Purpose

This document describes Assets.

Introduction

Assets are uniquely identified either physical or virtual devices and IT resources like, servers, laptops, containers, container images, cloud accounts etc.

These assets are currently sourced from other Outpost24 offerings:

  • Outpost24 Netsec
  • Outpost24 Appsec
  • Outpost24 Cloudsec

Since the risks associated with those assets contribute to the overall security posture of the business, the Assets view provides a quick way of assessing the criticality of the assets and helps with the prioritization efforts.

Asset Groups

Collections of Assets can be grouped together into Asset Groups  and contain grouping rules that can be used to group assets in a way that makes most sense to the organization. A typical use of an Asset Group is to group assets that belong to the same web application.

See the Unified View Asset Groups document for more information about AppStaks.

One asset can belong to several Asset Groups.

AppStaks

Collections of Assets can be grouped together into AppStaks and contain grouping rules that can be used to group assets in a way that makes most sense to the business. A typical use of an AppStak is to group assets that belong to the same web application, business function or a system.

See the Unified View AppStaks document for more information about AppStaks.

One Assets or Asset Group can belong to several AppStaks.


Exploring Assets

Clicking on the Explore icon in the left hand menu and selecting Assets displays a table of the available assets.

Explore Assets

OptionDescription
AgeNumber of days since the findings are detected on the asset.
Business Criticality *

This is a value the user can set on the targets in OUTSCAN that show up in Unified View on assets:

  • Critical
  • High
  • Medium
  • Low

See Unified View Dashboard for more information.

This result affects the risk calculation.

Categories

A list with the categories of the AppStaks this Asset is associated with.

Exposed *

Exposure identifies whether the asset is directly reachable on the internet and therefor increase the risk of the asset. If the address is private, then the default is no.

This result affects the risk calculation.

Findings *

Number of findings associated with that asset.

See Unified View Findings for more information.

Grade *

Risk level on a scale from A to F where F represents the most critical risks.

An Asset's risk is calculated based on:

  1. Business criticality (priority)

  2. Exposure

  3. The single most critical finding (weakest link) on the asset

Last Scan *When the last scan was performed.
Name *Name of the asset.
PlatformAssets OS platform
Sources *From where are the assets discovered. NETSEC, APPSEC, and CLOUDSEC. More then one can be present on the same asset.
Tags *

See Unified View Filters for more information.

UUIDThe unique identifier of the Asset.

*) Columns shown by default

Multi Select

When selecting more than one row using the check boxes, an average risk value for selected rows is displayed in the details view to the right with the number of selected items at the top.
Assets Multiselect

Configuring Columns

The Columns can be configured in several ways. Columns can be added and removed and the order in which they are displayed can be changed.

Changing Column Width

All the columns are configurable in width by dragging the dotted area on the right side of the column head.

Changing Column Presentation

By dragging the dotted area on bottom of the column head, the order in which the columns are presented can be changed.

Selecting Columns

By clicking on the + sign in the upper right corner in the column head row, a column menu is displayed where columns can be selected and deselected to configure the findings view.

The content in the column menu may change depending on which view it is opened in.

Reset To Default

  1. To reset to default column presentation, press the Reset icon .
  2. A confirmation box is displayed, click the red Reset button to confirm.



  3. This resets the number of column shown and the order in which they are shown to default.

Summary

In the Summary column, views are divided in Details showing the overall risk, and Statistics showing an overview of Remediation and Aging of all targets.

Details

The Overall Risk provides a quick overview of the risk grades on a scale from A to F where F represents the most critical risks.

Summary Overall Risk

Statistics

Remediation is an average of days between the first day a finding was detected and the last day for all findings belonging to an asset.

The Aging card shows the average time past from the first occurrence of the finding in each risk grade from your scans.

Summary Remediation Aging

Findings

To see all the findings, click the View Findings button at the bottom right.

See Unified View Findings for more information.

Specific Assets Findings

Selecting an asset and clicking the Findings tab in the Details windows gives you the CVSS Score and Exploitation Likelihood for the selected asset.

Details Findings


Asset Filtering

When filtering assets with the same name (for example, 198.51.100.36) in Unified View, sources is indicated with a badge in front of the assets name.

Hovering the mouse pointer over the badge reveals the source name in a tooltip.




For more information about filters see Unified View Filters.


Related Articles




Copyright

© 2023 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.