Inspector Panel

Overview

The Inspector Panel contains detailed information about one or more selected assets. It is divided into several sections:

To view detailed information about an asset, select the desired asset within the Topology, Inventory, or Internet Hosts section.

Selected Asset

The Summary section contains a high level overview of the asset type and its corresponding metadata (IP address(es), MAC address(es), hostname(s)).

IPInfo/GreyNoise Lookup

IPInfo is an IP address geolocation lookup to include geographic location, company name, domain, and what type of company it is (if applicable).

GreyNoise is a cybersecurity platform that collects and analyzes Internet-wide scan and attack traffic that is integrated directly into Teleseer.

Upon selecting an asset, the corresponding IPinfo and GreyNoise metadata will appear if present.

Asset Info

The Asset Info section contains detailed information about the asset, such as manufacturer, form factor, operating system and version. If an analyst has a prior knowledge about an asset, they can add/edit the information within this section.

Asset Tags

Tags are words or phrases that can be added to an asset to help identify and find the asset via the search text field.

Adding Tags

1. Left-click on the desired Asset
2. Within the Inspector Panel, scroll down to the Tags section
3. Select the edit button

4. Enter the desired tag value
5. Select the Add button
6. Enter more tags if desired
7. Select the close button

This asset can now be searched for within the Network, Inventory, and Internet Hosts search text field.

Asset Notes

Custom notes that can be added and searched for by users

Asset Hostnames

An aggregated table of hostnames existing on the selected asset. The hostname, protocol, and domain are displayed for each hostname identified.

Network Interfaces

An asset may have one or more network interfaces. An example would be a router containing multiple subnets with each subnet being on its own interface. Each interface detected will be displayed within this section. Each entry will have one or more of the following values: Name, MAC (address), IP (address).

If you have additional information about an interface, you may edit this section accordingly.

Apps

The DPI (Deep Packet Inspection) engines will do their best to identify applications running on a specific asset. This section will display the information gathered from the DPI engines. Example values may be: Chrome v#, PBX v#, Safari v#, Thunderbird v#

Services

A listing of services running on the selected asset. Each service row contains the port, protocol, and standard protocol for the given service.

CVEs

CVEs are publicly disclosed information about common vulnerabilities and exposures. If an asset is identified has having a high CVE value, it's best to investigate this asset further to determine if it has been or can be compromised.

The Teleseer application will do its best to identify assets which may have a common vulnerability. When an asset does contain a common vulnerability, the asset will appear within the Topology in red.

Take a Desktop asset for example. See below to learn how to differentiate between a desktop without any CVEs detected and a desktop with one or more common vulnerabilities detected.

CVEs are in the format of CVE-YYYY-NNNN where YYYY is the year and NNNN can be 4 or more arbitrary digits to uniquely identify the CVE. See the following website for more information: https://www.cve.org/

CVEs displayed within the Inspector Panel will contain the name, a description, and a link to any relevant information:

🚧

CVE detection

The more specific the Asset Info is, the more refined the CVE list will be.

If an operating system does not contain service pack information, users may receive more CVEs than expected because the system will return all CVEs for the given OS version.