example, mail.arcticwolf.com.
  • IP Address — The IP address that is associated with the asset.
    Note: It is possible to have more than one asset with the same IP Address because of DHCP behavior. If this occurs, you can ignore or delete the duplicate asset.
  • Last Seen — The most recent date and time that Arctic Wolf received a signal about the asset. This could be a signal from an Agent or scanner, or a log entry from DHCP. When a scan successfully completes, this date and time will match or be similar to the Last Successful Scan.
    Note: This value is not the last time that the asset was online.
  • Open Ports — The number of open ports on the asset. Click the link to view more information about the opens ports in the Asset Profile table.
  • Risk Score — The highest risk score of all active risks for the asset.
  • Risks — The total number of risks found by all scanners that were observing the asset. Click the number link to view the risks in the Risks table.
  • Tags — The tags that are associated with the asset. They can help group assets for risk remediation.

Domains tab

In the Assets table, on the Domains tab, you can view all of the domains found while scanning. This includes domains that were explicitly configured and subdomains of explicitly configured domains.

The table has these columns:
  • Asset Criticality — The criticality of the asset. This is how important this asset is to the day-to-day operations at your company. The higher the criticality the bigger the business disruption in the event of an incident. Options include: Unassigned, None, Low, Medium, High, and Critical.

    For more information, see Edit asset criticality.

  • Asset Name — The IP address of the asset. Click the link to view more information in the Asset Profile table.
  • Asset State — The state of an asset on the network that Arctic Wolf is receiving a signal from and that has a timestamp within the last 120 days. The timestamp is the last time that the asset was observed by Arctic Wolf. Options include:
    • Active — Assets that have enough information for you to identify them in your environment.
    • Inactive — The behavior is different depending on the Source:
      • Agent — The Asset State automatically changes to Inactive when:
        • Arctic Wolf Agent is uninstalled from an asset that only had Agent as a Source.
        • The asset is deleted, and then the asset is removed from the Unified Portal after 120 days after the Last Seen date.

      • Other Source — The Asset State automatically changes to Inactive when the asset is deleted, and then the asset is automatically removed from the Unified Portal 120 days after the Last Seen date.​

    • Low Signal — Assets that have a timestamp, but do not have not enough information for you to identify them in your environment. For example, assets that only include an ​IP Address​, ​MAC Address​, ​Hostname, or Device Name​.
      Note: If you add context to a ​Low Signal ​asset, for example, by adding a ​Tags​ or ​Asset Criticality, the asset will no longer be considered ​Low Signal​.
  • Category — The category of the asset. This information helps you to identify the purpose of the asset. Some options include: Desktop, Laptop, or Printer.
    Note: If there is not enough information to classify an asset, the asset appears in the Unassigned category.
  • Domain — The domain that the asset is associated with. For example, mail.arcticwolf.com.
  • IP Address — The IP address that is associated with the asset.
    Note: It is possible to have more than one asset with the same IP Address because of DHCP behavior. If this occurs, you can ignore or delete the duplicate asset.
  • Last Seen — The most recent date and time that Arctic Wolf received a signal about the asset. This could be a signal from an Agent or scanner, or a log entry from DHCP. When a scan successfully completes, this date and time will match or be similar to the Last Successful Scan.
    Note: This value is not the last time that the asset was online.
  • Parent Domain — The parent domain associated with the asset. For example, arcticwolf.com.
  • Risk Score — The highest risk score of all active risks for the asset.
  • Risks — The total number of risks found by all scanners that were observing the asset. Click the number link to view the risks in the Risks table.
  • Tags — The tags that are associated with the asset. They can help group assets for risk remediation.