The Asset modal: your investigative console
Subtitle: Timelines, matrices, and narratives — built for analysts, auditors, and engineers.
Dual-Strike XISEM UI philosophy: intelligence surfaces, not alert engines. The Asset modal is the clearest expression of that — a single-device (or single-identity) console where evidence converges before anyone opens a PSA ticket.
What opens when you click an asset
SurfacePurpose OverviewASPIRE grade, last seen, agent version, location class TimelineCorrelated events — agent, browser, identity, detections Extension HealthPer-browser status, last session, idle vs stale tiers MatricesPosture and CA evaluation snapshots ComplianceControl mappings tied to this asset’s evidence PivotsJump to user, related detections, browsing sessions
No tab is a standalone “warning light.” Each is evidence with context.
Investigation flow (example)
Scenario: Shadow AI detection on a sales laptop.
Threat Center → open detection → pivot to Asset modal
Timeline shows browser sessions to unsanctioned AI tool before EDR saw anything
Extension Health confirms Edge reporting (not a coverage gap)
Identity tab links Entra user for CA policy review
Create PSA ticket with evidence summary pre-filled
After remediation, close ticket — status syncs back
Who uses it
SOC analysts — first stop after alert triage
vCISOs — QBR screenshots (redact client names)
Auditors — control evidence drill-down
Engineers — agent version, harvest gaps, extension deploy issues
Capture tips for your runbooks
When documenting client procedures, screenshot Overview + Timeline with:
Client display name redacted or replaced with “Demo Org”
User emails hashed or removed
Real hostnames replaced with
CLIENT-WS-###pattern
We ship demo-style illustrations in this newsletter; your Substack posts can swap in live redacted captures.
Route: Inventory → any managed asset → opens modal
Related: ASPIRE scoring post · Browsing Insights field guide
Platform layer interprets harvester evidence — the modal never fabricates telemetry.

