Asset Groups
Purpose
This document provides users with a overview of Asset Groups.
Introduction
The Asset Groups tab is a dashboard for Managed and Unmanaged groups showing some basic information on findings trends, fixed trends, remediation, and CVSSv3.
Prerequisites
The reader needs basic access to the OUTSCAN™ account with an active SWAT subscription to interact with groups in Managed section.
Getting Started
Open a browser and navigate to https://outscan.outpost24.com/portal.
Use HTTPS protocol.
Ex. https://outscan.outpost24.com/portal
Enter your credentials and click on the blue arrow button to log in.
For more information about the Portal see Getting Started with the Portal.
Dashboard
In the Asset groups view, all the SWAT assets are listed under the overview panel of Managed section on the left hand side. Click and drag the border to resize the panel.
Each card is a graphical representation of number of open findings, fixed findings, remediated findings, a graphical representation of the CVSSv3 score and a graph showing the trends of the findings.
Overview
Clicking the Asset group overview tree column to the left shows the overview bar at the top is the combined data for all instances.
Selecting a asset group changes the overview bar to a specific information bar for the selected group showing the name of the group, number of assets, number of findings associated and the creation date for the selected asset group.
The Show only active toggle filters the overview panel to show only asset group with an active subscription. Non active asset groups is still present if a child is active.
Clicking on Assets, Most open vulnerable asset group, Most open vulnerable asset, Open Findings, and Closed Findings opens a filtered view in Asset or Findings for each of the items respectively.
Assets
Show the total number of assets associated with all of the Asset Groups. If an Asset Group is selected, then the value represents the assets associated with selected Asset Group. Assets are groupings of one or several identifiers such as IP addresses and host names that represent distinct resources customers wants to secure. As such, an asset may represent entities such as employee's, websites, databases, OCI images, cloud resources, Outpost24 agents etc.
See Assets for more information.
Asset Group with the Most Open Vulnerabilities
Shows the asset group with the most open findings and the asset group it belongs to if it is of Managed type. Clicking on it displays a filtered view with the affected parent group or asset group and the associated assets are listed together with the findings
Asset with the Most Open Vulnerabilities
Shows the asset with the most open findings. As Outpost24 services scan and analyze targets, findings are generated and associated with the corresponding assets.
See Assets for more information.
Open Findings
Number of open findings.
An open finding is defined as a finding with the status set to PRESENT, PENDING VERIFICATION, or IRREPRODUCIBLE.
Findings are the potential risks and recommended reconfiguration suggestions found during automatic and manual assessments of the target asset. These vary from security best practices which lower the attack surface of the target to exploitable vulnerabilities that were verified and confirmed as being present and relevant for the target.
Findings include their classification, risk score and information describing what it is, why it was found and how an attacker might be able to exploit the vulnerability as well as provide clear solutions to remediate the risk.
See Vulnerabilities for more information.
Closed Findings
Number of closed findings.
A closed finding is defined as a finding with a non-empty value of its fixed attribute.
See Vulnerabilities for more information.
Total Findings
Total number of findings in all asset groups.
See Vulnerabilities for more information.
Vulnerabilities Average Score
This card shows both the average score for all open vulnerabilities as well as a breakdown for each severity. The score is based on the Common Vulnerability Scoring System (CVSS) which provides a way to capture the characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score is translated into a qualitative representation (such as Low, Medium, High, and Critical) to help assess and prioritize the vulnerability management processes.
See Vulnerabilities for more information.
Clicking on any of the severity bars redirects you to a filtered view of findings of the selected score level.
OWASP Top 10
The OWASP Top 10 card display the findings in a graphical format according to the score of the vulnerability according to OWASP. The Open Worldwide Application Security Project (OWASP) Top 10 is a standard awareness document for developers and web application security, and represents a broad consensus about what the most critical asset group security flaws are.
Clicking on the various colored parts of the OWASP diagram redirects you to a filtered list in the Findings Vulnerability view.
This diagram will only be displayed if at least one asset is of Appsec type identified by the source being any of SCALE, SCALE_API, SCALE_SPA, APPSEC, SWAT, ASSURE or SNAPSHOT.
Findings Trend
This metric provides a comprehensive view of how business risks are evolving over time tracking the lifecycle of open and closed findings from the moment they are first identified ("first seen") to when they no longer appear ("last seen"). By analyzing this trend, valuable insights can be gained into the effectiveness of your risk management strategies and identify areas that require attention or improvement.
Findings Top 10
Findings Top 10 shows ten most recent, still open findings with the highest CVSS severity along with the severity and asset they were detected on.
Solutions Top 10
Solutions Top 10 shows ten actions that will resolve most vulnerabilities along with the number of risks and affected assets in unmanaged asset groups.
Subscriptions
The Subscriptions card represents the customer's engagement with Outpost24 and each entry corresponds to an already purchased and paid subscription.
The Subscription card list the current subscriptions assigned to the selected asset group, as well as those that are unassigned and a history of all of them.
The Subscription list can be exported to a CSV file by clicking the export icon 
icon in the top right corner of the Subscription card.
The list in the Subscription card is sorted into four groups: Active, Unassigned, Inactive, and Inactive & unassigned.
Subscription Status | Description |
|---|---|
 | Active show the subscriptions that are currently active and are more than 30 days away from expiring. |
 | Ending soon shows an active subscription where the end date is less than 30 days from expiring giving you a warning that the subscription is on the end of its valid period. |
 | Unassigned to any asset group but active until date. |
 | Inactive show subscription where the subscription time has expired, or subscriptions that have an activation date in the future. |
There are cases where licenses expire without having been used. These are listed under Inactive & unassigned at the bottom.
Historical Data is hidden under the Show history dropdown and show the expired subscriptions.
Overview Cards
The Overview Card shows each Asset group with basic information and breaks down the results in to six categories. The results can be filtered by toggling the Show only vulnerable and Show only active subscription switches
The Show only vulnerable switch, when activated, exclude recommendation findings from being counted and only count findings containing vulnerabilities.
The Show only active subscription switch filters out all but active subscriptions, and show only asset groups that currently have an active subscription attached to it, as well as information about said and past subscriptions in the Overview cards.
Card Info | Description |
|---|---|
Findings | The total number of Findings, regardless of their status. |
Open Findings | Total number of open findings. |
Closed Findings | Total number of closed findings. |
Assets | Total number of assets. |
Critical Findings | Total number of findings with Critical severity. |
High Findings | Total number of findings with High severity. |
Clicking on the name of the asset group opens the dashboard for said asset group, whereas clicking on the different info sections will redirect you to a filtered list of findings.
The Overview Card is only available for Managed type of group.
Table View
To toggle from Dashboard view to a Table view, click the list icon 
in the upper right corner in the Overview card. This switches the view to a common table. The purpose of the Table view is to provide a different view that is optimized for creating, reading, updating, and deleting operations of Asset groups.
The table view operates like every other table views in the portal with basic CRUD operations such as filtering, adding/removing columns, and using view templates with view templates panel.
Clicking on an Asset group open the details. The details view of an unmanaged Asset group only contains two tabs:
Details
Comments
A Managed Asset group details view has five tabs:
Details
Subscriptions
Summaries
Activity Log
Comments
Option | Format | Description |
|---|---|---|
Active subscription |
| The Active subscription column indicates whether the asset has one or more currently active subscriptions or if it is inactive. |
Asset group ID |  | Clickable asset group IDs where this asset is assigned. Clicking an ID opens the Asset Groups view with that group selected. |
Created |  | Number of days since the Asset group was created. |
Created by |  | Who created the Asset group:
|
Customer ID | ID of the Outpost24 customer account this asset belongs to. | |
Customer name | Name of the customer | |
Dynamic |  | Indicates if the Asset group is Dynamic or not. A Dynamic Asset Group is managed by the system, so that all assets matching the criteria for the group is automatically added to the group. Assets that no longer match the criteria is removed. For more information about Dynamic Asset Groups, see Dynamic Asset Groups. |
Excluded asset tags | See Tags section. | |
ID |  | Unique identifier of the asset. |
Included asset tags | See Tags section. | |
Managed | | Managed asset groups are maintained by Outpost24 and are not editable. Unmanaged asset groups are editable by your organisation. |
Name | Name of the asset group | |
Parent ID | Display the parent asset group ID | |
Path |  | Show the ID of parent asset group if exists and the ID of current asset group. |
Summary ID | Show the ID of the current summary of asset group. | |
Summary Published | Show the published date of the current summary of asset group. | |
Tags | Displays the available tags associated with the group. See Tags article for further information about tags. | |
Type |
| Indicates the category of a Asset group. |
Updated |  | Timestamp of when the asset was last updated at all for any reason, system- or user-initiated. |
Updated by | Who did the last updating action, system, user, or AppSec team and so on. |
Tags
Right clicking on an Asset group in the table view opens the context menu providing tools to configure the handlings of the tags
Edit tags - Lets you create the tags of the product. See Tags article for further information about tags.
Edit include assets tags - Lets you configure which assets to include depending on their tags. Specify tags ,for example,
team:support,location:karlskronathat the assets must match to be included. Multiple tags are combined with an AND operator.Edit exclude assets tags - Lets you configure which assets to exclude depending on their tags. Specify tags, for example,
team:internalit,location:karlskronato exclude assets. Multiple exclude tags are combined with an OR operator.
Detailed View Tabs
Details tab
The Details tab is displayed for both Unmanaged- and Managed Asset Groups.
Name: Name of the asset group
Select Group: Name of the parent asset group
Type: What type of asset group is it?
Web application
Instance
API
Internal
External
Mobile
Physical
Wireless
Phishing
Red
Assumed
Digital
Hardware
Project
Subscription tab
The Subscriptions tab is displayed only for Managed Asset Groups, and list all the associated subscriptions to the asset group.
For more information about subscriptions, see Subscriptions Overview
Summaries tab
The Summaries tab is only displayed for Managed Asset Group and outlines the results of a web application penetration test. For more information, see the Summary section in this article.
Activity Log tab
The Activity Log tab is only displayed for Managed Asset Group and lists the performed tasks of a web application penetration test.
Comments tab
The Comments tab is displayed for both Unmanaged- and Managed Asset Groups.
In the Comments tab you can start a discussion with Outpost24 Appsec team about. Discussions are normally customer-internal. Only when eligible (via associated subscription) may a dialog between customer and the Outpost24 AppSec team be initiated.
For more information about comments, see Discussions and Commenting.
Customer Actions
Accept Risk
If a risk cannot be mitigated right away, that risk can be accepted so that it will not be picked up every time a scan runs. The risk can be accepted for a short period of time. It is customizable to what ever period of time is needed, if the risk cannot be mitigated right away.
To accept a risk.
Click the Accept Risk
icon located on the bar under the list of findings.Enter a date and a comment.
Click Accept.
Request Verification
The Request Verification button is connected to the Discussions feature.
To request a verification from the AppSec team:
Click the Request Verification
button.A Comment dialog is displayed.
When the Verification request is submitted, a Comment entry is put in the Comments tab of the finding.
This comment is synced together with other comments that are marked for the AppSec team to receive, and they will begin verification of the finding
The AppSec team then either:
Verifies that the vulnerability is present and:
Update the Last seen date.
Respond to the Comment.
Verifies that the finding is fixed and:
Mark the finding as fixed.
Respond to the Comment.
The finding is updated and the customer need to take action.
Findings
For more information about Findings, see Vulnerabilities.
See Filters for common filtering options in the portal.
Tags
By using the Tag 
icons, tags can be added and removed to the asset group.
For more information about tags, see Tags.
Summary
The Executive Summary is a text aimed to describe the overall security level of the application in question. This includes a brief summary of the general security status as well as the identified vulnerabilities.
To see the Summary:
Click on Summary button in the upper right corner of the status-bar in the Asset groups dashboard.
The field Summary Updated indicates when the summary was last updated.
Reports
To export reports for asset groups from the Portal UI:
Select a asset group.
Click on the Report button near top right corner.
The options available to choose from are similar to generating a report for Assets, beside Vulnerabilities being the only available type of report.
Reports use View Templates to filter the reports by predefined templates. The built-in SWAT template is pre-selected and filters out fixed findings by default.
Continue with the same steps as in a normal Report.
For more information, see Reports.
Note that the user who requests the Asset Groups report may only see vulnerabilities and summaries to which they have access privilege. For example, a main user sees everything, but a sub-user with limited privilege will only see reports about the assets that they can access in the asset group.
If all assets or asset groups related to a scheduled report configuration are deleted, the scheduled report configuration will be automatically removed.
Related Articles
Copyright
© 2025 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Trademark
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.