Assets
Assets are the inventory AgentSOC keeps of the things it protects: hosts, users, and IP addresses discovered and synced from your connected cloud providers and security tooling. Browse the inventory at /assets, and open any single asset at /assets/:id to see its full context.
What lives in the inventory
The inventory groups items by category so you can scan infrastructure and identities separately:
- Cloud instances, servers, endpoints, workstations, and network devices — the hosts in your environment.
- Users — the identities AgentSOC tracks, split into their own table.
Each asset carries identity details (hostname, public and private IP, MAC address, cloud provider, instance id), technical context (OS, role, internet-facing flag, open ports, network zone), business context (environment, owner, criticality, crown-jewel flag), and security posture (EDR installed and healthy, SIEM logging enabled). Anything whose category is unknown lands in Other so it never silently disappears.
How assets get there
You populate the inventory by syncing from your connected sources rather than entering hosts by hand. From /assets you can sync from your cloud and SIEM data, and from AgentSOAR. Each sync reports how many records were inserted, updated, and seen, so re-running it keeps the inventory current without creating duplicates.
How assets enrich alerts
When an alert arrives, AgentSOC matches its host and identity fields against the inventory. That match adds context the raw event never had: whether the affected host is internet-facing, whether it is a crown jewel, who owns it, and whether it has healthy EDR. The triage agent uses that context to weigh severity, so an alert on a mission-critical, internet-facing server is prioritized differently from the same alert on a sandbox.
How assets power response
Assets are also the targets that AgentSOAR acts on. Response actions such as Isolate Host, Block IP, and Disable User operate against entities in your inventory and the cloud accounts behind them. Because the inventory ties an asset to its cloud provider and resource ids, an approved containment action can reach the right host or identity instead of guessing.