Docy

Device Intelligence Asset Inventory

Device Intelligence Asset Inventory

Navigate to the Inventory tab to see the assets captured in Device Intelligence. You can see the assets in device, events and activities view.

Note

Capturing operational technology (OT) activities is a controlled General Availability feature. Contact your Netskope sales representative/support to enable this feature for your tenant.

Search and Filter the Inventory

On top of the screen, you can find a search bar that filters the device results. You can filter the results in advance and basic filter options:

  • Advanced filters – allow you to make a query in the database using different parameters. For example, os = "android" query will show results of devices with android operating systems in the network.
    Advance_Filters.png
  • Basic filters – you see a list of parameters that you can use to filter the device results on the page. You can select the parameters from the list. For example, selecting the operating system as android will filter results of assets which are using the android operating system. You can select multiple parameters to filter the results at once.
    Basic_Filters.png
Points to remember
  • Click the search button to filter the results using the parameters.
  • Click the help icon on the right side of the screen and it shows you some basic formats to use the advanced filter.
  • You can clear the search filter using the cross button on the right of the search bar.
  • Click on the star icon to save the modified search and later you can see the saved searched in the by pressing the list icon at start of the search bar.
Device View
  • You can see a chart with distinct devices in your environment and hovering on it will show the number of devices of that type.
  • The following table shows the device details like host name, interface connection, operating system, type, risk of device, etc.
  • You can click on the device to see the detailed device summary.
  • Click on the Report button above the table to generate a report of the devices in excel or CSV format.
  • You can select one or more devices in the table to apply or disable device tags using the Apply Tag button above the table. You can only apply the existing tags. To create new tags, navigate to the Manage > Tags menu.
  • Click on the Suggest Reclassification button to generate a reclassification request.
You can customize the table in the Device View. You can do following:
  • Adjust width of the table columns.
  • Reset the width of the table columns to default by clicking Settings icon > Reset Width option.
  • Customize the columns in the table. You can chose to display and hide the columns in the table by navigating to Settings icon > Customize Columns option.
Event View
Events_View.png
  • You can see the number of devices with risk at the top right chart.
  • You can see the host name, type, tags assigned, and managed or unmanaged information.
  • Click details link to see the device summary.
  • You can see the risk score calculated by Netskope proprietary risk engine, which categorizes packet alerts, device software vulnerabilities and device behavior anomalies into threat vectors.
  • It shows if the device is Wi-Fi, wired, or undefined interface connected.
  • You can see the operating system and site assigned information. It shows if the device is user or automatically controlled.
  • The list of issues with every device is listed in front of the device name. Click on a specific issue for more information of the issue.
    Events_view___Issue_info.png

When an event such as a Packet Alert incident type occurs, the Event Details page provides rich data regarding the event such as Direction, Payload, 5-Tuple information, etc. It also provides device context regarding Source and Destination devices. Payload decode button in the Event Details page will decode the payload from base64 encoded form to plain user understandable text.

Click on the details link of any asset from the device summary screen, you will see detailed information about the device. The screen shows a pie chart of the device and the drill down details of the device on the left side. On the page you can see the device context, compliance, interfaces connected to the asset, risk assessment, alert and anomaly occurrences to raise a risk with the time of occurrence for the last 30 days to investigate the issue. You can also see the transfer of information in bytes received and bytes sent charts for the last 10 days.

4__Investiagte_Risks_-__Device_more_info.png
4__Investiagte_Risks_-__Device_info_2.png
References
Share this Doc
In this topic ...