Inventory
OT Security's Automated Asset Discovery, Classification and Management provides an accurate, up-to-date asset inventory by continuously tracking all changes to devices. This simplifies sustaining of operational continuity, reliability and safety. It also plays a key role in planning maintenance projects, prioritizing upgrades, patch deployments, incident response and mitigation efforts.
Viewing Assets
All of the assets in the network are shown on the Inventory screens. Detailed data about each asset is shown, enabling comprehensive asset management as well as monitoring of the status of each asset and its related Events. The data shown in the Inventory screens is gathered using the OT Security Network Detection and Active Query capabilities. The All screen shows data for all types of assets. In addition, specific subsets of the assets are shown on separate screens for each of the following asset types: Controllers and Modules, Network Assets and IoT.
Note: The Network Assets screen includes all types of assets that aren’t included in the Controllers and Modules or IoT screens.
For each of the asset screens (All, Controllers and Modules, Network Assets and IoT), you can customize the display settings by adjusting which columns are displayed and where each column is positioned. You can also sort and filter the Asset lists as well as perform a search. For an explanation of the customization features, see Management Console UI Elements.
The following table describes the parameters shown on the Inventory screens.
Parameters marked with an “*” are only shown on the Controllers screen.
| Parameter | Description |
|---|---|
| Name | The name of the asset in the network. Click the name of the asset to view the Asset Details screen for that asset (See Inventory.) |
| IP |
The IP address of the asset. Note: An asset may have multiple IP addresses. Note: IP addresses labeled as Direct are ones with which Tenable has established a direct connection. If there is no label, it means Tenable has discovered the IP without direct communication. Note: Assets can be filtered by IP range. For more on filtering, see Management Console UI Elements. |
| MAC | The MAC address of the asset. |
| Network Segment | The Network Segment that the IP/s of this asset are assigned to. |
| Type | The type of asset, Controller, I/O or Communication, etc. see Asset Types. |
| Backplane* | The backplane unit that the asset is connected to. Additional details about the backplane configuration are shown in the Asset Details screen. |
| Slot* | For assets that are on backplanes, shows the number of the slot to which the asset is attached. |
| Vendor | The asset vendor. |
| Family* | The family name of the product as defined by the asset vendor. |
| Firmware | The firmware version currently installed on the asset. |
| Location | The location of the asset as input by the user in the OT Security asset details. See Inventory. |
| Last Seen | The time at which the device was last seen by OT Security. This is the last time that the device was connected to the network or performed an activity. |
| OS | The OS running on the asset. |
| Model Name | The model name of the asset. |
| State* |
The device state. Possible values:
|
| Description | A brief description of the asset, as configured by the user in the OT Security asset details. See Inventory. |
| Risk | A measure of the degree of risk related to this asset on a scale from 0 (no risk) to 100 (extremely high risk). For an explanation of how the Risk score is calculated, seeRisk Assessment. |
| Criticality | A measure of the importance of this asset to the proper functioning of the system. A value is assigned automatically to each asset based on the asset type. You can manually adjust the value. |
| Purdue Level | The Purdue level of the asset (0=Physical process, 1=Intelligent devices, 2=Control systems, 3=Manufacturing operations systems, 4=Business logistics systems). |
| Custom Field | You can create custom fields to tag your assets with relevant info. The custom field can be a link to an external resource. |
Asset Types
The following table describes the various types of assets identified by OT Security. It also shows the icon by which each asset type is represented in the OT Security Management Console (e.g. on the Network Map screen).
| Category | Default Criticality Level / Purdue Level | Description | Sub-Types | ||||
|---|---|---|---|---|---|---|---|
|
|
Controller |
|||||
|
|
PLC |
||||||
|
|
DCS |
||||||
|
|
IED |
||||||
|
|
RTU |
||||||
|
|
BMSController |
||||||
|
|
Robot |
||||||
|
|
CommunicationModule |
||||||
|
|
I/O Module |
||||||
|
|
CNC |
||||||
|
|
PowerSupply |
||||||
|
|
BackplaneModule |
||||||
|
|
FieldDevice |
|||||
|
|
PowerMeter |
||||||
|
|
RemoteI/O |
||||||
|
|
Relay |
||||||
|
|
Inverter |
||||||
|
|
IndustrialSensor |
||||||
|
|
Drive |
||||||
|
|
Actuator |
||||||
| OT Devices | Medium / 2 | This category includes all types of OT devices. |
|
OTDevice |
|||
|
|
IndustrialRouter |
||||||
|
|
IndustrialSwitch |
||||||
|
|
IndustrialGateway |
||||||
|
|
IndustrialNetworkDevice |
||||||
|
|
IndustrialPrinter |
||||||
| OT Servers | Medium / 2 | A computer/device that is used to access industrial data. This category includes all types of OT servers and their related components. |
|
OTServer |
|||
|
|
Historian |
||||||
|
|
HMI |
||||||
|
|
DataLogger |
||||||
| Network Devices | Medium / 3 | A networking device (e.g. a switch or a router). This category includes all types of network devices and their related components. |
|
NetworkDevice |
|||
|
|
Router |
||||||
|
|
Switch |
||||||
|
|
Serial-EthernetBridge |
||||||
|
|
Gateway |
||||||
|
|
Hub |
||||||
|
|
WirelessAccessPoint |
||||||
|
|
Firewall |
||||||
|
|
Converter |
||||||
|
|
Repeater |
||||||
|
|
Radio |
||||||
| Workstations | Low / 3 | A computer that is connected to the network and used to control the PLCs. This category includes all types of workstations and their related components. |
|
Workstation |
|||
|
|
OT Workstation |
||||||
|
|
EngineeringStation |
||||||
|
|
VirtualWorkstation |
||||||
| Servers | Low / 3 | This category includes various types of IT servers. |
|
Server |
|||
|
|
FileServer |
||||||
|
|
WebServer |
||||||
|
|
VirtualServer |
||||||
|
|
SecurityAppliance |
||||||
|
|
TenableICP |
||||||
|
|
TenableEM |
||||||
|
|
TenableSensor |
||||||
|
|
Domain Controller |
||||||
|
|
IoT |
||||||
| IoTs | Low / 3 | This category includes various type of interrelated devices. |
|
Camera |
|||
|
|
Panel |
||||||
|
|
Projector |
||||||
|
|
VOIPDevice |
||||||
|
|
3DPrinter |
||||||
|
|
Printer |
||||||
|
|
UPS |
||||||
|
|
IP Phone |
||||||
|
|
SmartSensor |
||||||
|
|
BarcodeScanner |
||||||
|
|
AccessControlSystem |
||||||
|
|
LightingControl |
||||||
|
|
HVACModule |
||||||
|
|
SmartHub |
||||||
|
|
SmartTV |
||||||
|
|
MedicalDevice |
||||||
|
|
Tablet |
||||||
|
|
MobileDevice |
||||||
|
|
StorageDevice |
||||||
| Endpoints | Low / 3 | An unidentified IP address in the network. |
|
Endpoint |
|||
