Ctrlk

Asset Inventory getting started (private preview)

Getting Started with Asset Inventory: Understanding What's On Your Network - Private Preview

Please Note:

Asset Inventory is currently in private preview and is only available for RUX deployments. If you are interested in participating in the private preview, please contact your Vectra account team.

Following the private preview will be a public preview and then General Availability (GA).

Vectra plans to support QUX deployments later this year.

New Left Navigation

Asset Inventory private preview enables a new left navigation layout in the UI. Please refer to Navigation updates in the Vectra UI for more details.

Overview

Vectra Asset Inventory helps security teams continuously discover and monitor assets communicating across the environment using network-observed telemetry. Unlike traditional inventory systems that rely on agents, scans, or manually maintained CMDBs, Asset Inventory provides visibility into what is actually active on the network.

Why It Matters

Attackers often target systems that fall outside traditional security tooling visibility. Asset Inventory fills this visibility gap by helping security teams identify unmanaged devices, assets without EDR coverage, newly discovered systems, and infrastructure operating outside standard governance processes.

For SOC teams, this improves investigation speed, operational awareness, and prioritization.

For CISOs, it provides measurable insight into security coverage gaps and unmanaged risk exposure.

Please Note:

To ensure good coverage for Asset inventory and maximize value with this feature, we recommend reviewing Asset Inventory coverage best practices.

Quick Start: What to Review First

Start by reviewing areas that commonly reveal unmanaged risk and visibility gaps across enterprise environments.

Assets Without EDR Coverage

Review systems operating without endpoint visibility, especially production servers, externally reachable systems, and unmanaged infrastructure.

Newly Added Assets

Identify recently observed systems that may represent Shadow IT, temporary infrastructure, or assets introduced outside standard onboarding processes.

Unusual or Unexpected Device Types

Review uncommon asset categories such as IoT, OT, or consumer devices that may introduce unmanaged access paths or segmentation concerns.

Continue to the Recommended Workflow section to investigate and prioritize assets.

Recommended Workflow

1

Review Asset Context

Use Filters to perform a quick asset search by Name, Asset Type, Operating System within Last Observed timestamp or click on “Add Filter” to create a custom search filter.

e.g Show all virtual machines in the environment that are running windows operating system.

Review Asset inventory dashboard to validate:

  • Asset type

  • Role

  • Operating system

  • Last observed time

  • Findings

  • Managed status

  • EDR status

2

Determine Criticality

1) Click on the Assets Name to get more details

2) Validate Ownership

3) Review Asset details, Threat and Exposure identified.

Questions to ask:

  • Is this a production system?

  • Does it host sensitive data?

  • Is it internet accessible?

  • Is it business critical?

3

Remediate Gaps

Potential actions:

  • Deploy EDR

  • Segment the asset

  • Retire unauthorized systems

  • Escalate unmanaged infrastructure

  • Mitigate identified Threat and Exposure.

Investigation Scenarios

Find Systems Without EDR Coverage

Navigate to: &#xNAN;Exposure → Inventory → Assets without EDR Coverage

Use this view to identify unmanaged or unmonitored systems such as production servers, virtual machines, and critical assets operating without endpoint visibility.

Example Investigation

What We Found A production application server operating without EDR coverage.

Why It Mattered

  • Exposed RDP service

  • Internet reachable

  • No endpoint telemetry available

Recommended Action

  • Isolate the host

  • Escalate to infrastructure teams

  • Deploy endpoint tooling

Investigate Newly Discovered Devices

Navigate to: &#xNAN;Exposure → Inventory → Newly Added Assets

Review newly observed assets to identify Shadow IT, rogue devices, temporary infrastructure, and unmanaged systems introduced outside standard onboarding processes.

Example Investigation

What We Found A new Linux-based application server appeared within the last 24 hours.

Why It Mattered

  • No EDR coverage or CMDB record

  • Unknown business ownership

  • Communicating with production systems and external services

Recommended Action

  • Validate ownership and business purpose

  • Escalate to security and infrastructure teams

  • Onboard the system into security controls

3. Review Asset Types and Categories for Outliers

Navigate to: &#xNAN;Exposure → Inventory → Asset Categories

Use this view to identify unusual or unexpected devices such as IoT, OT, or consumer devices communicating on the enterprise network.

Example Investigation

What We Found An Amazon Fire Stick communicating on the corporate network.

Why It Mattered

  • Unauthorized consumer device

  • Weak network segmentation concerns

  • Potential unmanaged access path

Recommended Action

  • Review device connectivity details

  • Validate with IT and facilities teams

  • Remove or isolate unauthorized devices

💬 We Want Your Feedback

During the preview, we’d especially like feedback on:

  • Asset classification accuracy

  • Investigation workflows

  • Dashboard usability

  • Missing asset context

  • False positives or unexpected behavior

Please reach out with any feedback to John Mancini [email protected]

PreviousExposure Findings - best practices guideNextUpdates

Last updated

Was this helpful?