Assets

Zercurity keeps track of all of the assets within your company.

Table view

_images/assets.png
  • Status An asset can have 4 defined states; RED, ORANGE, GREEN and UNKNOWN. You can hover over the asset’s status icon to get a description on why its current state has been assigned.

    • RED Either the asset hasn’t been heard from in some time. It’s whitelist and blacklist definitions are very out of date. Or lastly, the asset has either been miss-configuration, malware has been detected or the asset has made connections to known-bad domains/IPs.
    • ORANGE The assets whitelist and blacklist definitions are 48 hours out-of-date. Or there is a bad configuration of the asset. Meaning that it’s no longer compliant.
    • GREEN Everything is a-ok!
    • UNKNOWN This asset is newly provisioned and is awaiting a status check.
  • Asset Type Whether the device is a; LAPTOP, DESKTOP, VM, SERVER

  • Name/Hostname The given name to an asset. You can change this at any time. By default, the assets serial number is used. The assets hostname is also provided.

  • Team The team that this asset is a part of.

  • Serial/UUID The serial number of the asset as defined by the manufacturer. The UUID is generated at install time by Zercurity. Zercurity will attempt to use the system’s UUID if one is provided. The primary disks UUID or lastly generate a random UUID.

  • Last checkin This is the date and time the asset last checked in. Which means the last time the asset called home.

  • Definitions This is the date and time that the asset last downloaded the whitelist and blacklist definitions.

Asset view

This is Zercurity’s asset view. It’ll give you an overview of your deployed asset. At the top of the page there are three sections dedicated to information about the systems hardware and software configuration including its IP address and location.

_images/asset.png

Below are subsections detailing each aspect of the asset. There include:

Asset processes

This view shows you a history of all of the processes that have been executed on an asset.

_images/asset_processes.png
  • PID This column contains a few bits of information:
    • Status Icon Shows the current state of the running process.
    • Processes Id Shows the process id.
    • Parent process Shows the parent process and its corresponding process id.
  • Name The processes name and risk score.

  • User The user that the process is running under. Including the Users user id (UID).

  • Decision When a process is executed its run through the Zercurity whitelist and blacklist engine. A decision is then made as to whether the process can be run or not.

    • ALLOW Process was executed.
    • ALLOW_UNKNOWN Process was executed but wasn’t found within a user defined whitelist.
    • BLOCKED Process was blocked from executing and the user was notified.
    • BLOCKED_SLIENT Process was blocked from executing and the user was not notified.
  • Launched The date and time the process was executed.

Asset applications

Shows you a view of all of the installed applications.

_images/asset_applications.png
  • Risk The processes’s risk score. Represented by either a; red, orange or green icon of the applications platform.

    • Red Caution. The application is known to be malicious and will have been blocked from running. However administrations should investigate the incident.
    • Orange Warning. The application is untrusted or suspicious. This could mean the application is malicious and depending on your configuration may have been executed as a result. You will need to check which assets this application has been installed on.
    • Green Approved. This is a known good and trusted application. Which has been allowed to run on an asset.
    • Grey Unknown. This application’s status is unknown. It will be in the process of being checked.
  • Name The application name.

  • Version The version of the application.

  • Installed The date and time of when the application was installed.

  • Uninstalled The date and time of when the application was uninstalled.

_images/asset_applications.png

Asset packages

Shows you all of the packages that have been installed and removed on a given asset.

_images/asset_packages.png
  • Risk The packages’s risk score. Represented by either a; red, orange or green icon of a box. If there is no icon then it means the package has been removed and no longer poses a risk.

    • Red Critical. The package is either known to be malicious or has a critical vulnerability assigned to it. This needs to be fixed as a matter of urgency.
    • Orange Warning. The package is either untrusted or suspicious or has a medium to high vulnerability assigned to it. This will need to be addressed as soon as possible. The package may also be outdated and needs updating.
    • Green Approved. This is a known good and trusted package. Which has no known vulnerabilities assigned to it and is in good health.
    • Grey Unknown. This application’s status is unknown. It will be in the process of being checked.
  • Name The package name.

  • Version The version of the package.

  • Installed The date and time of when the package was installed.

  • Uninstalled The date and time of when the package was uninstalled.

Asset networking

Shows you all of the network interfaces that are attached to the asset. This is only a snapshot and not historical.

_images/asset_networking.png
  • Interface The interface identifier.
  • Type The interface type. Let’s you know whether the interface is; virtual, wired, wireless etc.
  • Address Both the physical address (MAC address) and the logical address (IP address) of the network interface.
  • Bandwidth The amount of traffic, in and out of the interface.
  • Broadcast The broadcast address for the interface.

Asset hard drives

Shows you all of the currently mounted hard drives attached to the asset. This will include both internal and external hard drives and removable media. This is only a snapshot and not historical.

_images/asset_hard_drives.png
  • Name The name of the mounted partition and its corresponding name.
  • Type The device type. Let’s you know whether the device is; physical PCI or USB etc.
  • Device The name of the device and its serial number.
  • Size The size of the provisioned partition.
  • Encrypted Displays whether the drive is encrypted and if so the method by which the partition is encrypted.

Asset usb devices

Zercurity provides you a historical view of every removable device that’s attached to each one of your assets.

_images/asset_usb_devices.png
  • Device Type An icon of the type of removable media device. Zercurity uses the base class to determine the device type. Zercurity also uses the devices name to help determine the device type.
  • Device/Serial The name of the device and its serial number.
  • Removable Whether the device is removable or not.
  • Address The devices port address.
  • Action Whether the device was ADDED or REMOVED from the asset.
  • Timestamp The date and time of when the device was added to the asset.

Asset locations

Zercurity is able to track the exact location of a device using the surrounding wifi access points using Osquery’s wifi_survery and mapping that using Google’s Maps Geolocation API.

This feature is useful to help cross-reference web login for applications using SSO.

Zercurity displays location information using Google Maps. Zercurity records a complete history of the assets location history.

_images/asset_locations.png