Appearance
Understanding Assets
Assets are the foundational building blocks of AttackLens. Every infrastructure resource in your environment -- servers, cloud virtual machines, databases, network devices, containers, identity providers, and more -- is represented as an asset within the platform.
What Is an Asset?
An asset is a record that represents a single infrastructure resource. Each asset carries metadata that AttackLens uses to evaluate security posture, correlate vulnerabilities, build attack graphs, and generate findings.
Every asset has the following core properties:
| Property | Description |
|---|---|
| Name | A human-readable label (e.g., prod-web-01, aks-cluster-east) |
| Type | The specific resource kind (e.g., Virtual Machine, Firewall, Relational Database) |
| Category | The high-level classification derived from the type (e.g., Compute, Network, Data) |
| Environment | The deployment stage: Dev, Test, Staging, or Prod |
| Criticality | Business importance: Low, Medium, High, or Critical |
| Identifiers | One or more unique values that distinguish this asset (hostname, IP, cloud resource ID, etc.) |
| Status | Current lifecycle state: Active, Inactive, or Merged |
| Owner | The user responsible for the asset (optional) |
| Group | The asset group this resource belongs to (optional) |
| Tags | Free-form labels for custom organization (optional) |
Asset Categories
AttackLens organizes assets into 13 categories. Each category groups related resource types together.
| Category | Description | Example Types |
|---|---|---|
| Compute | Servers, VMs, and compute instances | Server, Virtual Machine, Endpoint, App Service, Container Host, Batch Compute, Virtual Desktop |
| Container Platform | Container orchestration and registry resources | Kubernetes Cluster, Kubernetes Node, Container Service, Container Registry |
| Network | Networking and connectivity resources | Virtual Network, Subnet, Firewall, Load Balancer, VPN Gateway, NAT Gateway, DNS Zone, Network Security Group, Public IP Address, WAF Policy |
| Storage | File and object storage resources | Storage Account, Object Storage, Block Storage, File Storage, Archive Storage |
| Data | Databases, caches, and data processing | Relational Database, NoSQL Database, Data Warehouse, Cache, Message Queue, Stream Service, Search Service, Data Factory, Data Lake |
| Security & Identity | IAM, secrets, and security configuration | Identity Provider, Managed Identity, IAM Policy, Key Vault, Certificate, Conditional Access Policy, Encryption Key |
| Monitoring & Management | Observability and operations tooling | Log Workspace, Monitor Alert, Automation Account, Backup Vault, Policy Assignment |
| Delivery & CDN | Content delivery and static hosting | CDN, Static Site |
| AI & ML | Machine learning resources | ML Workspace |
| IoT | Internet of Things hubs | IoT Hub |
| Integration & Messaging | Event-driven and notification services | Event Bus, Notification Service, Service Bus |
| Serverless & Logic | Serverless functions and workflow engines | Serverless Function, Logic App, API Connection |
TIP
When you create an asset and select a type, AttackLens automatically assigns the correct category. You do not need to set the category manually.
Asset Types
AttackLens supports over 55 asset types across all categories. Here are some of the most common:
Compute: Endpoint, Server, Virtual Machine, Container Host, Mobile Device, Serverless Function, App Service, Batch Compute, Virtual Desktop
Network: Network Device, Virtual Network, Subnet, Network Security Group, Firewall, Load Balancer, API Gateway, DNS Zone, VPN Gateway, NAT Gateway, Public IP Address, Network Interface, Express Route, Private Endpoint, Traffic Manager, Service Mesh, WAF Policy
Data: Database Server, Relational Database, NoSQL Database, Data Warehouse, Cache, Message Queue, Stream Service, Search Service, Data Factory, Data Lake
Security & Identity: Identity Provider, Managed Identity, IAM Policy, Key Vault, Certificate, Conditional Access Policy, Security Center, Encryption Key
How Assets Are Discovered
Assets enter AttackLens through three distinct methods:
1. Cloud Adapters (Automatic)
Cloud adapters connect to your AWS, Azure, or GCP accounts and automatically discover all infrastructure resources. During each discovery sync, the adapter queries your cloud provider APIs and creates or updates assets for every resource it finds.
- Azure: Discovers VMs, App Services, Storage Accounts, SQL Databases, Virtual Networks, Key Vaults, AKS clusters, and 50+ additional resource types
- AWS: Discovers EC2 instances, S3 buckets, RDS databases, VPCs, Lambda functions, EKS clusters, IAM resources, and more
- GCP: Discovers Compute Engine VMs, Cloud Storage buckets, Cloud SQL instances, VPC networks, GKE clusters, and 60+ resource types
Adapter-discovered assets are automatically assigned the correct type, category, and identifiers based on the cloud resource metadata.
INFO
To set up automatic discovery, see Understand Adapters and the provider-specific setup guides for Azure, AWS, or GCP.
2. Sensors (Automatic)
Sensors are lightweight agents deployed directly on endpoints (physical servers, virtual machines, workstations). They collect detailed local information including installed software, OS configuration, security settings, and network interfaces.
When a sensor enrolls with AttackLens, it automatically creates or binds to an asset record. Sensors provide deeper visibility than cloud adapters because they have local access to the machine's configuration.
INFO
To deploy sensors, see Understand Sensors and the deployment guides for Linux, Windows, or macOS.
3. Manual Creation
You can manually create assets for resources that are not covered by cloud adapters or sensors. This is useful for:
- On-premises hardware that cannot run a sensor (network appliances, legacy systems)
- Third-party SaaS services you want to track
- Resources in environments not yet connected via an adapter
TIP
Manual creation is a last resort. Wherever possible, use adapters or sensors for automatic discovery. Auto-discovered assets stay up to date as your infrastructure changes; manually created assets require ongoing maintenance.
Asset Identifiers
Identifiers are the key-value pairs that uniquely distinguish an asset. AttackLens uses identifiers to match assets across multiple discovery sources, detect conflicts, and correlate findings.
| Identifier Type | Example Value | Description |
|---|---|---|
| Hostname | web-server-01 | Machine hostname |
| FQDN | web-server-01.corp.example.com | Fully qualified domain name |
| IPv4 Address | 10.0.1.25 | IPv4 network address |
| IPv6 Address | fd12:3456:789a::1 | IPv6 network address |
| MAC Address | 00:1A:2B:3C:4D:5E | Network interface physical address |
| Cloud Instance ID | i-0abcdef1234567890 | Provider-specific instance identifier |
| Cloud Resource ID | /subscriptions/.../resourceGroups/.../providers/... | Full cloud resource ARM/ARN/URI |
| Serial Number | VMware-42 30 a8 ... | Hardware or virtual serial number |
| BIOS UUID | 4230a8f2-... | BIOS/UEFI unique identifier |
| OS | Ubuntu 22.04 LTS | Operating system name |
| OS Version | 22.04 | Operating system version |
| OS Type | Linux | Operating system family |
Assets can also carry custom identifiers with any arbitrary type name you define. This is useful for internal asset management IDs, CMDB references, or other organization-specific labels.
WARNING
Identifiers drive conflict detection. If two assets from different sources share the same identifier type and normalized value, AttackLens flags a potential conflict. See Resolve Asset Conflicts for details.
Asset Lifecycle
Assets progress through a well-defined lifecycle within AttackLens:
1. Creation
An asset is created when:
- A cloud adapter discovers a new resource during a sync
- A sensor enrolls and reports a new machine
- A user manually creates an asset from the UI
2. Active Monitoring
While an asset is Active, AttackLens continuously:
- Evaluates security policies against the asset
- Correlates vulnerability data from installed software
- Includes the asset in attack graph computations
- Generates findings for any policy violations
- Tracks inventory changes (installed packages, configurations)
3. Inactive
An asset becomes Inactive when:
- It is no longer detected by its adapter (the cloud resource was deleted or the adapter was disconnected)
- Its sensor goes offline and does not reconnect
- A user manually marks it as inactive
Inactive assets remain in the database for audit history but are excluded from new policy evaluations and attack graph computations.
4. Merged
When a conflict is resolved by merging two duplicate assets, the "losing" asset transitions to Merged status. Its data is consolidated into the surviving asset record. Merged assets are retained for traceability but no longer appear in active views.
INFO
Merged assets cannot be reactivated. If you need the resource tracked again, create a new asset or re-run discovery.
What's Next?
- Add an Asset -- Create assets manually
- Manage Assets -- Search, filter, and organize your asset inventory
- Asset Detail -- Explore the full detail view for a single asset
- Create an Asset Group -- Organize assets into logical groups
- Resolve Asset Conflicts -- Handle duplicate asset records