diff --git a/docs/xdr/FAQ/Assets_qa.md b/docs/xdr/FAQ/Assets_qa.md index c84325a44f..0dfb0b82f3 100644 --- a/docs/xdr/FAQ/Assets_qa.md +++ b/docs/xdr/FAQ/Assets_qa.md @@ -1,4 +1,4 @@ -## How to get the source of a generated asset? +## How to get the source of a discovered asset ? In the Asset timeline, events that triggered an asset detection will be displayed. @@ -7,43 +7,43 @@ In the Asset timeline, events that triggered an asset detection will be displaye The details of the event will be displayed in the events page. -## Can a same asset be generated by two different intakes? +## Can a same asset be discovered by two different intakes ? Only `account`, `host` and `network` will be taken into account in asset detection. However, the information of the intake associated can be found by clicking on an event in the timeline. !!! note - For example, a source IP is a field that will be detected as an atom extracted from an event. + For example, a source IP is a field that will be discovered as an atom extracted from an event. This atom can be attached to one or several assets (seen in the Atoms tab). Please consult [this documentation about atoms](https://docs.sekoia.io/xdr/features/collect/assets/#what-is-an-atom). -## Is there any impact on the assets set as "Reviewed"? +## Is there any impact on the assets set as "Reviewed" ? There is no impact. However, it is useful in order to clearly identify and confirm the assets used. -## Is there any mechanism that automatically delete an asset if no events have been triggered after a given period? +## Is there any mechanism that automatically delete an asset if no events have been triggered after a given period ? Asset management is crucial and it is important to manually monitor your assets frequently in order to have a clear view of their activities and validity. -## Are there any assets duplicates? +## Are there any assets duplicates ? It is possible to have asset duplicates originated from two different sources. For example: -1. The first asset identified as **Marcel** will be detected from an email. -2. The second asset **Marcel (Paris)** will be detected from another service account. +1. The first asset discovered as **Marcel** is detected from an email. +2. The second asset discovered as **Marcel (Paris)** is detected from another service account. Therefore, the same user will be displayed in the two assets. -## Is it possible to have an asset created manually and also generated automatically? +## Can assets be created manually and also discovered automatically ? It is possible to have assets created both manually and automatically. We suggest to users to manage their assets and keep the ones that are relevant. -## How are assets' duplicates managed? +## How are assets' duplicates managed ? Assets are being enriched and updated according to detection rules.