Device Intelligence Asset Inventory

Navigate to the Inventory tab to see the assets captured in Device Intelligence. You can see the assets segregated in three different tabs:

• Device View – display devices in Device Intelligence environment with the intellectual information like address, type, tags, users, etc.

• Events View – display devices and events of those devices with vulnerabilities, packet alerts, anomalies, etc.

• Activities View – display OT activities seen in the network like cold restart, write variable, etc. Refer OT Device Discovery article to learn more about it.

  Discover Operational Technology (OT) in Device Intelligence is a controlled General Availability feature. Contact your Netskope sales representative/support to enable this feature for your tenant.

You can customize the table in the Device View. You can do following:

• Adjust width of the table columns.
• Reset the width of the table columns to default by clicking Settings icon > Reset Width option.
• Customize the columns in the table. You can chose to display and hide the columns in the table by navigating to Settings icon > Customize Columns option.

Device Details

Click on the zoom-in icon beside the asset hostname > Details link from the device summary screen. You will see detailed information about the device on a new screen.

1. Hostname of the device

2. Type of the device

3. Management of the device, i.e. managed or unmanaged

4. Tags assigned to the device

5. Operating system of the device

6. Control of the device

7. Site of the device

8. Pie chart of the device with different issues and the risk score.

9. Device behavior – the chart quantifies the behavior of the device using  seven  features  and compares it to the baseline values. These baseline values are calculated for each device-type by looking at all devices of that type across IoT Security. The visualization will help customers benchmark the device’s behavior w.r.t. the generic behavior of the corresponding device type. Additionally, deviations are indicated with a red marker at the end of the corresponding arm of the spider chart. For the current release the features are as given below. These are computed by averaging observed values for a window of one minute.

   • Average number of connections from the device 

   • Count of the average number of packets sent to the server

   • Count of the average number of packets sent to the client

   • Total number of bytes sent

   • Total number of bytes received

   • Number of unique destination IP addresses connected to the device

   • Number of unique destination ports connected to the device

10. Device Context – list of parameters with device intellectual information.

    

11. Compliance of the device – it lists all service compliances configured in compliance settings page. The table shows the status as compliant, stale and non-complaint for every device.

12. Device interface information. If a device is connected by more than one interface, you will see the information in different tabs.

13. Risk Assessment of issues captured by the device, with the severity, incident type and number of occurrences of this issue.

    

14. Topology of Operational Technology devices detected in the environment. The topology will appear only when you have OT devices and you have enabled this Controlled-GA feature on your tenant.

15. Flow of traffic from source to destination within these OT devices.

    

16. Alert generated at specific time stamp. You can click on the alert to see the event log.

17. Graph of information received in bytes per day for the last 10 days.

18. Graph of information sent in bytes per day for the last 10 days.

When an event such as a Packet Alert incident type occurs, the Event Details page provides rich data regarding the event such as Direction, Payload, 5-Tuple information, etc. It also provides device context regarding Source and Destination devices. Payload decode button in the Event Details page will decode the payload from base64 encoded form to plain user understandable text.