Viewing Asset Details in VMDR OT
On the Assets tab, you get a detailed consolidated view of your industrial assets. These devices in your industrial network are discovered and profiled by the Qualys Network Passive Sensor.
While this real-time asset inventory provides you with details related to asset metadata, it also helps you gauge the security posture of your industrial IT environment and mitigate the risk of potential cyber security threats by managing vulnerabilities well in advance.
In the upper left corner, you see the total count of the industrial assets in your network.
In the search bar, you can build QQL queries to narrow down the scope of your asset search by using the supported search tokens. For more information, see Search Tokens for VMDR OT.
Right below the asset count, you see the assets grouped into two major categories: Equipment Type and Vendor. The Qualys Network Passive Sensor supports all the prominent industry protocols. As soon as it starts sniffing and analyzing the network traffic data, it categorizes these assets and thus, you get your assets listed based on their equipment type (for example, Programmable Logic Controller, Human Machine Interface, I/O Module, OT and Distributed Control System, among others) and vendor (for example, Siemens, Rockwell Automation, Cisco Systems, WAGO, and Samsung, among others). After you click a category in this list, your selection gets translated into a QQL query in the search bar. The assets that belong to the selected category are displayed in the assets table.
Using the date and time range selector next to the search bar, you can select to view assets discovered within a specific time period.
The assets table contains the list of discovered assets along with the following details:
|
- Asset name - Hardware type of the asset - Vendor/Model number - When the asset activity was last detected on the network |
- Risk score of the asset - Vulnerabilities detected on the asset - Asset tags |
If you are interested in viewing granular details of an asset, click the asset name. The Asset Details page contains asset information divided into various sections. The following table contains details that you see on each tab in each section:
|
Section |
Tab |
Asset Information |
|
INVENTORY |
Summary |
Asset metadata such as asset name, ID, IP address, MAC address, equipment type, Purdue level, industry protocol based on which the Qualys Passive Sensor discovers the asset, device ID, location of the asset, vendor ID, Hardware cataloged, description, and activities like first passive scan details and last passive scan details etc. |
|
System Information |
Manufacturer details, MAC manufacturer, model number, serial number, operating system, firmware version, hardware version, order ID, product code, add-on details, protocol-specific information etc. |
|
|
NETWORK |
Network Information |
Interface details such as IPv4 address, IPv6 address, MAC address, MAC manufacturer, domain details, DNS server details, default gateway and protocols talking to devices on each interface. |
|
Network Map |
View the network mapping for the selected asset. |
|
|
Open Ports |
List of open ports and services running on those ports. |
|
|
Traffic Summary |
Traffic flow details for an asset. These may include a date-wise traffic volume summary for the client to server (CTS) and server to client (STC), traffic categorized by family and volume. |
|
|
SECURITY |
Vulnerabilities |
Summarized view for potential and confirmed vulnerabilities on the asset. |
|
SENSORS |
Passive Sensor |
Details of Qualys Passive Sensor that discovered the asset. |
|
Industrial OCA |
Details of Industrial OCA information regarding the asset. |
Below the search bar, your assets are grouped under four categories: devices with a high-risk score, devices on which vulnerabilities are detected, devices discovered by Qualys Network Passive Sensor within the past 24 hours, and devices on which no activity has been detected for the past seven days. Click each of these cards and get your assets listed by the selected category.
