The LogSentinel Collector can perform asset discovery. In order to do that, the
asset.discovery.enabled property has to be set to true in
Once assets are discovered, they are sent to LogSentinel SIEM for visualization. Asset discovery is performed once a day by default, but this period can be changed by setting
asset.discovery.period (in minutes).
Assets are not just machines, but also services running on those machines. A web server and a database server running on the same machine are classified as separate assets. Vulnerability management can be separately performed on discovered assets.
For each asset, the following data is stored:
- IP address
- MAC address
- protocol used
- service name
- risk level