Context Hub Enrichment details of critical asset from Archer
Can you share your inputs, if you like to view Enrichment details of critical asset from Archer in Context Hub of NW suite.
Is the below fields listed from Archer will it suffice or there additional fields needed to be added/removed from below list from Archer.
- Criticality rating
- Risk Rating
- Device ID
- Device Name
- Host Name
- Business Unit
- Device Owner
Appreciate your suggestions.
while I don't have archer at the moment to get this data and looking at methods of doing it without archer, I think this would be a great feature. Then when configuring ESA alerting or even incident creation within NW, the Criticality is brought into the equation of the rule. If Asset criticality is High + Alert >= Medium -> Incident Severity = Critical.
I think it needs to be configurable in the NW UI for what gets targeted for enrichment given how powerful, prolific, and dominant Archer is. Not all Archer implementations are the same. Your default list is good, but I think configuration options are table stakes. Also, we should pay close attention to NWE and how NW can build a bridge between Archer and NWE.
Thanks Kyle. Agree with you, if it is automated and configurable based on asset criticality change the severity of the alerts too. But for sure, you can change manually severity once you view the severity of the asset in context hub.
The plan is to provide a configuration by which you can configure what fields you require, but in initial release this will not be exposed to configure but in future after the initial release will add the capability. Between Archer and NWE is a very good point and have to explore more on it and will keep you posted on it and include in any discussion on it.