Infrastructure: Assets Ingrid The Assets tab in the Infrastructure page [ Attack Surface ➔ Infrastructure ➔ Assets] in the Security Posture Management application shows assets that are attributed to your organization. It provides a detailed view by listing individual IP addresses and specific subdomains.Why do assets appear and disappear? Only actively observed IP addresses are presented. Assets may temporarily disappear from the Assets tab if asset importance (which is recalculated daily based on system usage, sensitivity, and other factors) is of lower-importance. Use the Assets tab to: See externally-facing infrastructure attributed to the organization. Select a particular asset to get findings that are associated with that asset. Sort by the total number of findings to see which asset has the most findings. Refer to asset importance for estimating the importance of the underlying IP or domain/host to the organization. Select a row to see asset attribution details. Actions Fields Filters Bitsight Filter Sets Asset Details Actions Infrastructure Tags Apply infrastructure tags. Instructions: Hover over the asset. Select Tag Infrastructure ( or ). Select tags from the Select Tags dropdown. Select Confirm Changes. Select Save Changes. See the Bitsight API. Bulk Actions The bulk actions include: Tag Update Importance View Findings Instructions: Select assets to edit with the Checkmark on the left. Select the action to apply to the selected assets. Download Assets Data (.csv) Instructions: Select Download CSV at the top-right of the table. Filter the Data Instructions: Use the filters on the left. Toggle View Toggle the view of the data. Instructions: Select the Table or Map options at the top-right of the table. Fields App Grade A 0-10 severity scale for Mobile Application Security findings, with 10 being the most severe. Asset The associated asset (IP address, CIDR block, or domain). Asset Type The type of asset. Cloud Platform The cloud provider identified for the asset (e.g., AWS, Azure, GCP) Cloud Services Cloud-native services used (e.g., S3, EC2, CloudFront), derived from platform Cloud Region Geographic cloud region of the asset, if available (e.g., us-east-1, eu-west-2) Country The location of the asset using an IP geolocation database. Hostnames are located at the location connected with the IP address that they resolve to. Depending upon the information available to the location service, some locations are precise, others are defaulted to the geographic center of a country. Findings (Impacts RV Grade) The number of findings in this asset. Grace Period There is a 60-day grace period when company-provided assets are added to infrastructure. The findings from the added infrastructure do not impact grading. Grace Period End Date The date the grace period for the infrastructure ends. Hosting Organization The hosting service provider. Identified Products Identified service provider products. See products by business function. Importance The importance of the underlying IP or domain/host to the organization. Material/Severe Findings (Impacts RV Grade) The number of material and severe findings in this asset. Originating Subsidiary The organization or subsidiary attributed to this asset. Network Services Services using a port. Tags Infrastructure tags assigned to the asset. Filters Asset Importance Filter by asset importance. Filter Values: Critical High Medium Low None Asset Type Filter by the type of asset. Filter Values: IP Address Domain Android iOS Cloud Platform Filter by the cloud provider identified for the asset. Filter Values: AWS Azure GCP (not an exhaustive list) Cloud Services Filter by cloud-native services used, derived from the cloud platform. Filter Values: S3 EC2 CloudFront (not an exhaustive list) Cloud Region Filter by the geographic cloud region of the asset, if available. Filter Values: us-east-1 eu-west-2 (not an exhaustive list) Geographic Area Filter by geographic area. Filter Values: Area name. Grace Period Filter by Impacts Risk Vector Grade with a No: Grace Period status. Filter Values: Yes No Grace Period End Date Filter by grace period end dates within a specified date range. Filter Values: Start Date End Date Hosting Organization Filter by the hosting service provider. Filter Values: Provider name. Identified Products Filter by products. Filter Values: Product name. See business functions. Importance Origin Filter by how asset importance was determined. Filter Values: Only User Importance Only Calculated Importance Number of Findings Filter by the number of findings. Filter Values: A minimum and maximum number of findings. Originating Subsidiary Filter by the organization or subsidiary attributed to the asset. Filter Values: Company name. Product Support Filter by product support status. Filter Values: Unsupported Supported Unspecified Network Services Filter by the service running on the device. Filter Values: Service name. See: Finding Messages (detected services, typical services, potentially vulnerable) IANA Service Name and Transport Protocol Port Number Registry Tag Filter by infrastructure tags. Filter Values: Public Private No Tags Vulnerability Filter by vulnerability. Filter Values: Vulnerability name or CVE ID. Vulnerability Evidence Certainty Filter by the level of certainty that a vulnerability has been confirmed to exist and poses a risk. Filter Values: See evidence certainty. Vulnerability Evidence Detection Filter by vulnerability that are currently or were previously detected. Filter Values: Currently Previously Vulnerability Severity Filter by the criticality of the vulnerability. Filter Values: 0-10 CVSS v3 score. Bitsight Filter SetsWe recommend including the name of the company associated with the findings in your filter set name when creating a filter set from an existing filter set so that it is easily discoverable (e.g., Company Name - Assets_group). Assets with unsupported products Product Support Unsupported Currently confirmed exposure Vulnerability Evidence Certainty Confirmed Vulnerability Evidence Detection Exposure OT Assets Service We use these services as strong indicators that an asset belongs to an OT environment. Monitor power and storage tanks: APCUPSD, AUTOMATED-TANK-GAUGE Building automation, managing heating, lighting, and ventilation: BACNET, KNX Industrial control protocols commonly used in SCADA systems and programmable logic controllers: CODESYS, CODESYS-V3, DNP3, MODBUS, ETHERNETIP In the energy sector, to support communication between substations and control systems: IEC-104, IEC-61850, IEC-61850-MMS Network device services revealing the use of serial-to-Ethernet converters connecting older industrial devices: LANTRONIX, MOXA-NPORT Interoperability between different industrial systems, another OT hallmark: OPC-UA Found in automation and energy management infrastructures: S7, FOX, ION, SECURE-FOX, SECURE-ION If none of the OT-related services are found on the attack surface, the OT Assets filter will show “No OT assets found” because no results match the filter.Asset DetailsSelect an asset to view asset details, which are presented in the following tabs: Details Tab Findings Tab Vulnerabilities Tab Details TabSelect an asset and refer to the Details tab in the sheet to see the asset details. Asset Importance: See asset importance. Attribution: CIDR and source (regional internet registry or user provided). Cloud: Shows key cloud details for each asset, including its provider, specific services in use, and geographic region, giving clearer visibility into where and how the asset is hosted. Service names. See: Finding Messages (detected services, typical services, potentially vulnerable) IANA Service Name and Transport Protocol Port Number Registry Location: The location of the asset using an IP geolocation database. Hostnames are located at the location connected with the IP address that they resolve to. Depending upon the information available to the location service, some locations are precise, others are defaulted to the geographic center of a country. Vulnerabilities: Preview of up to 5 of the most recent Vulnerabilities. Refer to the vulnerabilities displayed in the Vulnerabilities tab provide information on potential security risks associated with an asset, including the name, severity level, evidence certainty, and last seen date. Review this information to identify potential risks and take necessary measures to mitigate them. Findings TabSelect an asset and refer to the Findings tab in the sheet to see a list of the findings within this asset that are impacting the organization’s security rating. [Date] Last Seen The date when this finding was most recently observed. Details A description of this finding. Finding Severity A measurement of the amount of risk that this finding introduces. See finding severity. Grade The finding grade. Risk Vector The associated risk vector. Select the Next button at the top-right to see a pre-filtered version of the organization’s findings that are associated with the viewed asset with additional finding details.Vulnerabilities TabUse this tab to view the vulnerabilities associated with an asset. It contains a list of vulnerabilities within the asset that may impact the organization’s security, including the following details: [Date] Last Seen The date when this vulnerability was most recently observed. Evidence Certainty The level of certainty that the vulnerability has been confirmed to exist and poses a risk. Name The Common Vulnerabilities and Exposures (CVE) name for the vulnerability. Severity The severity of the vulnerability based on the Common Vulnerability Scoring System (CVSS). Select the name to see a description of the vulnerability or a row to see all the details associated with that vulnerability. March 24, 2026: Security Posture Management rebrand. October 30, 2025: Added OT Assets filter. June 26, 2025: Infrastructure tag API. February 21, 2025: Added Grace Period End Date field and filter. February 6, 2025: Listed available Bitsight filter sets, migrated from Filter Sets. Related articles Attack Surface: Infrastructure Infrastructure: Attribution Asset Importance Infrastructure Management Updating IP Registration Feedback 0 comments Please sign in to leave a comment.