SOC-CMM forum

Full Version: Asset Management Integration Vs Asset Context Integration
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi Rob,
Under Technology Domain - SIEM Tooling, may I know what are the differences between Asset Management Integration and Asset Context Integration?
Because to me, they are the same thing.
Do you have any good examples?

Asset management integration:
Integration into the asset management process for automated adding of assets to the SIEM for monitoring

Asset context integration:
Integration of asset management information into the SIEM (asset owner, asset location, etc.)

Hi Darren,

The initial idea to differentiate between these was that asses management integration purely means that new assets in the CMDB are automatically connected to the SIEM system to enable security monitoring.

Asset context means that the context of those assets, such as the mentioned features of ownership, location, and also classification is available to the security monitoring system as well. This context can subsequently be used in correlations or to determine the risk of events (assets with higher classification carry a higher risk).

With a proper integration, you will get both. But this is not neccessarily the case. Hence, the differentation.