Asset Management is a process of tracking assets in your organization, verifying that each asset is up-to-date with security or software patches, as well as ensuring that each asset in the organization is sufficiently protected and properly configured.
SIRP’s Assets Management module allows you to keep track of assets in your organization, consequently allowing you to identify the weak areas that you don’t know about.
With all the assets integrated into one module, SIRP allows keeping an active tab of assets on Incident Management, Threat Intelligence, and Vulnerability Management. SIRP fuses this aggregated information with the Asset severity to provide a score called SIRP Security Score (S3), which makes security data instantly actionable. This enables organizations to prioritize risks, make better decisions faster, and respond more effectively.
With SIRP’s Assets module, you can distribute your organizational assets into nine different categories:
Hardware | People | Paper Documents |
Software | Outsourced | Service |
Information | Infrastructure | Application |
The Assets module can be accessed by clicking on Assets in the Main Menu.
The page displays the list of all the assets currently added in SIRP along with the following options at the top:
Create Asset
To add a new asset, click on the Create Asset button. The page will show a form with several input fields. First, select the appropriate Asset Category from the dropdown. This will change the remaining input fields on the form and show the ones that are relevant to the selected category. Enter the details of the assets in the respective fields then click Create.
If you wish to define an additional field for a particular asset, click on the Add Field button in the top right corner. This will open a popup where you can enter the Name of the Field and click Add. The new field will appear at the end of the existing input fields. Enter the desired value in the newly added input field and click Create.
Note: It is not mandatory to fill information into all the displayed fields.
Here is the list of fields available for each category:
Category | Fields |
Hardware | Name, IP Address, External IP Address, Hostname, NetBIOS Name, DNS, Machine Category, Owner, Custodian, Operating System, Product, Vendor, IP Type, MAC Address, Make, Model, Serial Number, Location, Location Description, Branch Code, Classification, Description, Integrated with SIEM, Zone, Server Type, Power Status, System Type, Network Type, Rack Number, Department / Team, Slot Number, Status, Remote AP, Function, Memory, IDF Tag |
Software | Name, Owner, Custodian, Department / Team, Serial Number, Product, Vendor, Software Type, Current Version, Number of licenses, Classification, Description, Zone |
Information | Name, Owner, Department / Team, Document Type, Process Name, Process Owner, Identifier, Number of Instances, Location, Classification, Description, Zone |
People | Name, Employee Number, Department / Team, Department Head, Organizational Unit, Designation, Location, Nationality, Immediate Supervisor ID, Immediate Supervisor Name, Employee Type, Email, Account Expiration Date |
Outsourced | Service Name, Process Owner, Vendor, Vendor Detail, Classification, Department / Team, Description |
Infrastructure | Name, Location, Owner, Custodian, Department / Team, Location Description, Description |
Paper Document | Name, Owner, Custodian, Process Name, Process Owner, Identifier, Number of Instances, Current Version, Location, Location Description, Classification, Description, Zone, Department / Team, Document Type |
Service | Name, Description, Owner, Custodian, Department / Team, Product, Vendor, Location, Location Description, Classification, Integrated with SIEM, Zone, Machine Category, Server Type, IP Address, Hostname, NetBIOS Name, DNS, Operating System, Power Status, Make Model, Serial Number, System Type, Network Type |
Application | Name, Product, Vendor, Description, Version Number, Owner, Custodian, Current Version, Department / Team, Classification, Database, IT Administrator, Key User, App Type, Installation, Server |
Note: These fields can be enabled and disabled from the Administration section. You can choose the fields that you want to use and the ones that you don’t want to use.
The newly added asset will appear in the list of Assets.
Import Assets
Along with the possibility to add Assets manually, SIRP also provides an option to bulk import assets from an Excel sheet. To import the assets, go to the Main Menu, select Asset, and click on Import.
Main Menu > Asset > Import
The Asset import page contains a sample Excel format that you can download and fill up with your asset list. Once completed, click on the Choose File button under the “Import File” option, then browse the Asset inventory file that you created by using the given sample assets sheet.
Click Import.
SIRP will process the uploaded sheet and store all the assets in the database. The newly added assets will appear in the main Assets list.
Note: The Hostname and IP Address are mandatory fields in the template.
Asset Discovery
SIRP’s Asset module also has the option to discover the assets over the network. SIRP scans the network ranges and adds the machines that it finds to be up.
The Asset Discovery options work based on the rules. You can add Rules to define the network ranges that SIRP has to scan, along with the default properties that should be added with each of the discovered assets.
To access Asset Discovery, go to the Main Menu, select Asset, and click on Asset Discovery.
Main Menu > Asset > Asset Discovery
This page displays the list of Rules with an option to either View the details of a rule, Edit a rule, Execute a rule, or Delete a rule. You can adjust the columns of the list by clicking on the ellipsis icon and setting the fields as required.
You can add a new rule by clicking on the Add Rule button displayed at the top left of the page.
The form allows you to define the default properties of any assets discovered as a result of this particular rule. Enter the required information:
Enter the IP address range in one of the two formats:
192.168.0.0/24
192.168.0.1-192.168.0.1.255
Select the IP Type
Select the Asset Owner
Select the Location
Click Save to add the rule.
The newly added Rule will appear in the main list. The Rules are executed, and results are stored automatically. But if you wish to initiate a scan manually, click on the Play icon.
Clicking on the View icon will display the list of assets discovered as a result of the execution of a rule. From there, any of the identified assets can be either added to the main Assets list or discarded.
Network Blocks
SIRP allows you to divide assets into different categories called blocks. This defines the segmentation across the entire network.
The significance of this feature is that whenever a new Alert is ingested and one of the IP addresses found in the Alert exists in the defined Network blocks, that IP will lead to the auto-creation of an Asset as well as auto-tagging within the Alert.
To access Network Blocks, go to the Main Menu, click Assets then Network Blocks.
Main Menu > Assets > Network Blocks
Fill in the details such as Label, IP Address, Netmask, and Internal, and click Create
On-the-Go Asset Creation
Users can also add assets dynamically from various Containers without the need to navigate to the Asset module separately. You can use the Affected Asset tab within the view screen of containers (Incident Management/Threat Intelligence/Cases) to add a new Asset.
To add a new asset form a container:
Navigate to the detailed view of a Container (Incident Management/Threat Intelligence/Cases)
Locate and click on the Affected Asset tab at the bottom
You will find two options:
Create Asset: To add a new Asset in SIRP
Add Affected Asset: Choose an existing Asset to tag in this container
Another option to Add a new Asset is on the Incident Add/Edit form
When creating or editing Container records, a form (drawer) will appear. Within this form, locate the "Affected Assets" field then click on the + sign adjacent to the field.
You will get a form in a popup screen to add Asset details
Enter the Asset details and click Add
Asset Category and one of Hostname and IP address is mandatory