Asset Object
Assets are stored at the client level, and only the single doc_type value of "client_asset" exists in the database. An asset can exist as a standalone file added for a client through the Clients module or associated with a finding referred to as an affected asset.
An affected asset refers to a client_asset object with extra properties stored on the finding object. Although it doesn't have its own type or location in the database, it can still be considered a real object since it is technically distinct and exists within the finding object.
Asset Table
The following table explains the fields and data types stored for an asset. Fields are presented in alphabetical order by object field name.
The only required field when creating an asset is the asset name.
| object field name | description | data type |
|---|---|---|
asset | name of asset | string |
assetCriticality | value capturing the asset criticality that must be one of five provided values | string from list: "Critical", "High", "Medium", "Low", "Information" |
assignedTo | email of user vulnerability is assigned to | string |
child_assets | assets identified as belonging to this asset | dict {asset str: UUID of asset, dict {CHILD ASSET Object} |
client_id | client that the asset belongs to | integer |
closedAt | time vulnerability was closed | integer in epoch milliseconds, such as "1661376746781" |
created | when asset was created | string: Zulu date time format, such as "2022-05-20T20:43:59.405Z" |
createdAt | when asset was created | integer in epoch milliseconds, such as "1661376746781" |
data_owner | name of owner | string (defaults to "Data Owner") |
description | description of asset | string |
dns_name | name of dns | string (defaults to "DNS Name") |
doc_type | field in database to identify object | string |
evidence | evidence ID of vulnerability | array string UUID |
findings | list of findings that the asset is associated with and is autogenerated to record the relationship between the finding and asset | dict {int: id of finding: dict {VULNERABILITY Object} |
host_fqdn | fully qualified domain name of host | string |
host_rdns | reverse Domain Name System of host | string, such as "216.58.211.142" |
hostname | hostname | string |
instances | instances of vulnerability | string: report id value: "report_id": int, "report_severity": str: ["Critical", "High", "Medium", "Low", "Information"], "report_status": str: ["Open", "In Process", "Closed"], "report_flaw_title": str, "createdAt": int: epoch milliseconds, "updatedAt": int: epoch milliseconds |
id | asset unique identifier | string: UUID |
knownIps | string array | |
locationUrl | url of related vulnerability | string |
mac_address | media access control address unique identifier | string |
netbios_name | 16-byte name for a networking service or function on a machine running Microsoft Windows Server | string |
notes | any added notes to asset | string |
operating_system | operating system related to asset | string array |
parent_asset | asset ID of parent asset | dict {ASSET Object} |
pci_status | PCI compliance status | string: "pass" or "fail" |
physical_location | physical location of asset | string |
ports | known ports | dict { str: value of number: { "number": str, "service": str, "protocol": str, "version": str } |
reopenedAt | when vulnerability was reopened | integer (defaults to "null") |
report_id | ID of report that vulnerability is associated with | integer |
severity | severity of vulnerability that must be one of five provided values | string from list: "Critical", "High", "Medium", "Low", "Information" |
status | status of vulnerability | string: "Open", "In Process", "Closed" |
subStatus | substatus of vulnerability | string |
system_owner | owner of system | string (defaults to "System Owner") |
tags | any tags associated with an asset | string array |
title | title of vulnerability | string |
total_cves | total CVEs score | integer |
type | asset type that must be a specific value | string: "Server", "Workstation", "Network Device", "Application", "General" |
updatedAt | date and time when asset was updated | integer in epoch milliseconds |
vulnerableParameters | parameters of vulnerability | list {"id": str, "text": str} |
Client Asset Structure
Client assets are lower-level objects containing information about an asset or application. They contain some finding information in the form of a vulnerability[link].
Client assets contain the data related to the specific physical machine or web application represented and relational information about which findings they are affected by.
Every client asset object has the findings field. For each finding affecting the client asset, an object in that field's list contains information about the finding in a specific report and additional metadata showing how the client asset relates to the finding.
Objects stored in findings contain additional relational metadata for vulnerability objects.
Child Asset Structure
The child asset contains a subset of the related client asset's information.
Affected Asset Structure
Affected assets are not objects with their own database type but a value stored in the affected_assets field of a finding object. It contains information about a client asset being affected and relational metadata about the finding and client asset.
An affected asset object on a finding will have a subset of fields compared to the client asset with the same ID. Some additional fields exist that only make sense when the finding and client asset are viewed together, such as the date the finding started affecting the client asset, the affected ports, location access to vulnerability, vulnerable parameters, and evidence of the affection.
Affected assets are very similar to Vulnerabilities, but the rules and validations defining them differ.
Last updated
