Asset filters in Xshield

Asset filters can help you reduce clutter on some of the data-driven pages in the Xshield UI. Use Asset filters for a filtered view of the assets managed from the instance. Asset filters are filters to filter assets by factors such as the assets' attributes and the CVSS vulnerabilities found on them during vulnerability scans.

Asset filters are available on the Assets, Visualizer, and Flow Explorer pages in the Xshield UI. On Visualizer and Flow Explorer pages, Asset filters provide a filtered view of the traffic flows for the filtered list of assets.

Filters properties

  • Additive - Asset filters are additive. When you apply multiple filters for a single filter operation, the operands for a filter are not restricted by the preceding filter. 

  • Non-persistent across login sessions - Asset filters you apply only last for the duration you are logged into the ColorTokens Spectrum portal. If you log out of the portal, you must apply the filters again to filter assets.

Filters list

Filter Description
Managed Groups

filter data by the assets in selected Workload groups and Endpoint groups

Endpoint groups are listed only when at least one user in the related User groups has connected to the Xshield-protected network through the Colortokens Endpoint app.

IPs

filter data by the IP addresses of the assets

Hostnames

filter data by the hostnames of the assets

Tags

filter data by the values of the Xshield tags assigned to the assets

OS

Filter data by the OSes on the assets. For example, CentOS Linux 7 (Core).

Hardware

Filter data by architectures of the CPUs that assets use. For example, 8-Core Intel Core 9 @ 2.4 GHz
Severity

Filter data by the severity levels ( Critical, High, Medium, and Low) of the CVSS vulnerabilities found on the assets. 

CVE ID

Filter data by the Common Vulnerabilities and Exposures (CVE) IDs of the vulnerabilities found on the assets. For example, CVE-2019-1053.

Apply Asset filters

You can apply Asset filters on any One of the Assets, Visualizer, and Flow Explorer pages. The filters persist when you move to the other two pages.

  1. Go to one of Assets, Visualizer, or Flow Explorer pages.

  2. Click an Asset filter.

  3. Select the required factors/operands. 

  4. Enter search criteria in the Search box to look for specific asset attributes. 

  5. Repeat steps 1 and 2 to construct a filter query.

  6. Click the Search icon

Example 1 - Asset filters for asset inventory

To see Windows workloads with Critical CVSS vulnerabilities (on the Assets page), set the filters as follows:

  • Managed Groups filter - select all Workload groups

  • OS filter - select all Windows server OSes

  • Severity filter - select Critical  

Example 2 - Asset filters for Flow Explorer page

To see traffic flows for user assets that are deployed in some subnets, set the filters as follows:

  • Managed Groups filter - select the related Endpoint groups

  • IPs filter - select the related subnets

Analyze filtered data

The ways to analyze the data filtered using Asset filters depend on the page you are on ( Assets, Visualizer, or Flow Explorer).

  • On the Assets page, you can add or remove columns to the asset inventory, click an asset and see the vulnerabilities and port exposure, and download the filtered list of assets for offline analysis. 

  • On the Visualizer page, you can click a traffic line and see the traffic flow details.

  • On the Flow Explorer page, you can set add or remove traffic flow parameters to the flow details and download flows for offline analysis.

Clear Asset filters

Clear Asset filters when you want to change/update filters or get back to the unfiltered view of the assets.

  • Click X to clear a filter.

  • Click Clear all to get back to the unfiltered view of the assets.

 

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.