---
title: "Using the inventory"
---

The [inventory](https://console.runzero.com/inventory) page is the heart of runZero Network Discovery and the key to understanding what is on your network. The ((inventory)) displays all ((assets)) within the Organization and can be sorted, filtered, and exported to obtain specific views of the environment. 

## Understanding assets

An [asset](docs/understanding-assets.md) within runZero is defined as a unique network entity. Assets may have multiple ((IP addresses)) and ((MAC addresses)) and these addresses may change as the environment is updated. runZero tracks assets based on several heuristics, including MAC address, IP address, ((hostnames)), and ((fingerprint results)) for the ((operating system)) and running ((services)).

In most cases, runZero can accurately follow assets over time in environments using ((DHCP)), even across remote ((subnets)). For external networks, scans that are initiated with fully qualified hostnames will consolidate assets based on the hostname, which allows for consistent asset tracking for cloud-based external systems with dynamic IP addresses.

Within an organization, assets are isolated by ((site)), and each site can have address space that overlaps with other sites. Sorting the Inventory view based on the site column can help in these scenarios, as can filtering the Inventory based on a specific site name.

The ((search)) field allows the inventory to be filtered based on the specified criteria. Please see the [search query syntax](docs/search-query-syntax.md) documentation for specific details.

In addition to viewing assets, the Inventory page provides [data export](docs/exporting-asset-data.md) functionality, along with the ability to select assets, and specify the comments field. The _Rescan_ action can be used to selectively rescan specific systems from the inventory, while the _Remove Assets_ and _Purge Assets_ can be used to permanently remove data from the inventory view.

The _Reports_ button provides quick access to key reports from the runZero [reports page](docs/reviewing-results.md#reports).

## Loading assets

Data is loaded into the inventory using the **Scan** and **Import** buttons.  The results are analyzed and merged, updating asset information as necessary.

The **Scan** button has two options: Standard Scan and Full RFC 1918 Discovery. The latter is an easy way to set up a fast scan of all private range IP addresses. You can then use the [coverage reports](docs/coverage-reports.md) to check for assets in unexpected private address ranges.

The **Import** button has two options. Importing runZero scan data allows you to import data. This means you can scan networks that have no connectivity to the internet, and still view the results in the runZero console. It's also useful for reprocessing old scan data so that you can use the [site compare](docs/site-comparison-report.md) feature to see how assets have changed over time.

### Bulk asset update

The ((bulk asset update)) feature allows you to modify assets by [exporting a CSV](docs/exporting-asset-data.md) using the **Export** button, making changes to the data in a spreadsheet program or text editor, and then importing the result back into runZero with the **Import** button. This feature will update existing assets that have a matching `id` value in the organization.

The fields listed below can be updated through the bulk asset update:
* Type
* Operating system
* OS version
* Hardware
* Comments
* Tags
* Owner
* Names
* Domains

The `type`, `os`, `os_version`, and `hardware` fields only accept a single value. The `comments`, `tags`, `owner`, `names`, and `domains` fields each accept multiple values, and a space-delimited list of `field=value` pairs is the standard syntax. The `tags` field can also be specified without `tag=` as just a space-delimited list of values.

Only modifications to the `tags`, `comments`, and `owners` fields will be retained through subsequent scans, any changes to the other supported fields will be overwritten by the latest scan data.

## Connecting to other systems

<!-- licenses: community, platform -->

The **((Connect))** button lets you connect runZero to other systems. The [integrations](docs/integrations-inbound.md) you're able to connect depends on your license level, but may include tools like cloud and viritualization platforms, endpoint protection solutions, identity and access management tools, and vulnerability and risk platforms. These inbound integrations can also be configured as [scan probes](docs/integrations-inbound.md#integration-probe-connector) if required.

## Viewing ((services))

The Inventory page has a submenu labeled _Services_. This changes the table of data from an asset-focused view to a service-focused view. For each asset, you will see one row for each service runZero detected.

Like the main asset view, the services view has a full search interface. You can filter services by protocol, port, and [many other criteria](search-query-services.md), using the [runZero search language](search-query-syntax.md).

## Viewing ((screenshots))

If the runZero Explorer has access to Google Chrome, it will attempt to take screenshots of web pages it finds while scanning your network. (This feature can be disabled in the scan options when setting up the scan.)

You can view the screenshots for all of your assets via the _Screenshots_ submenu, and click through to the asset records for full details.

## Viewing ((software))

The inventory page has a submenu labeled _Software_. This flips the table of data from an asset-focused view to a software-focused view. For each asset, you will see one row for each software detected by runZero or a supported integration.

Like the main asset view, the software view has a full search interface. You can filter software by vendor, product, and [many other criteria](search-query-software-groups.md), using the [runZero search language](search-query-syntax.md).

## Viewing ((vulnerabilities))

The inventory page has a submenu labeled _Vulnerabilities_. This flips the table of data from an asset-focused view to a vulnerability-focused view. For each asset, you will see one row for each vulnerability detected by a supported integration.

Like the main asset view, the vulnerability view has a full search interface. You can filter vulnerabilities by CVSS score, name, CVE, and [many other criteria](search-query-vulnerabilities.md), using the [runZero search language](search-query-syntax.md).

## Viewing ((certificates))

The _Certificates_ submenu provides a searchable, sortable [certificates inventory](certificates-inventory.md) of all of the encryption certificates the runZero Explorer encountered while scanning.

Like the other views, the certificates view has a search interface and can be sorted.

## Viewing ((wireless networks))

If the machine running the runZero Explorer has a working ((WiFi)) adapter and appropriate system tools installed, the Explorer will attempt to scan for nearby wireless networks. The _Wireless_ submenu will show the results of the scan.

The tools required are:
 - Windows: `netsh.exe` (part of modern Windows releases)
 - macOS: Airport Utility
 - Linux: `iwlist`, often available via the `wireless-tools` package.

## Viewing ((users)) and ((groups))

The inventory pages for users and groups contain data imported from ((directory services)) such as Active Directory. The ((user directory)) and ((group directory)) can be populated using third party integrations listed under _Directory services_ in the _Integrate_ drop-down menu.