From 01eb65c78fba8674cb7b8539db56b0e2c65fada3 Mon Sep 17 00:00:00 2001 From: Men-hau <101662967+Men-hau@users.noreply.github.com> Date: Fri, 2 Feb 2024 19:13:19 +0100 Subject: [PATCH] Update Assets_qa.md --- docs/xdr/FAQ/Assets_qa.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/xdr/FAQ/Assets_qa.md b/docs/xdr/FAQ/Assets_qa.md index c84325a44f..0dfb0b82f3 100644 --- a/docs/xdr/FAQ/Assets_qa.md +++ b/docs/xdr/FAQ/Assets_qa.md @@ -1,4 +1,4 @@ -## How to get the source of a generated asset? +## How to get the source of a discovered asset ? In the Asset timeline, events that triggered an asset detection will be displayed. @@ -7,43 +7,43 @@ In the Asset timeline, events that triggered an asset detection will be displaye The details of the event will be displayed in the events page. -## Can a same asset be generated by two different intakes? +## Can a same asset be discovered by two different intakes ? Only `account`, `host` and `network` will be taken into account in asset detection. However, the information of the intake associated can be found by clicking on an event in the timeline. !!! note - For example, a source IP is a field that will be detected as an atom extracted from an event. + For example, a source IP is a field that will be discovered as an atom extracted from an event. This atom can be attached to one or several assets (seen in the Atoms tab). Please consult [this documentation about atoms](https://docs.sekoia.io/xdr/features/collect/assets/#what-is-an-atom). -## Is there any impact on the assets set as "Reviewed"? +## Is there any impact on the assets set as "Reviewed" ? There is no impact. However, it is useful in order to clearly identify and confirm the assets used. -## Is there any mechanism that automatically delete an asset if no events have been triggered after a given period? +## Is there any mechanism that automatically delete an asset if no events have been triggered after a given period ? Asset management is crucial and it is important to manually monitor your assets frequently in order to have a clear view of their activities and validity. -## Are there any assets duplicates? +## Are there any assets duplicates ? It is possible to have asset duplicates originated from two different sources. For example: -1. The first asset identified as **Marcel** will be detected from an email. -2. The second asset **Marcel (Paris)** will be detected from another service account. +1. The first asset discovered as **Marcel** is detected from an email. +2. The second asset discovered as **Marcel (Paris)** is detected from another service account. Therefore, the same user will be displayed in the two assets. -## Is it possible to have an asset created manually and also generated automatically? +## Can assets be created manually and also discovered automatically ? It is possible to have assets created both manually and automatically. We suggest to users to manage their assets and keep the ones that are relevant. -## How are assets' duplicates managed? +## How are assets' duplicates managed ? Assets are being enriched and updated according to detection rules.