To manage risks we have to Identify the assets at scope and SIEM is a perfect technology to achieve this milestone. Asset Identification Framework (AIF) is a turn-key use case that monitors network connections to automatically discover and categorize assets into service categories such as DNS, Database, Authentication servers, VMware hypervisors, etc. Gathered data is useful to populate SIEM Asset & Network model, correlate with CMDB to identify gaps and compare with discovery scans by VM tools. AIF supports servers that fulfill multiple service roles. This is useful starting Identification point for any SOC, a basic component to compliance and threat-centric cases and foundation to continuous asset and risk monitoring.
For more info - please, check https://my.socprime.com/en/integrations/asset-identification-framework-kibana