Docs
User Guide
Inventory

Inventory

The Inventory serves as the central hub for discovering, managing, and organizing all the devices and resources within your industrial environment. By leveraging automated discovery, the Inventory keeps an up-to-date record of all connected devices, providing valuable insights into your operational technology (OT) ecosystem.

With a streamlined table view and powerful filtering capabilities, the Inventory makes it easy to locate, analyze, and act on specific resources based on their attributes and status.

Resources

The Resources Table View is designed to present detailed information about all discovered resources in an intuitive and user-friendly format.

  • Columns for Resource Attributes: Displays essential data such as device name, IP address, MAC address, status, vendor, type and when the resource was seen last time.

  • Sortable Columns: Click on any column header to sort the data by that attribute (e.g., ascending or descending by IP address).

Resource Details

The Resource Detail View provides in-depth insights into individual resources, allowing users to monitor their status, security posture, and associated risks. By clicking on any device in the Inventory, you are presented with a comprehensive overview of its metadata, configurations, and security-related information, all in one place.

Metadata

The metadata section includes essential information about the device, such as:

  • Device Name: The assigned name of the device, which can be customized for easier identification.
  • IP Address: The current network IP address assigned to the device.
  • MAC Address: The unique hardware identifier for network communication.
  • Firmware Version: The version of the firmware currently running on the device.
  • Serial Number: The manufacturer-assigned serial number of the device.

This section provides key details that help you understand the identity and network context of the device.

Security Information

The security section is divided into four key areas, each providing a different aspect of the device’s security posture:

Timeline

The Timeline displays a chronological list of events related to the device, including configuration changes, device visibility changes. This provides a historical context for understanding the evolution of the device’s state.

Findings

The Findings section highlights any misconfigurations or non-compliant settings detected on the device. This includes incorrect or suboptimal configurations that may expose the device to security risks.

  • Rationale: Each control includes a brief explanation on why the finding is a security issue.
  • Remediations: For each finding, you’ll receive specific recommendations on how to remediate the issue.

You’ll also be able to mute a specific finding, in case it’s a false positive or an accepted risk. However, you’ll need to provide a reason for the mute that will be registered together with the time and person that muted the finding.

Vulnerabilities

This section lists the vulnerabilities found on the device, including known CVEs (Common Vulnerabilities and Exposures) that may be exploitable if left unpatched.

  • Vulnerability Details: Each vulnerability entry includes a CVE ID, severity level, and a brief description of the issue.
  • Risk Rating: Vulnerabilities are assigned a severity rating to help prioritize remediation.

Alerts

The Alerts section displays any active or past alerts related to the device. These security incidents include:

  • Abnormal behaviour that could indicate a breach, like internet traffic on devices that shouldn’t connect to the internet.
  • And also misconfigurations that may be leveraged by an attacker, like devices using default credentials.

Network Map

The Network Map provides a visual representation of your organization’s network, displaying how different devices are interconnected and grouped across various networks. This feature enables users to understand the topology of their infrastructure and identify the relationships between devices at a glance.

The Network Map offers interactive functionality to allow for deeper analysis:

  • Click to View Resource Details: Clicking on a device will open the Resource Detail View, where you can inspect its full metadata, security posture, and any associated alerts or vulnerabilities.
  • Zoom and Pan: Easily zoom in and out or pan the map to view the entire network or specific sections in more detail.

Activity

The Activity section provides a comprehensive timeline of all changes across your resources, giving you a complete history of key events and updates within your infrastructure. This feature allows users to track both configuration changes and the visibility of resources over time, making it an essential tool for auditing and security monitoring.

What Activity is Logged?

The timeline tracks various types of activities, providing visibility into both the state of your devices and changes made to their configurations:

  • Configuration Changes: Any modification made to the settings or configurations of your devices is logged in the activity timeline. This includes changes in device settings, firmware updates, security configurations, network configurations, and more. Keeping track of these changes is crucial for identifying potential misconfigurations or inconsistencies that could impact security or compliance.

  • Resource Visibility: Changes in the visibility of resources, such as when a device is added to or removed from your OT environment, are also recorded. This feature ensures that you can monitor when devices are introduced to your network or decommissioned, giving you a clear picture of your evolving infrastructure.

Navigating the Timeline

  • Event Details: Clicking on any event in the timeline provides more detailed information about the changes, the specific details of the action, and any related resources affected. Additionally, you will see a list of all resources that share the same change, providing a clear view of the broader impact across your environment.

How Often Does the Inventory Refreshes?

The inventory performs a full refresh every 8 hours, although new devices are added to the resources list as soon as they are detected in the network.

During a full refresh:

  • The agent scans the network looking for new devices and checking for changes on known devices. Inventory is refreshed with this updated information.
  • Compliance controls are re-evaluated and reports are regenerated, which also refreshes the insights tab in the device’s details view.
  • Vulnerability databases are checked to fill the vulnerability information in the device’s details view.

Between refreshes, any new device detected in the network will be added to the devices list. However, the findings and vulnerabilities tabs won’t be populated until the next full refresh. In the same way, the device won’t appear on the Risks and Vulnerability Management sections of the app until the next full refresh.

You can force a manual full refresh from the “Refresh Resources” button in the Settings view.

Trigger a refresh manually

When hitting the “Refresh Resources” button in top right menu, the following occurs in the selected facility:

  • The agent scans the network looking for new devices and checking for changes on known devices. Inventory is refreshed with this updated information.
  • Compliance controls are re-evaluated and reports are regenerated.
  • Vulnerability databases are checked to fill the vulnerability information in the updated inventory.
OverviewRisks