Skip to content

Asset Discovery

The LogSentinel Collector can perform asset discovery. In order to do that, the asset.discovery.enabled property has to be set to true in logsentinel-collector.yaml.

Once assets are discovered, they are sent to LogSentinel SIEM for visualization. Asset discovery is performed once a day by default, but this period can be changed by setting asset.discovery.period (in minutes).

Assets are not just machines, but also services running on those machines. A web server and a database server running on the same machine are classified as separate assets. Vulnerability management can be separately performed on discovered assets.

For each asset, the following data is stored:

  • IP address
  • port
  • MAC address
  • protocol used
  • service name
  • risk level