LogoLogo
API DocumentationIntegrationsPlexTrac.com
  • Product Documentation
    • Using This Site
    • Security Advisories
    • Deployment and Maintenance Policy
    • Supported Applications
  • PlexTrac Modules
    • Dashboard
    • Clients
      • Clients Components
      • Creating a Client
      • Managing Clients
      • Managing Client Users
      • Adding Assets to a Client
      • Managing Assets
    • Schedule
      • Schedule Components
      • Creating an Engagement
      • Requesting an Engagement
      • Managing Engagements
      • Engagement Status
    • Assessments
      • Assessment Components
      • Managing Questionnaires
      • Starting an Assessment
      • Taking an Assessment
      • Reviewing an Assessment
      • Submitting an Assessment
    • Reports
      • Report Components
      • Creating a Report
      • Adding from NarrativesDB
      • Editing a Report
      • Using Short Codes in Reports
      • Findings
        • Creating a Finding
        • Collaborative Editing
        • Importing Findings from a File
        • CSV Findings Templates
          • Using Report Findings CSV Template
        • Importing Findings via an Integration
        • Importing Findings from WriteupsDB
        • Finding Status
        • Creating Jira Tickets
        • CVSS Scoring
        • Affected Assets
      • Importing a Report
      • Exporting a Report
    • Priorities
      • Priorities Components
      • Creating a Priority
      • Linking Findings and Assets
      • Managing Priorities
      • Priorities Metrics
    • Content Library
      • Types of Repositories
      • NarrativesDB
        • NarrativesDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Managing Sections
        • Creating a Section
      • WriteupsDB
        • WriteupsDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Creating a Writeup
        • Copying a Writeup
        • Adding to a Report
        • Importing via CSV Template
      • RunbooksDB
        • RunbooksDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Creating a Procedure
        • Creating a Technique
        • Creating a Tactic
        • Creating a Methodology
    • Analytics
      • Findings
      • Assets
      • Runbooks
      • Trends & SLAs
    • Runbooks
      • Managing Engagements
        • Starting an Engagement
        • Submitting an Engagement
      • Managing Test Plans
        • Creating a Test Plan
        • Exporting a Test Plan
  • Tenant Management
    • Account Management
      • Profile (Personal Settings)
        • Managing User Profile
        • Managing Password
        • Setting Up Two-Factor Authentication
      • Account Admin
        • Tenant Settings
          • Account Information
          • General Settings
          • Email Settings
          • Tags Settings
          • Service-Level Agreements (SLAs)
          • Short Codes
        • Customizations
          • Layouts
          • Templates
            • Report Templates
            • Export Templates
            • Style Guides
          • Theme
        • Automations
          • Risk Scoring
            • Creating Equations
            • Managing Priority Equations
          • Parser Actions
        • Integrations & Webhooks
          • Integrations (API)
            • Cobalt
            • Edgescan
            • HackerOne
            • Jira
            • ServiceNow
            • Tenable Vulnerability Management
            • Tenable Security Center
          • Webhooks
        • Security & User Management
          • Audit Log
          • Security
            • Authentication Methods
              • OAuth/OpenID Setup
                • Microsoft Entra ID
                • Google OAuth
                • Okta
                • OpenID Connect
              • SAML Setup
            • General Authentication Settings
            • Authorization
            • Role Based Access (RBAC)
              • Custom Roles
            • Classification Tiers
          • Users
            • Adding Users
            • Managing Users
        • Licensing
          • Licensing
          • Priorities
          • Plex AI
            • Using AI
        • White Labeling
      • Help Center
      • Logout
    • Integrations and File Imports
      • Acunetix
      • BlindSPOT
      • Burp Suite
      • Checkmarx
      • Core Impact
      • HCL AppScan
      • Invicti
      • Nessus
      • Nexpose
      • Nipper
      • Nmap (Assets)
      • Nmap Vulners NSE
      • Nodeware
      • NodeZero
      • OpenVAS
      • OWASP ZAP
      • Pentera
      • Qualys (VM Parser)
      • Qualys (Web App Scanner)
      • RapidFire
      • Scythe
      • Veracode
  • API Documentation
    • Overview
    • Concept Definitions
    • Getting Started
    • Retrieving Parameter IDs
    • Object Structures
      • Client Object
      • Report Object
      • Finding Object
      • Asset Object
      • Evidence Object
    • Use Cases
    • API Change Policy
      • API Change Log
    • Webhooks
      • Webhook Payload Structure
      • Verifying Sender Requests
Powered by GitBook

Resources

  • Privacy Policy
  • Terms of Use
  • Vulnerability Policy

© 2025 PlexTrac, Inc. All rights reserved.

On this page
  • Asset Table
  • Client Asset Structure
  • Child Asset Structure
  • Affected Asset Structure

Was this helpful?

Export as PDF
  1. API Documentation
  2. Object Structures

Asset Object

PreviousFinding ObjectNextEvidence Object

Last updated 1 year ago

Was this helpful?

Assets are stored at the client level, and only the single doc_type value of "client_asset" exists in the database. An asset can exist as a standalone file added for a client through the Clients module or associated with a finding referred to as an affected asset.

An affected asset refers to a client_asset object with extra properties stored on the finding object. Although it doesn't have its own type or location in the database, it can still be considered a real object since it is technically distinct and exists within the finding object.

Asset Table

The following table explains the fields and data types stored for an asset. Fields are presented in alphabetical order by object field name.

The only required field when creating an asset is the asset name.

object field name
description
data type

asset

name of asset

string

assetCriticality

value capturing the asset criticality that must be one of five provided values

string from list: "Critical", "High", "Medium", "Low", "Information"

assignedTo

email of user vulnerability is assigned to

string

child_assets

assets identified as belonging to this asset

dict {asset str: UUID of asset, dict {CHILD ASSET Object}

client_id

client that the asset belongs to

integer

closedAt

time vulnerability was closed

integer in epoch milliseconds, such as "1661376746781"

created

when asset was created

string: Zulu date time format, such as "2022-05-20T20:43:59.405Z"

createdAt

when asset was created

integer in epoch milliseconds, such as "1661376746781"

data_owner

name of owner

string (defaults to "Data Owner")

description

description of asset

string

dns_name

name of dns

string (defaults to "DNS Name")

doc_type

field in database to identify object

string

evidence

evidence ID of vulnerability

array string UUID

findings

list of findings that the asset is associated with and is autogenerated to record the relationship between the finding and asset

dict {int: id of finding: dict {VULNERABILITY Object}

host_fqdn

fully qualified domain name of host

string

host_rdns

reverse Domain Name System of host

string, such as "216.58.211.142"

hostname

hostname

string

instances

instances of vulnerability

string: report id value: "report_id": int, "report_severity": str: ["Critical", "High", "Medium", "Low", "Information"], "report_status": str: ["Open", "In Process", "Closed"], "report_flaw_title": str, "createdAt": int: epoch milliseconds, "updatedAt": int: epoch milliseconds

id

asset unique identifier

string: UUID

knownIps

string array

locationUrl

url of related vulnerability

string

mac_address

media access control address unique identifier

string

netbios_name

16-byte name for a networking service or function on a machine running Microsoft Windows Server

string

notes

any added notes to asset

string

operating_system

operating system related to asset

string array

parent_asset

asset ID of parent asset

dict {ASSET Object}

pci_status

PCI compliance status

string: "pass" or "fail"

physical_location

physical location of asset

string

ports

known ports

dict { str: value of number: { "number": str, "service": str, "protocol": str, "version": str }

reopenedAt

when vulnerability was reopened

integer (defaults to "null")

report_id

ID of report that vulnerability is associated with

integer

severity

severity of vulnerability that must be one of five provided values

string from list: "Critical", "High", "Medium", "Low", "Information"

status

status of vulnerability

string: "Open", "In Process", "Closed"

subStatus

substatus of vulnerability

string

system_owner

owner of system

string (defaults to "System Owner")

tags

any tags associated with an asset

string array

title

title of vulnerability

string

total_cves

total CVEs score

integer

type

asset type that must be a specific value

string: "Server", "Workstation", "Network Device", "Application", "General"

updatedAt

date and time when asset was updated

integer in epoch milliseconds

vulnerableParameters

parameters of vulnerability

list {"id": str, "text": str}

Client Asset Structure

Client assets are lower-level objects containing information about an asset or application. They contain some finding information in the form of a vulnerability[link].

Client assets contain the data related to the specific physical machine or web application represented and relational information about which findings they are affected by.

Every client asset object has the findings field. For each finding affecting the client asset, an object in that field's list contains information about the finding in a specific report and additional metadata showing how the client asset relates to the finding.

Objects stored in findings contain additional relational metadata for vulnerability objects.

Child Asset Structure

The child asset contains a subset of the related client asset's information.

Affected Asset Structure

Affected assets are not objects with their own database type but a value stored in the affected_assets field of a finding object. It contains information about a client asset being affected and relational metadata about the finding and client asset.

An affected asset object on a finding will have a subset of fields compared to the client asset with the same ID. Some additional fields exist that only make sense when the finding and client asset are viewed together, such as the date the finding started affecting the client asset, the affected ports, location access to vulnerability, vulnerable parameters, and evidence of the affection.

Affected assets are very similar to Vulnerabilities, but the rules and validations defining them differ.

831B
Asset Object.txt
250B
Child Asset Object.txt
1KB
Affected Asset Object.txt