CORE Assets
Purpose
This document describes Assets.
Introduction
Assets are uniquely identified either physical or virtual devices and IT resources like, servers, laptops, containers, container images, cloud accounts etc.
These assets are currently sourced from other Outpost24 offerings:
- Outpost24 Netsec
- Outpost24 Appsec
- Outpost24 Cloudsec
Since the risks associated with those assets contribute to the overall security posture of the business, the Assets view provides a quick way of assessing the criticality of the assets and helps with the prioritization efforts.
Asset Groups
Collections of Assets can be grouped together into Asset Groups and contain grouping rules that can be used to group assets in a way that makes most sense to the organization. A typical use of an Asset Group is to group assets that belong to the same web application.
See the CORE Asset Groups document for more information about AppStaks.
One asset can belong to several Asset Groups.
AppStaks
Collections of Assets can be grouped together into AppStaks and contain grouping rules that can be used to group assets in a way that makes most sense to the business. A typical use of an AppStak is to group assets that belong to the same web application, business function or a system.
See the CORE AppStaks document for more information about AppStaks.
One Assets or Asset Group can belong to several AppStaks.
Exploring Assets
Clicking on the Explore icon in the left hand menu and selecting Assets displays a table of the available assets.
| Option | Description |
|---|---|
| Age | Number of days since the findings are detected on the asset. |
| Business Criticality * | This is a value the user can set on the targets in OUTSCAN that show up in CORE on assets:
See CORE Dashboard for more information. This result affects the risk calculation. |
| Categories | A list with the categories of the AppStaks this Asset is associated with. |
| Exposed * | Exposure identifies whether the asset is directly reachable on the internet and therefor increase the risk of the asset. If the address is private, then the default is no. This result affects the risk calculation. |
| Findings * | Number of findings associated with that asset. See CORE Findings for more information. |
| Grade * | Risk level on a scale from A to F where F represents the most critical risks. An Asset's risk is calculated based on:
|
| Last Scan * | When the last scan was performed. |
| Name * | Name of the asset. |
| Platform | Assets OS platform |
| Sources * | From where are the assets discovered. NETSEC, APPSEC, and CLOUDSEC. More then one can be present on the same asset. |
| Tags * | See CORE Filters for more information. |
| UUID | The unique identifier of the Asset. |
*) Columns shown by default
Multi Select
When selecting more than one row using the check boxes, an average risk value for selected rows is displayed in the details view to the right with the number of selected items at the top.
Configuring Columns
The Columns can be configured in several ways. Columns can be added and removed and the order in which they are displayed can be changed.
Changing Column Width
All the columns are configurable in width by dragging the dotted area on the right side of the column head.
Changing Column Presentation
By dragging the dotted area on bottom of the column head, the order in which the columns are presented can be changed.
Selecting Columns
By clicking on the + sign in the upper right corner in the column head row, a column menu is displayed where columns can be selected and deselected to configure the findings view.
The content in the column menu may change depending on which view it is opened in.
Reset To Default
- To reset to default column presentation, press the Reset icon.
- A confirmation box is displayed, click the red Reset button to confirm.
- This resets the number of column shown and the order in which they are shown to default.
Summary
In the Summary column, views are divided in Details showing the overall risk, and Statistics showing an overview of Remediation and Aging of all targets.
Details
The Overall Risk provides a quick overview of the risk grades on a scale from A to F where F represents the most critical risks.
Statistics
Remediation is an average of days between the first day a finding was detected and the last day for all findings belonging to an asset.
The Aging card shows the average time past from the first occurrence of the finding in each risk grade from your scans.
Findings
To see all the findings, click the View Findings button at the bottom right.
See CORE Findings for more information.
Specific Assets Findings
Selecting an asset and clicking the Findings tab in the Details windows gives you the CVSS Score and Exploitation Likelihood for the selected asset.
Asset Filtering
When filtering assets with the same name (for example, 198.51.100.36) in CORE, sources is indicated with a badge in front of the assets name.
Hovering the mouse pointer over the badge reveals the source name in a tooltip.
For more information about filters see CORE Filters.
Related Articles
Copyright © 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission. Trademark Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.