Assets
Overview
An Asset represents a system or application that is being assessed, in it’s current state. This can be defined as either an:
- A particular Application / Version of project in development
- A binary file that is considered to an application
- A Java WAR or EAR file
- A URL (Host plust port) for a running application. Like https://www.saltworks.io would be a single Asset
Asset Documents
Assets persist over time, meaning that if a particular Asset is assessed multiple times (scanned) the single Asset record will be kept up to date. If the same issue were found for on a new application or in a different project it will generate a new Asset document, not change the original asset.
Asset Fields
Asset Fields are primarily stored in the Asset indices but also populate down to the issues indices for reporting purposes.
|
Field Name |
Description |
|---|---|
|
id |
System generated, flows down in the saltminer.asset.id field to children. |
|
saltminer.asset.last_scan-days_policy |
How many days between scans allowed by policy type: integer example: 30 |
|
saltminer.asset.composite_key |
Composite key used internally by SaltMiner keyword
|
|
saltminer.asset.id |
Link to app_versions application, Identifier for application Note: This is the key that is used for all flow down fields, does not appear in the asset* indices. keyword 89 |
|
saltminer.asset.source_id |
Source unique ID for application or application/version type: keyword example: 12983B |
|
saltminer.asset.config_name |
Config name of the source of the application vulnerability data type: keyword example: Sonatype1 |
|
saltminer.asset.source_type |
Source type of the application vulnerability data. Must be one of the known source types in the system to be processed by the Sync Agent type: keyword example: Saltworks.Sonatype |
|
saltminer.asset.sub_type |
For Pentest mainly, indicates type of Pentest type: keyword example: Pentest |
|
saltminer.asset.is_saltminer_source |
Flag determines whether this is a saltminer source for licensing type: boolean example: TRUE |
|
saltminer.asset.is_retired |
Flag used to indicate an asset has been removed from the source type: boolean example: FALSE |
|
saltminer.asset.version_id |
Link to app_versions app/version, Application version identifier type: keyword example: 10035 |
|
saltminer.asset.asset_type |
Indicates type of asset that is being assessed. Should be one of
type: keyword example: APP |
|
saltminer.asset.host |
This is either the Application Name, the Domain Name, Host name or the IP of the asset being assessed. keyword (w/.text) example: www.saltminer.io |
|
saltminer.asset.ip |
IP address of a Host if it is known. required: No (optional) type: ip |
|
saltminer.asset.scheme |
The service type scheme like https or ftp type: keyword example: https or http or ftp |
|
saltminer.asset.port |
IP Port type: integer example: 443 |
|
saltminer.asset.is_production |
Production flag used to determine if an app/ver is prod or non-prod type: boolean example: true |
|
saltminer.asset.name |
Asset (or application) name example: keyword (w/.text) example: JuiceShop |
|
saltminer.asset.description |
Asset description type: text example: main SaltMiner web site |
|
saltminer.asset.version |
Application version name keyword (w/.text) v1.0 |
|
saltminer.asset.attributes.<attribute_name> |
Custom attributes that apply to APP/VERSION used in visualizations and so on type: object (list of name value pairs) example: {“language”: “c#”, “framework”: “.Net 6”} |
|
saltminer.composite_key |
Composite key used internally by SaltMiner SaltMiner internal use only type: keyword |
|
Note: The following “scan” fields represent scan information for the latest (most recent) scan completed against the asset. They are duplicate data from the scans indices (fields) but stored here for reporting and ease of use reasons. |
|
|
saltminer.scan.scan_date |
Represents the date last run for this Asset/version/source required: Yes type: timestamp example: 2018-06-29T12:36:52.430+0000 |
|
saltminer.scan.id |
Last scan unique identifer (SaltMiner) for this Asset/version/source required: Yes type: keyword example: |
|
saltminer.scan.critical saltminer.scan.high saltminer.scan.medium saltminer.scan.low saltminer.scan.info |
Last scan counts for this severity required: Yes type: integer example: 10 |
Flow down fields
Asset Inventory
- saltminer.asset_inv.is_production
- saltminer.asset_inv.name
- saltminer.asset_inv.description
- saltminer.asset_inv.version
- saltminer.asset_inv.attributes
- saltminer.asset_inv.key
Engagements
For Assets that were found as part of an engagement the following fields flow down
- saltminer.engagement.publish_date
- saltminer.engagement.name
- saltminer.engagement.customer
- saltminer.engagement.summary
- saltminer.engagement.scan_id
- saltminer.engagement.attachments[x].file_name
- saltminer.engagement.attachments[x].url
- saltminer.engagement.attributes