> For the complete documentation index, see [llms.txt](https://docs.vectra.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.vectra.ai/operations/analyst-guidance/asset-inventory-getting-started-private-preview.md).

# Asset Inventory getting started (private preview)

{% hint style="info" %}
**Please Note:**

Asset Inventory is currently in private preview and is only available for RUX deployments. If you are interested in participating in the private preview, please contact your Vectra account team.

Following the private preview will be a public preview and then General Availability (GA).

Vectra plans to support QUX deployments later this year.

**New Left Navigation**

Asset Inventory private preview enables a new left navigation layout in the UI. Please refer to [Navigation updates in the Vectra UI](/configuration/navigation-updates-rux.md) for more details.
{% endhint %}

## Overview <a href="#overview" id="overview"></a>

Vectra Asset Inventory helps security teams continuously discover and monitor assets communicating across the environment using network-observed telemetry. Unlike traditional inventory systems that rely on agents, scans, or manually maintained CMDBs, Asset Inventory provides visibility into what is actually active on the network.

### Why It Matters <a href="#why-it-matters" id="why-it-matters"></a>

Attackers often target systems that fall outside traditional security tooling visibility. Asset Inventory fills this visibility gap by helping security teams identify unmanaged devices, assets without EDR coverage, newly discovered systems, and infrastructure operating outside standard governance processes.

For SOC teams, this improves investigation speed, operational awareness, and prioritization.

For CISOs, it provides measurable insight into security coverage gaps and unmanaged risk exposure.

<figure><img src="/files/LHi0dR3SqyKIePX9OhNj" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
**Please Note:**

To ensure good coverage for Asset inventory and maximize value with this feature, we recommend reviewing [Asset Inventory coverage best practices](/configuration/coverage/asset-inventory-coverage-best-practices.md).
{% endhint %}

## Quick Start: What to Review First <a href="#quick-start-what-to-review-first" id="quick-start-what-to-review-first"></a>

Start by reviewing areas that commonly reveal unmanaged risk and visibility gaps across enterprise environments.

#### Assets Without EDR Coverage <a href="#assets-without-edr-coverage" id="assets-without-edr-coverage"></a>

Review systems operating without endpoint visibility, especially production servers, externally reachable systems, and unmanaged infrastructure.

#### Newly Added Assets <a href="#newly-added-assets" id="newly-added-assets"></a>

Identify recently observed systems that may represent Shadow IT, temporary infrastructure, or assets introduced outside standard onboarding processes.

#### Unusual or Unexpected Device Types <a href="#unusual-or-unexpected-device-types" id="unusual-or-unexpected-device-types"></a>

Review uncommon asset categories such as IoT, OT, or consumer devices that may introduce unmanaged access paths or segmentation concerns.

Continue to the Recommended Workflow section to investigate and prioritize assets.

***

## Recommended Workflow <a href="#recommended-workflow" id="recommended-workflow"></a>

{% stepper %}
{% step %}

### Review Asset Context

Use Filters to perform a quick asset search by Name, Asset Type, Operating System within Last Observed timestamp or click on “Add Filter” to create a custom search filter.

e.g Show all virtual machines in the environment that are running windows operating system.

<figure><img src="/files/7kdVdcIoWRwq7NwRltBm" alt=""><figcaption></figcaption></figure>

**Review Asset inventory dashboard to validate:**

* Asset type
* Role
* Operating system
* Last observed time
* Findings
* Managed status
* EDR status
  {% endstep %}

{% step %}

### Determine Criticality

1\) Click on the Assets Name to get more details

<figure><img src="/files/UMa8SNZSe06QsX2n3B07" alt=""><figcaption></figcaption></figure>

2\) Validate Ownership

3\) Review Asset details, Threat and Exposure identified.

<figure><img src="/files/3TU5GkLOUFDArz6vI23a" alt=""><figcaption></figcaption></figure>

Questions to ask:

* Is this a production system?
* Does it host sensitive data?
* Is it internet accessible?
* Is it business critical?
  {% endstep %}

{% step %}

### Remediate Gaps

Potential actions:

* Deploy EDR
* Segment the asset
* Retire unauthorized systems
* Escalate unmanaged infrastructure
* Mitigate identified Threat and Exposure.
  {% endstep %}
  {% endstepper %}

***

## Investigation Scenarios <a href="#investigation-scenarios" id="investigation-scenarios"></a>

### Find Systems Without EDR Coverage <a href="#id-1.-find-systems-without-edr-coverage" id="id-1.-find-systems-without-edr-coverage"></a>

Navigate to:\
\&#xNAN;*Exposure → Inventory → Assets without EDR Coverage*

Use this view to identify unmanaged or unmonitored systems such as production servers, virtual machines, and critical assets operating without endpoint visibility.

#### Example Investigation <a href="#example-investigation" id="example-investigation"></a>

**What We Found**\
A production application server operating without EDR coverage.

**Why It Mattered**

* Exposed RDP service
* Internet reachable
* No endpoint telemetry available

**Recommended Action**

* Isolate the host
* Escalate to infrastructure teams
* Deploy endpoint tooling

### Investigate Newly Discovered Devices <a href="#id-2.-investigate-newly-discovered-devices" id="id-2.-investigate-newly-discovered-devices"></a>

Navigate to:\
\&#xNAN;*Exposure → Inventory → Newly Added Assets*

Review newly observed assets to identify Shadow IT, rogue devices, temporary infrastructure, and unmanaged systems introduced outside standard onboarding processes.

#### Example Investigation <a href="#example-investigation.1" id="example-investigation.1"></a>

**What We Found**\
A new Linux-based application server appeared within the last 24 hours.

**Why It Mattered**

* No EDR coverage or CMDB record
* Unknown business ownership
* Communicating with production systems and external services

**Recommended Action**

* Validate ownership and business purpose
* Escalate to security and infrastructure teams
* Onboard the system into security controls

### 3. Review Asset Types and Categories for Outliers <a href="#id-3.-review-asset-types-and-categories-for-outliers" id="id-3.-review-asset-types-and-categories-for-outliers"></a>

Navigate to:\
\&#xNAN;*Exposure → Inventory → Asset Categories*

Use this view to identify unusual or unexpected devices such as IoT, OT, or consumer devices communicating on the enterprise network.

#### Example Investigation <a href="#example-investigation.2" id="example-investigation.2"></a>

**What We Found**\
An Amazon Fire Stick communicating on the corporate network.

**Why It Mattered**

* Unauthorized consumer device
* Weak network segmentation concerns
* Potential unmanaged access path

**Recommended Action**

* Review device connectivity details
* Validate with IT and facilities teams
* Remove or isolate unauthorized devices

## 💬 We Want Your Feedback <a href="#we-want-your-feedback" id="we-want-your-feedback"></a>

During the preview, we’d especially like feedback on:

* Asset classification accuracy
* Investigation workflows
* Dashboard usability
* Missing asset context
* False positives or unexpected behavior

Please reach out with any feedback to John Mancini <john@vectra.ai>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.vectra.ai/operations/analyst-guidance/asset-inventory-getting-started-private-preview.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.