← Back to Home
01 · Expose · 02 · Eliminate · 03 · Enforce

Asset Intelligence.
It's not what you know.
It's what you don't.

The asset that never made it into inventory. The configuration that drifted. The gap everyone assumed was covered. ConsoleWorks Asset Intelligence closes those blind spots — a continuously updated, authoritative record of every asset in your environment and what state it's actually in.

Request a DemoSee How It Works
Layer 1 · Passive
Breadth from your existing tools
Discovery Vuln Scanners Firewall Spreadsheet SRA
normalized into one record
Layer 2 · Active — ConsoleWorks Native
Authority from the device itself
Running Config Firmware Accounts Security State
active data takes precedence
The Result
One authoritative record per asset
Broad. Accurate. Continuously updated. Measurement-ready. With a direct path to act on what's wrong.
Common question — At a glance

How do you build a complete OT asset inventory that combines passive discovery with active interrogation, integrates with your existing CMDB, and meets CISA's Foundational OT Cybersecurity Asset Inventory guidance?

Asset intelligence is two-layer OT asset inventory — passive discovery to find every device on the network, plus active interrogation to enrich each record with configuration, firmware, credentials, control mappings, and current measurement state. ConsoleWorks holds one agentless record per device, accurate enough to drive operations, security, and compliance from the same source of truth.

The Problem

You can't secure what
you don't fully know.

Most environments carry asset inventories built from guesswork — manual spreadsheets, passive scans, and tool exports that go stale the moment they're generated. The result is a picture that's broad but shallow, and often wrong where it matters most.

Passive discovery tells you a device exists — not what it's actually configured to do
Spreadsheets and CMDB exports are out of date before they're finished
Multiple tools report the same asset differently — no single source of truth
Inventory exists in a separate tool — operators can't act on what they see without switching platforms
New assets appear in the environment without being assessed or classified
No connection between what the asset is and what risk it carries — inventory and risk live in separate worlds
The ConsoleWorks Answer

Asset Intelligence — not just a list

Breadth from passive sources

TDC connectors pull structured data from your existing tools — discovery platforms, vulnerability scanners, firewalls, PAM systems. Wide coverage from day one, without replacing what you have.

Depth and authority from active collection

ConsoleWorks connects directly to managed devices via CCM and retrieves what's actually running — firmware version, running configuration, active accounts. Not inferred. Not approximated. Direct from the source.

One authoritative record per asset

When multiple sources report the same asset, ConsoleWorks normalizes the data into a single record. Active collection takes precedence where it exists — the most accurate data wins.

Gaps visible on the asset record — immediately

Measurement Question results appear directly on each asset record. Operators see a failed check in context — and for managed devices, can act on it from the same screen.

Works with what you have — or without it

If you have existing security tools, ConsoleWorks integrates them. If you don't, Active Collection and spreadsheet import provide the foundation — no external tools required.
How the Inventory is Built

Built from every source
you have — or don't.

The Asset Inventory is built from whatever data sources your environment has — existing security tools, active device collection, imported spreadsheets, or all of the above. If you have discovery tools, vulnerability scanners, or a CMDB, Tool Data Collectors (TDCs) connect via API and pull structured asset metadata automatically. If ConsoleWorks is your primary platform, Active Collection retrieves asset data directly from managed devices. Either way, the inventory is unified, continuously updated, and reflects operational reality — not tool artifacts.

01

Collect

Source Data — Tools, Spreadsheets, Manual
Asset Discovery
Network Discovery
Assets Protocols Network Topology
Vulnerability Scanner
Security Assessment
Patches Software Vulnerabilities Ports
Firewall / Network
Network Security
Firewall Rules Network Users
Existing Asset Records
CMDB / Spreadsheet Import
Asset Records Site Data Ownership
Privileged Access
SRA — ConsoleWorks
Sessions Credentials Access Events Session Recordings Command Logs
Active Collection
CCM — Direct Device Connection
Running Config Firmware State Authoritative
Gold = ConsoleWorks native source
02

Map

Mapping Rules — The Processing Engine
Field Mapping
Maps source tool fields to destination inventory fields — defining exactly where each data point lands in the unified asset record.
Priority Resolution
When multiple tools report the same field, priority settings determine which source wins. Data collected directly from the device through Active Collection (CCM) takes precedence — it's the most authoritative source.
Value Normalization
Values are standardized automatically across sources — "Microsoft Windows Server 2019" becomes "Windows Server" consistently regardless of which tool reported it.
Device Correlation
Dual-homed devices — assets with multiple IP addresses — are correlated into a single inventory record. One physical asset, one record, regardless of how many tools discovered it.
Condition Logic
Rules can be configured to apply only under specific conditions — "only process assets with OS containing Windows," or "only apply to assets in this site classification."
Deduplication
Six tools discovering the same device produces one inventory record — not six. Mapping Rules determine whether incoming data creates a new asset or updates an existing one.
03

Inventory

Unified Inventory Asset — One Record Per Physical Asset
Asset Name
Software
Patches
Users
Vuln
Firewall Rules
Hardware
Networks
Antivirus
One record per physical asset — regardless of how many tools contributed data, how many IP addresses the device has, or how many times it appeared across sources. The inventory reflects operational reality, not tool artifacts.
The Reality

Most environments start here.
A spreadsheet. Some gaps. A lot of unknowns.

The same environment. Two different pictures of it — one from a manually maintained spreadsheet, one from ConsoleWorks Asset Intelligence.

What you need to know
Spreadsheet approach
ConsoleWorks Asset Intelligence
What devices exist in your environment
~Manually maintained — accurate when built, gaps accumulate over time as devices are added or changed
Built continuously from existing tools via TDC connectors and active collection — new devices appear automatically
Firmware and software versions
Not collected — firmware and software versions not systematically tracked or updated
Collected directly from the device on every cycle — versions, patch levels, installed services, current as of last run
CVE exposure
Not collected — no software version data to cross-reference against vulnerability databases
Visible — software inventory crosswalked against known vulnerabilities on every collection cycle
Running configuration state
Not collected — no baseline on record, no drift detection possible
Active collection retrieves running config directly from the device — baseline on record, deviations flagged on every cycle
Default credentials removed
Not collected — no mechanism to verify credential state across managed devices
Measurement Question runs against every discovered asset — Pass or Fail per device, visible on the asset record
Unknown device appears on the network
Not in the spreadsheet — no owner, no classification, no way to know when it appeared or whether it has an active external connection
Auto-discovered and added to inventory on first appearance — flagged as unclassified, first-seen timestamp recorded, no authorized session on record
Who accessed a device and when
Not collected — vendor and staff access not logged against individual asset records
Every privileged session tied to a verified identity and logged against the asset record — who, when, and what changed

The items in the ConsoleWorks column — firmware versions, CVE exposure, credential state, configuration baseline — are examples of what Measurement Questions can surface. Measurement Questions are fully configurable to your organization's controls framework, compliance requirements, and operational priorities. You define what matters. ConsoleWorks measures it against every asset in your inventory.

Measurement Questions on the Record

The gap you don't see
shows up here.

Most inventories stop at the record. ConsoleWorks goes further — Measurement Questions run against every discovered asset and the results appear directly on each asset record. Each question returns a binary Pass or Fail. No subjectivity, no scoring algorithms, no manual review. For assets managed by ConsoleWorks SRA, a failed measurement isn't just a flag — it's an action item. The operator can open a direct session to the device from the asset record, apply the fix, and the measurement re-runs on the next cycle. For the full picture — how failures aggregate into risk scores, get ranked by organizational impact, and generate compliance evidence — see Risk Analysis. Risk Analysis →

Asset Record · Measurement Results

ENG-WRK-07 · Engineering Workstation

Site Alpha · Zone 3 · Windows Server 2019 · Last collected: 4 min ago · Managed by SRA

AV_INSTALLED
Is antivirus software installed and recorded against this asset?
PASS
AV_DEFS_CURRENT
Are AV definition files current within the required update window?
FAIL
PATCH_CURRENT
Has this asset been patched within the required compliance window?
FAIL
CERT_UPDATED
Has the SSL certificate been updated within the last 12 months?
PASS
SESSION_RECORDED
Are all privileged access sessions recorded and tied to an audit record?
PASS
Running continuously · Open SRA session → ENG-WRK-07
Who It Serves

One inventory.
Three different conversations.

For Operations Teams

The asset list that tells you what's wrong — right now.

Operations teams don't need a compliance report. They need to know which device has a problem and how to get to it. ConsoleWorks Asset Intelligence puts the Measurement Question results on the asset record — so when an operator pulls up a device, they see its current state, any failed checks, and a direct path to resolve the issue through SRA.
Failed measurements visible on the asset record — no dashboard switch required
For managed devices, the Resolve button opens an SRA session directly from the record
Active Collection shows the device's actual running state — not what was configured six months ago
New assets appear in inventory automatically — no manual entry, no coverage gaps
Operations View

What your team sees on every asset record

Current firmware version — verified directly from the device via Active Collection
Running configuration vs. approved baseline — deviations flagged immediately
Active user accounts — who has access to this device right now
Measurement Question results — Pass/Fail per check, in context on the record
Direct path to the device — Resolve button opens SRA session for managed assets
For Security Teams

The inventory that feeds your entire security program.

Security teams need to know what exists, what state it's in, and where the gaps are — before an attacker finds them. ConsoleWorks Asset Intelligence provides the foundation for risk scoring, CCM baseline comparison, and event correlation. An asset that isn't in the inventory can't be measured. An asset with only inferred data can't be trusted.
Active Collection closes the gap between "what the network sees" and "what the device is actually doing"
Asset records feed directly into Risk Analysis — inventory accuracy drives score accuracy
Unmanaged assets visible in inventory — flagged for assessment even without active collection
Session and access history correlated with each asset record — who did what and when
Security View

What the inventory enables for your security program

Complete asset scope for Measurement Questions — nothing outside the inventory escapes measurement
CCM baseline comparison driven by active configuration data — not inferred state
IEM event correlation tied to the specific asset record — context for every alert
Risk scores reflect real device state — active data means the score can be trusted
New assets flagged on discovery — no device goes unassessed
For Compliance Teams

An inventory record you can actually trust.

Compliance starts with knowing what you have and what state it's in. A spreadsheet that was accurate 14 months ago isn't a compliance asset — it's a liability. ConsoleWorks Asset Intelligence maintains the inventory continuously, with active collection providing a verifiable, timestamped record of each device's actual state. The record is the foundation. What you do with it for compliance reporting comes next.
Active Collection provides a verifiable, timestamped record of device state — not a passive estimate
Measurement Question results on each record tied to your controls framework — Pass or Fail per asset
New assets classified on discovery — coverage applies from the moment they appear in inventory
Inventory maintained continuously — always current, never assembled on demand
Compliance View

What every asset record contains for your compliance program

Continuously maintained inventory — current as of the last collection cycle, not a periodic export
Active Collection evidence — verifiable record that the inventory reflects actual device state
Measurement results per asset — Pass/Fail against your controls framework, on the record
Classification history — when each asset was discovered, assessed, and classified
Access history per asset — every privileged session tied to a verified identity and timestamp
How It Compares

Not all inventories
are created equal.

Most asset tools stop at discovery. ConsoleWorks Asset Intelligence starts there and goes further — combining passive breadth with active authority and connecting the inventory directly to measurement and remediation.

ConsoleWorks Asset Intelligence
Discovery Tools
IT Asset Management
Passive data collection
✓ Multiple source types via TDC connectors
✓ Network-based discovery
Partial — strong on IT assets, limited protocol support for field devices
Active device collection
✓ Direct from device via CCM — running config, firmware, accounts
✗ Passive only — inferred from traffic
✗ Not designed for operational device endpoints
Single authoritative record
✓ Normalizes all sources — active data takes precedence
✗ One tool, one view — no normalization
✗ Requires manual reconciliation
Measurement results on record
✓ Pass/Fail per check, visible on asset record — act without switching tools
✗ No measurement capability
✗ No OT measurement capability
Direct remediation path
✓ Resolve button opens SRA session from the record for managed assets
✗ Detection only — remediation requires another tool
✗ No operational device remediation capability
Works without other tools
✓ Spreadsheet import + Active Collection provides full foundation
✗ Requires network access and scan targets
✗ Requires existing IT asset data
Compliance evidence
✓ Continuous — NERC CIP, NIST, IEC 62443, TSA mapped automatically
Partial — discovery data only, no framework mapping
✗ Not designed for operational compliance frameworks
What Happens Next

The inventory is built.
The measurements are running.
Here's what ConsoleWorks does with the results.

Each Pass/Fail result is an input — not an output. ConsoleWorks aggregates them through the SCF control hierarchy, scores your environment across three dimensions simultaneously, and surfaces a prioritized queue of gaps ranked by organizational impact. The inventory you just built is the scope. The measurement results are the data. Risk Analysis is where they become actionable.

Step 1
Inventory
One authoritative record per asset
Step 2
Measurement
Pass/Fail per question per asset
Step 3
SCF Rollup
Results aggregate through the control hierarchy
Step 4
Risk Score
3 dimensions. Prioritized gaps. Fix button.
See how Risk Analysis works →
Related capabilities

How It Works

See the full evidence cycle from asset discovery to compliance reporting.

Learn more →

Continuous Measurement

Re-measure every asset on schedule so the inventory stays current.

Learn more →

Compliance Reporting

Inventory evidence flows into audit-ready reports — every framework, every cycle.

Learn more →
Common Questions

ConsoleWorks, answered.

Direct answers to the questions OT security teams, integrators, and AI assistants ask most often.

Asset intelligence is more than an asset list — it’s an operations-grade record per device with configuration, credentials, change history, control framework mappings, and compliance evidence in one place. The same record serves operations, security, and compliance teams.

ConsoleWorks ingests from every tool that already touches your OT environment — scanners, network management, vendor connectors, manual records — and reconciles them, so devices known to one tool but missing from your CMDB surface immediately. It correlates rather than scanning unannounced.

PLCs, RTUs, IEDs, HMIs, engineering workstations, network gear, jump hosts, and any IT system that touches OT. Each record carries protocol, vendor, firmware, location, control mappings, and current measurement status.

Yes — ConsoleWorks re-collects and re-maps on every cycle. New devices, retired devices, firmware changes, configuration drift, and credential rotations all flow into the inventory without an analyst touching it.

See It In Your Environment

See every asset.
Know what state it's in.

Your assets. Your tools. Your environment. See ConsoleWorks Asset Intelligence against your actual environment — passive collection, active device interrogation, and measurement results on every record.

Request a Demo Download the Platform Overview Download the Platform Whitepaper