Network topology: see the map behind the assets
Subtitle: Discovery, segments, and posture — correlated with agents and identity.
Endpoints do not float in vacuum. Network topology in Dual-Strike XISEM visualizes how assets connect: sites, VLANs, gateways, VPN paths, and discovered neighbors — correlated with agent inventory and identity sessions.
Route: /network · Support wiki → Network topology & discovery
Evidence sources for topology
SourceContribution XISEM agentLocal adapters, routes, DNS, peer discovery Network device infeedsFortinet, UniFi, Meraki-class integrations (per wiki) Identity locationOffice / home / unknown classification Manual site tagsClient org site definitions
Platform layer interprets harvester and integration evidence — it does not scan the network independently of collectors.
Operator use cases
Incident scope — “What subnet was this laptop on when detection fired?”
Segmentation audit — server VLAN reachable from guest Wi-Fi?
Asset context — Asset modal shows network attachment alongside ASPIRE
Compliance — network boundary controls (NIST SC family, PCI segmentation)
MSP workflow
Deploy agents to representative sites (HQ, branch, remote)
Connect firewall/switch integration where client owns supported gear
Review topology graph for orphan nodes (discovered but not managed)
Align orphan list with Inventory onboarding campaign
Limitations (honest)
Cloud-only workloads may appear as identity + SaaS signals rather than L2 map
Remote workers often show home/unknown location class — pair with Browsing Insights
Discovery depth depends on agent and integration coverage — not a replacement for dedicated NDR (roadmap items public on wiki)
Related: ASPIRE Environment pillar · CVE correlation post
No internal scan schedules or credential storage details — configure integrations in-console.

