- April 28, 2023: Vulnerability data & filters.
- November 3, 2022: UI optimized for Infrastructure [Beta].
- September 26, 2022: Notice for upcoming infrastructure UI optimization.
This is optimized for select users with access to the Infrastructure [Beta] page. Review the updates…
Assets are a subset of attributions. They are the machines that are deployed on the Internet by an organization and are identified by a single IP address, domain/hostname, or application.
Use the Assets tab to see assets attributed to your organization. You can also:
- See externally-facing infrastructure attributed to the organization.
- Select a particular asset to get findings that are associated with that asset.
- Sort by the total number of findings to see which asset has the most findings.
- Refer to asset importance for estimating the importance of the underlying IP or domain/host to the organization.
- Select a row to see asset attribution details.
Examples:
- IP/CIDR – An organization is assigned a /28 CIDR. That CIDR defines a set of 16 IP addresses that can be used by the organization. The organization assigns 10 of those IP addresses to machines. The 10 machines that are actually assigned with a public IP address are assets.
- Domain – The “example.com” attribute associates www.example.com, mail.example.com, wizard.secure-login.example.com as individual assets for a single organization.
- Application – A publisher’s mobile application offering, as depicted by the Mobile Application Security risk vector.
Fields
Field | Description | Filters |
---|---|---|
App Grade | A 0-10 severity scale for Mobile Application Security findings, with 10 being the most severe. | No |
Asset | The associated asset (IP address, CIDR block, or domain). | Search |
Asset Type | The type of asset. |
|
Country | The location of the asset using an IP geolocation database. Hostnames are located at the location connected with the IP address that they resolve to. Depending upon the information available to the location service, some locations are precise, others are defaulted to the geographic center of a country. | Geographic Area |
Evidence Certainty | The level of certainty that a vulnerability has been confirmed to exist and poses a risk. | Yes |
Findings | The number of findings in this asset. | No |
Hosting Provider | The hosting service provider. | Yes |
Identified Products | Identified service provider products. |
|
Importance | The importance of the underlying IP or domain/host to the organization. |
|
Material/Severe Findings | The number of material and severe findings in this asset. | No |
Originating Subsidiary | The organization or subsidiary attributed to this asset. | Yes |
Services | Services using a port. | Service name. See: |
Vulnerability | The name of this vulnerability, displayed as the CVE ID plus the colloquial name for the vulnerability if there is one. | Search |
Vulnerability Severity | The criticality of the vulnerability. | 0-10 CVSS v3 score. |
Additional Filters
Filter | Description | Values |
---|---|---|
Tag | Filter by infrastructure tags. |
|
Asset Details
Select an asset to view asset details, which are presented in the following tabs:
Details Tab
Select an asset and refer to the Details tab in the sheet to see the asset details.
- Asset Importance: See asset importance.
- Attribution: CIDR and source (regional internet registry or user provided).
- Service names. See:
- Location: The location of the asset using an IP geolocation database. Hostnames are located at the location connected with the IP address that they resolve to. Depending upon the information available to the location service, some locations are precise, others are defaulted to the geographic center of a country.
- Vulnerabilities: Preview of up to 5 of the most recent Vulnerabilities. Refer to the vulnerabilities displayed in the Vulnerabilities tab provide information on potential security risks associated with an asset, including the name, severity level, evidence certainty, and last seen date. Review this information to identify potential risks and take necessary measures to mitigate them.
Findings Tab
Select an asset and refer to the Findings tab in the sheet to see a list of the findings within this asset that are impacting the organization’s security rating.
Field | Description |
---|---|
Risk Vector | The associated risk vector. |
Last Seen | The date when this finding was most recently observed. |
Grade | The finding grade. |
Finding Severity | A measurement of the amount of risk that this finding introduces. See finding severity. |
Details | A description of this finding. |
Vulnerabilities Tab
Use this tab to view the vulnerabilities associated with an asset. It contains a list of vulnerabilities within the asset that may impact the organization’s security, including the following details:
- Name: The Common Vulnerabilities and Exposures (CVE) name for the vulnerability.
- Severity: The severity of the vulnerability based on the Common Vulnerability Scoring System (CVSS).
- Evidence Certainty: The level of certainty that the vulnerability has been confirmed to exist and poses a risk.
- Last Seen: The date when this vulnerability was most recently observed.
Select the name to see a description of the vulnerability or a row to see all the details associated with that vulnerability.