Breadcrumbs

Adding assets in the system

Users with administrative rights in the Sectona platform can add new Assets. Users can be added to the system via web form, bulk import, sync with active directory groups, or asset discovery sync.

This chapter covers the following:

Add an asset

You can integrate new assets and accounts by logging to the system and select PAM from the product navigator. Go to the Manage section of the application, and select the Asset from the Asset Management in the sidebar. Click +Add Asset.

  • Category: Define the asset category example as "Operating System".

  • Type:  Select the asset category from the drop-down list which contains asset types defined by you.

  • Version: Enter the version or release number of the asset type example. If oracle is the asset type, then 11g is the version.

  • Host Name: Enter the hostname of the asset.

  • Primary IP: Enter the IP address (v4/v6) to which the connection should be made.

  • Secondary IP (optional): Enter an alternate IP address (v4/v6) to access the asset when the primary IP is unreachable or to achieve load balancing.

  • Port no: Enter the port number of the host.

  • Location (optional): Added location field will be included in every asset location. You can configure system management location tabs here.

  • Owner (optional): If you have listed owner information for all assets, please include it here.

  • Level (optional): Added critical field will be included in every asset. This is important for structuring reports and notifications.

  • Description: Enter a unique descriptive title for your new asset.

  • Tags (optional): One can choose multiple tags to be more specific about the asset.

  • Exclude from Account Discovery: If selected, the accounts of this asset will be excluded from the Discovery job.

  • Enforce Host Name for Connection: If selected, Administrators can manage assets that utilise RDS (Remote Desktop Services) and FQDN (Fully Qualified Domain Name) addressing. This would also provision Session and Password Management along with Audit Log maintenance.

  • Checkout Policy: This option is selected by default. You can uncheck this option and select the required policy from the drop-down list. 

  • Rotation policy: This option is selected by default. You can uncheck this option and select the required policy from the drop-down list.

  • Reconciliation policy: This option is selected by default. You can uncheck this option and select the required policy from the drop-down list.

  • Asset JIT policy: This option is selected by default. You can uncheck this option and select the required policy from the drop-down list.

  • Config value 1: The configuration value can be assigned here.

  • Config value 2: The configuration value can be assigned here.

  • Config value 3: The configuration value can be assigned here.

  • Config value 4: The configuration value can be assigned here.

  • Status: To have the asset's status active, it is active by default, and one can toggle it to disable it.

Updating asset attributes

If you want to update/change asset details, you can click on the hostname of your asset, and a form will appear. Make the necessary changes. Click on the update button, and your form will be updated.

Adding assets in bulk

Asset lists can be imported in bulk. Login to the system and select PAM from the product navigator, go to the Manage section of the application and select the Asset Management tab. Click Bulk Assets. From the drop-down menu, click the Import option.

Step1: Add generic asset details

  • Asset category: Select one of the following types

    • Operating System is a system software that manages the hardware and software resources providing services to the user.

    • A database is a structured set of data collection kept in an organized way that can easily be fetched.

    • The router is a networking device that helps to transfer packets over wide networks.

    • A firewall is a network security that helps to protect our device by monitoring the incoming and outgoing traffic of the system and acting as a barrier between trusted and untrusted networks.

    • The switch is a networking device that helps to transfer packets over wide networks.

    • SANstorage is a dedicated high-speed network that interconnects and presents a shared pool of storage devices to multiple servers. These help in block-level storage.

    • San Switch is a fiber channel switch compatible with FC protocols.

    • A directory server provides a central repository for storing and managing information. It is a server providing directory services.

    • Tape Library is a storage system containing multiple tape drives, bays, or slots to hold tapes.

    • Cloud App is a software program where cloud-based and local components work together, which relies on remote servers for processing logic that is accessed through a web browser with an internet connection.

    • Security Device or a token is provided to authorized users so they can authenticate themselves to access network resources or services.

    • Workstation is a high-performance computer system dedicated to an individual or a group of users for professional and business purposes.

  • Asset Type: Select the asset type.

  • Asset Version: Select the version of the asset.

  • Location: This will specify your asset's location list, which will be enlisted in your dropdown list.

  • Criticality Level: This will define the level of criticality of the asset.

  • Tags (optional): Add relevant tags to this user. Refer to the section Tags for more information about adding context with tags.

  • Exclude from Account Discovery: When selected, the accounts of this asset will be excluded from the Discovery job. 

  • Password Checkout Policy: This option is selected by default. You can uncheck this option and select the required policy from the drop-down list. 

  • Password Rotation Policy: This option is selected by default. You can uncheck this option and select the required policy from the drop-down list. 

  • Password Reconciliation Policy: This option is selected by default. You can uncheck this option and select the required policy from the drop-down list. 

  • Asset JIT Policy: This option is selected by default. You can uncheck this option and select the required policy from the drop-down list. 

  • Status: To have the asset's status active, it is checked by default, and one can uncheck it to disable it.

  • Click Next.

Step 2: Copy Asset Data to be onboarded

  • Download the CSV to add asset details.

  • Copy the text from the editors to the text box.

  • Move to the next step.

Step 3: Summary & Finalize

Validate the data entered and complete the action or review the details.

You can exclude the asset from being discovered by checking on the 'exclude from account discovery 'option.' Administrators can use the bulk method to add up to 1000 assets simultaneously.

Updating Bulk Asset Attributes

The asset list can be updated in bulk. Login to the system and select PAM from the product navigator., you can go to Asset Management from the sidebar and select the Bulk Assets → Update option from the drop-down list.

To update/change asset details, follow the below steps:

  • Asset Details

    • Tick the checkbox for the fields you want to update and provide the updated value for those fields.

    • Click on the Download Format link.

    • This will download an Excel sheet on your system.

    • Click on the Next button.

  • Copy Text

    • Open the Excel sheet and add details of the assets you want to update.

    • Copy the asset's data from the Excel sheet and paste it into the text box.

    • Click on the Next button.

  • Summary

    • Validate the data in the Summary section and click on the Finish button.

Here, all the assets mentioned in the Excel sheet get updated in bulk with the current details.

Updating Asset Security Settings

Update the security settings such as Session Timeout, Clipboard, and File sharing of assets any one particular asset. Go to Asset Management click on the Action icon image-20251104-111528.png of any asset. Consider the following options that will be used for SSH, SFTP and SCP type of session:-

  • Preferred Host Key Algorithm (UNIX) - Select the preferred Host Key Algorithm from the menu displaying the following options:-

    • RSA

    • DSS

    • Certificate

    • ED25519

    • ECDsaNistP256

    • ECDsaNistP384

    • ECDsaNistP521

    • ECDsaSecp256k1

  • Use Legacy Group Exchange (UNIX)

  • Allow Keyboard Interaction (UNIX)

Sectona PuTTY SSH sessions are not compatible with the Allow Keyboard Interaction setting.

Update Asset Security Settings in Bulk

Update the security settings such as Session Timeout, Clipboard, and File sharing of assets in bulk. You can go to Asset Management, from the Bulk Assets, select the Update Security Setting from the drop-down list. To update/change security settings details, follow the below steps:

  • Uncheck the default value checkbox

  • Tick the checkbox for the security fields you want to update and provide the updated value for those fields.\

  • Click on the Download Format link.

  • This will download an Excel sheet on your system.

  • Click on the Next button.

  • Open the Excel sheet and add details of the assets you want to update.

  • Copy the asset's data into the Excel sheet and paste it into the text box.

  • Click on the Next button.

  • Summary - Validate the data in the Summary section and click on the Finish button.

  • The security settings for all the assets mentioned in the Excel sheet will be updated with the current details.

Adding assets from discovery jobs

Login to the system and select PAM from the product navigator to be able to add Assets, Login to the system and select PAM from the product navigator, you can now set up new assets to be onboarded by going to the Manage → Discovery in the sidebar → Asset Discovery. Select Job Type.

While adding the information, select the Yes option under the Action heading for the Onboard Assets field.

You can check whether the assets are on-boarded by selecting the Discovery View option in the Manage section.

You will find a column named Vaulted on the screen.

If the value in the Vaulted column is Yes, then the asset is onboarded, and if the value is No, then the asset is not on-boarded. You can use onboard the asset by clicking on the Action icon and selecting the Onboard option. In the Last Discovered On column, you will get the date and timestamp when the assets were last discovered.

Adding additional security to assets

Asset Security Settings allow you to configure session-level controls and authentication preferences for individual assets. These settings help enforce security policies such as session timeout, clipboard restrictions, file transfer controls, MFA enforcement, and SSH authentication behavior.

Follow these steps to configure security settings for an asset:

  • Select PAM from the product navigator.

  • Navigate to Manage → Asset Management.

  • Click the relevant asset's Action icon to open the Security Settings tab, then select the required options below:

  • Session Lockout: Use this option to automatically lock active session after the selected timeout period. By default, the Global checkbox is selected; clear it to specify an asset-specific timeout.

  • Clipboard: Use this option to control copy and paste operations during the session. By default, the Default checkbox is selected; clear it and select Disable for All to block clipboard access.

  • Set the global session timeout at System → System Defaults → User Session Lockout (Minutes).

  • Configure default clipboard and file sharing permissions at Policies → User Access Policy → Manage Permissions.

  • File Sharing: Use this option to control file transfer between the local system and the target asset. By default, the Default checkbox is selected; clear it and select Disable for All to block file transfer.

  • Direct Access: Use this option to control whether users can connect directly to the asset. By default, the Default checkbox is selected; clear it and select Restrict to block direct access.

  • Enforce MFA for New Session: Use this option to require MFA when users start a new session. By default, the Default checkbox is selected; clear it and select Enforce to require MFA for every new session.

  • When enabled, the system prompts for MFA each time a user starts a new session with the asset.

  • When the user selects the Enforce option, the system requires MFA for any access to the asset.

  • Proxy Connection: Use this option to route connections through the configured session or web proxy. Select the Disable checkbox to bypass proxy routing.

If enabled, the session connects through the proxy server on port 22; if disabled, it connects directly to asset port.

  • AD Account Name Format (UNIX): Use this option to define the Active Directory account name format for UNIX authentication. By default, the Default checkbox is selected; clear it to enter a custom format.

  • Allow Unvaulted Account: Use this option to allow sessions using accounts that are not stored in the vault. By default, the Default checkbox is selected; clear it and select Allow to enable this option.

  • Remove Old Authorized SSH Keys (UNIX): Use this option to remove previously deployed SSH keys before adding new keys. By default, the Default checkbox is selected; clear it and select Remove to enable this behavior.

  • Preferred Host Key Algorithm (UNIX): Use this option to specify the host key algorithm used for SSH connections. Select the required algorithm from the dropdown list.

  • Use Legacy Group Exchange (UNIX): Use this option to enable legacy Diffie-Hellman group exchange methods for compatibility with older systems. Select Yes to enable it.

  • Allow Keyboard Interaction (UNIX): Use this option to enable keyboard-interactive authentication for UNIX-based systems. Select Yes to allow keyboard interaction.

  • Prefer Interactive Authentication (SSH): Use this option to configure interactive authentication as the preferred authentication method for SSH connections. Select Yes to prioritize interactive authentication during connection establishment.

  • Click the Save button.

Adding a new asset type 

  • Login to the system and select Platform Configuration from the product navigator and under the Plugins and Connectors section click on Asset Type.

  • Click on the "Asset type" in the sidebar.

  • Click on the "+Add Asset Type" button. A form will appear in front of you to fill in the credentials.

    • Asset category: Select one of the asset types from the drop-down list.

    • Asset type: Define a suitable name for the asset type.

    • Default port: The default port for the asset type should be provided.

  • Click the "Save" button, and your access type will be created.