You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/programs/asset-inventory.md
+37-11Lines changed: 37 additions & 11 deletions
Original file line number
Diff line number
Diff line change
@@ -3,11 +3,18 @@ title: "Asset Inventory"
3
3
path: "/programs/asset-inventory.html"
4
4
id: "programs/asset-inventory"
5
5
---
6
-
Your organization’s Asset Inventory page allows you to create risk-ranked, custom categories for assets across your organization.
6
+
Your organization’s Asset Inventory page allows you to create categories for assets across your organization.
7
+
8
+
Asset Inventory is a centralized interface within the HackerOne Platform that allows you to control and manage assets across various security testing engagements.
9
+
This feature helps manage the scope across all customer segments. Over time, it becomes a unified record for global external assets and security testing efforts and simplifies the attack surface management process.
10
+
11
+
HackerOne Assets customers get access to complete Asset Inventory features to manage their attack surface as well as the testing scopes
12
+
13
+
Note: The Asset Inventory is only viewable to organization admins or users with Asset Manager or Asset Viewer permissions.
Clicking on a domaingroup opens a detailed list of all assets under that domain. From there, you can edit them individually or in bulk. Each asset listed shows information on coverage, program, owner, and open vulnerabilities.
17
+
You can choose how to group assets based on tags; by default, they are grouped by domain. Clicking on a group opens a detailed list of all assets under that tag. From there, you can edit them individually or in bulk. Each asset listed shows information on coverage, program, owner, and open vulnerabilities.
11
18
12
19
13
20
@@ -19,7 +26,29 @@ The asset overview will provide detailed information which you can edit from wit
The Scope tab in the program’s Security page allows hackers to see:
30
+
1. Which assets are in-scope or out-of-scope
31
+
2. Which assets are eligible for bounty
32
+
3. Asset CVSS environmental score
33
+
34
+
![insert new image of scope tab]
35
+
36
+
### Adding Assets
37
+
38
+
You can add assets to your organization from the Asset Inventory page by clicking **Add assets** under the search & filter box. A pop-up menu will appear prompting you to enter all the asset’s details.
39
+
*Note: Assets can also be added via the API. ASM Scanner and Asset submission review flows are available when you purchase HackerOne Assets.*
40
+
41
+
42
+
43
+
The asset will appear in the list alongside all other assets.
44
+
45
+
### Filtering
46
+
47
+
Click the filter button next to the Search bar to filter assets by category or tag.
48
+
49
+
22
50
### Categories & Tags
51
+
The standard Asset Inventory comes with built-in categories and tags such as technology and region. Customers who purchase the Assets Package will also gain access to custom categories and tags.
23
52
24
53
To create a new category:
25
54
1. Click **Manage tags**
@@ -42,16 +71,13 @@ To create a new tag:
42
71
43
72
*Note: You must create and select a category before you can create tags.*
44
73
45
-
### Filtering
74
+
### Advanced Features
75
+
Purchasing the Assets feature also unlocks the Attack Surface Coverage dashboard and Asset Submissions.
46
76
47
-
Click the filter button next to the Search bar to filter assets by category or tag.
48
-
49
-
50
-
### Adding Assets
77
+
Your Attack Surface Coverage dashboard gives an overview of your entire attack surface. It summarizes the total number of in-scope and out-of-scope assets across your program and also shows a summary of vulnerabilities found based on region, language, technology, or business unit.
51
78
52
-
You can add assets to your organization from the Asset Inventory page by clicking **Add assets** under the search & filter box. A pop-up menu will appear prompting you to enter all the asset’s details.
53
-
*Note: Assets are also added via the API, Darktrace, and the Asset submission review flows*
Asset Submissions allows hackers to submit potentially missed assets for review. You can then accept or reject these assets as part of your organization. If you accept a hacker’s submission, they will then be invited to submit asset enrichment to provide more details about technology tags, CVSS environmental score, and maximum severity.
56
82
57
-
The asset will appear in the list alongside all other assets.
0 commit comments