Configuration Management Database (CMDB)

The platform includes a fully integrated Configuration Management Database (CMDB) designed to provide continuous asset visibility and contextual awareness across security operations.

The CMDB enables partners to register, manage, and maintain an up-to-date inventory of customer assets. This asset context is later leveraged by multiple operational workflows, allowing assets to be classified by criticality and type, enriched with licensing information, and tracked throughout their lifecycle (including license validity and expiration).

Asset Registration and Contextualization

Through the CMDB, partners can associate operational and business context with each asset, including but not limited to:

• Asset type (e.g. firewall, endpoint, server, cloud service)

• Criticality and severity classification

• Customer ownership and environment

• Licensing details and expiration dates

• Operational metadata used for correlation and prioritization

This contextual information is essential for improving detection accuracy, prioritization, and response decisions across the SOC.

Automatic CMDB Population (Auto-Discovery)

The CMDB is built and maintained automatically, without requiring manual intervention from SOC analysts.

The platform includes an auto-discovery mechanism that continuously identifies all sources reporting activity to the platform. Assets are automatically discovered under the following scenarios:

• Assets directly integrated as native data sources

• Assets reporting events through an intermediate integrated source, such as:

  • A third-party SIEM integrated into the platform

  • Network devices (e.g. firewalls, proxies) that forward events generated by downstream assets

  • Endpoints whose activity is observed through integrated network or security controls

This approach allows the platform to infer the existence of assets even when they are not directly integrated, ensuring broader and more accurate asset visibility.

Keeping the CMDB accurate and up to date is a common operational challenge in SOC environments, both for service providers and their customers.

By automating asset discovery and population, the platform:

• Reduces manual effort and operational overhead

• Minimizes asset inventory drift

• Improves data quality and consistency

• Ensures real-time alignment between observed activity and asset inventory

As a result, the CMDB remains continuously synchronized with the actual operational environment.

CMDB Integration with Platform Modules

The information stored in the CMDB is consumed by multiple platform components to provide enriched, context-aware security operations, including:

• SOAR – Asset-aware orchestration and automated response workflows

• Alerting Engine – Contextual alert prioritization based on asset criticality

• Silenced Source Detection – Identification of assets that stop reporting activity

• Predictive AI Framework – Risk modeling and behavioral analysis enriched with asset context

• Correlation and Analytics Engines – Improved accuracy and relevance of detections

By serving as a centralized source of truth for asset information, the CMDB enhances correlation, decision-making, and automation across the entire platform.

Management

CMDB management is performed through the platform’s administrative interface, accessible via:

Administration → CMDB

This section provides centralised control over all assets registered within the Configuration Management Database, including those automatically discovered by the platform.

Asset Management Operations

From the CMDB administration interface, authorized users can perform the following actions:

• Add assets manually Register new assets that may not yet have been discovered automatically or that require pre-definition.

• Modify asset attributes Update and enrich asset characteristics detected by the auto-discovery mechanism, such as:

  • Asset type and classification

  • Criticality and severity level

  • Ownership and customer association

  • Licensing information and expiration dates

  • Any additional operational or contextual metadata

• Remove assets Delete assets that are no longer relevant, decommissioned, or incorrectly identified by the discovery process.

These capabilities allow partners and SOC administrators to maintain full control over the asset inventory while still benefiting from automated discovery.

Interaction with Auto-Discovery

Assets detected through the auto-discovery mechanism are automatically created and updated in the CMDB. The administrative interface allows users to review, adjust, and override automatically detected attributes when additional context or corrections are required.

This hybrid approach combines:

• Automation, to ensure continuous and accurate discovery

• Manual governance, to refine asset data and align it with operational or business requirements

Access Control and Governance

Access to the CMDB administration section is restricted to authorized roles only. This ensures controlled governance of asset data and prevents unauthorized or accidental modifications that could impact detection, correlation, or response workflows.