Overview #
An Asset represents a system or application that is being assessed, in it’s current state. This can be defined as either :
- A particular Application / Version of project in development
- A binary file that is considered to an application
- A Java WAR or EAR file
- A URL (Host plust port) for a running application. Like https://www.saltworks.io would be a single Asset
Asset Documents #
Assets persist over time, meaning that if a particular Asset is assessed multiple times (scanned) the single Asset record will be kept up to date. If the same issue were found for on a new application or in a different project it will generate a new Asset document, not change the original asset.
Asset Fields #
Asset Fields are primarily stored in the Asset indices but also populate down to the issues indices for reporting purposes.
| Field Name | Description |
|---|---|
| id | System generated, flows down in the saltminer.asset.id field to children. display name: Id |
| saltminer.asset.last_scan-days_policy | How many days between scans allowed by policy type: integer example: 30 |
| saltminer.asset.composite_key | Composite key used internally by SaltMiner display name: Composite key type: keyword |
| saltminer.asset.id | Link to app_versions application, Identifier for application Note: This is the key that is used for all flow down fields, does not appear in the asset* indices. type: keyword example: 89 |
| saltminer.asset.source_id | Source unique ID for application or application/version display name: Source id type: keyword example: 12983B |
| saltminer.asset.config_name | Config name of the source of the application vulnerability data display name: Config name type: keyword example: Sonatype1 |
| saltminer.asset.source_type | Source type of the application vulnerability data. Must be one of the known source types in the system to be processed by the Sync Agent display name: Source type type: keyword example: Saltworks.Sonatype |
| saltminer.asset.sub_type | For Pentest mainly, indicates type of Pentest type: keyword example: Pentest |
| saltminer.asset.is_saltminer_source | Flag determines whether this is a saltminer source for licensing display name: Is Saltminer source type: boolean example: TRUE |
| saltminer.asset.is_retired | Flag used to indicate an asset has been removed from the source display name: Is retired type: boolean example: FALSE |
| saltminer.asset.version_id | Link to app_versions app/version, Application version identifier display name: Version id type: keyword example: 10035 |
| saltminer.asset.asset_type | Indicates type of asset that is being assessed. Should be one of display name: Asset type APP: Application NET: Network CTR : Container type: keyword example: APP |
| saltminer.asset.host | This is either the Application Name, the Domain Name, Host name or the IP of the asset being assessed. display name: Host type: keyword (w/.text) example: www.saltminer.io |
| saltminer.asset.ip | IP address of a Host if it is known. display name: Ip required: No (optional) type: ip |
| saltminer.asset.scheme | The service type scheme like https or ftp display name: Scheme type: keyword example: https or http or ftp |
| saltminer.asset.port | IP Port display name: Port type: integer example: 443 |
| saltminer.asset.is_production | Production flag used to determine if an app/version is prod or non-prod display name: Is production type: boolean example: true |
| saltminer.asset.name | Asset (or application) name default display name: Asset example: keyword (w/.text) example: JuiceShop |
| saltminer.asset.description | Asset description display name: Description type: text example: main SaltMiner web site |
| saltminer.asset.version | Application version name display name: Version type: keyword (w/.text) v1.0 |
| saltminer.asset.attributes.<attribute_name> | Custom attributes that apply to APP/VERSION used in visualizations and so on type: object (list of name value pairs) example: {“language”: “c#”, “framework”: “.Net 6”} |
| saltminer.composite_key | Composite key used internally by SaltMiner SaltMiner internal use only type: keyword |
| Note: The following “scan” fields represent scan information for the latest (most recent) scan completed against the asset. They are duplicate data from the scans indices (fields) but stored here for reporting and ease of use reasons. | |
| saltminer.scan.scan_date | Represents the date last run for this Asset/version/source required: Yes type: timestamp example: 2018-06-29T12:36:52.430+0000 |
| saltminer.scan.id | Last scan unique identifier (SaltMiner) for this Asset/version/source required: Yes type: keyword example: |
| saltminer.scan.critical saltminer.scan.high saltminer.scan.medium saltminer.scan.lowsaltminer.scan.info | Last scan counts for this severity required: Yes type: integer example: 10 |
Updated March 13 2023
Flow down fields #
Asset Inventory #
- saltminer.asset_inv.is_production
- saltminer.asset_inv.name
- saltminer.asset_inv.description
- saltminer.asset_inv.version
- saltminer.asset_inv.attributes
- saltminer.asset_inv.key
Engagements #
For Assets that were found as part of an engagement the following fields flow down
- saltminer.engagement.publish_date
- saltminer.engagement.name
- saltminer.engagement.customer
- saltminer.engagement.summary
- saltminer.engagement.scan_id
- saltminer.engagement.attributes