Key indicators on Assets page

For Managed assets

Use the key indicators (key columns) on the Assets page to manage assets securely and effectively, find and fix vulnerabilities on the assets, and troubleshoot common agent-related issues.

CPU and RAM

These columns list the average CPU and RAM used by the agent on the asset for the last 1 hour. 

Click the asset entry to see the resource usage trend for the last 1 hour or 24 last hours in the fly panel. 

State and Last Connected

The State column displays the connectivity status of the asset with the Xshield instance from which the asset is managed.

• Reachable - the asset is reachable to the Xshield instance as of the last heartbeat received from the asset.

• Unreachable - the Xshield instance is not reachable to the asset for the last 15 seconds.

• Suspended - the asset cannot connect to the Xshield instance for 20 successive attempts (Five minutes). The entries of Suspended assets are greyed out.

The Last Connected column displays the timestamp for when the asset was last connected to Xshield.

Policy

This column displays if Xshield policies were tampered with on the asset. Policy tampering is an effort to locally modify the Xshield policy rules in the Windows Firewall on Windows assets and the iptables on assets of other supported OSes.

• No Policy - currently, Xshield policies are not enforced on the asset, or the asset is in the Observe mode.

• Not Tampered - Xshield policies have not been tampered with on the asset

• Tampered - Xshield policies tampered on the asset. However, the asset was unreachable to Xshield before the policies could be updated on the asset.

• Tampered/Restored - Xshield policies tampered on the asset. Xshield auto-reverted the policies to the enforced version or enforced the latest policies (if policies were updated on Xshield after the policies were tampered with on the asset).

Policy Status

This column displays One of the following values - Enforced - Inbound and/or Outbound (Xshield policies are enforced on the asset), Observed (policies are applied to the asset, but not enforced on the asset), and None (policies are not applied to the asset)

Vulnerabilities and CVSS Score

These columns display the total number of CVE vulnerabilities found on the asset. Currently, these columns are active only for Windows assets.

Go to the Vulnerabilities tab in the fly panel of a Windows asset to see the CVE vulnerabilities listed by their CVE IDs, highest CVSS score of the vulnerabilities, software packages that led to the vulnerability, and other associated details as fetched from vFeed's Vulnerability Intel service.

For Monitored assets

Use the following key indicators (key columns) on the Assets page to monitor third-party cloud assets effectively.

State and Last Connected

The State column displays the connectivity status of the third-party cloud asset with the Xshield instance from which the asset is monitored. This column shows One of the following values:

• Running - the asset is reachable to the Xshield instance

• Suspended - the asset cannot connect to the Xshield instance for 20 successive attempts (Five minutes). The asset could be genuinely unreachable to Xshield; check and fix network connectivity issues between the third-party cloud and the Xshield instance. Otherwise, the asset is most likely orphaned due to an auto-scaler or equivalent configuration on the third-party cloud. The entries of Suspended assets are greyed out.

• Created - the asset is an AWS S3 bucket.

• Created - the asset is an AWS Storage account.

The Last Connected column displays the timestamp for when the asset was last connected to Xshield.