AssetNote
AssetNote is an external attack surface management tool that monitors your organization's assets exposed to the internet. You can import cloud asset, IP address, sub domain, and other security data from AssetNote into Brinqa to enhance visibility into potential vulnerabilities associated with your assets, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with AssetNote and how to obtain that information from AssetNote. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select AssetNote from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate AssetNote with Brinqa:
-
API URL: Your organization's AssetNote server URL. The default format is
https://<ServerName>/. -
API key: The API key associated with the AssetNote account, which must have permissions to log in to the API server and return data.
Create an AssetNote user
For the AssetNote connector to use the AssetNote API, you must provide an API key. AssetNote administrators can obtain API keys for full access, or they can create new AssetNote users with the minimum access needed to read and retrieve data from the AssetNote API. To create a new AssetNote user, follow these steps:
-
Log in to your organization's AssetNote portal as an administrator.
-
Navigate to Settings > Manage Users.
-
Click Invite User.
The Invite User dialog appears.
-
Select Scoped. This restricts the access to only specific asset groups.
-
Click Next.
The Invite User dialog remains with new fields and options to complete.
-
Fill out the first name, last name, and email address.
-
For the Role, click the drop-down and select Read Only. The Read Only role is considered to be the minimum role needed to read and retrieve data.
-
(Optional) If you want to restrict access to specific asset groups, click Restrict user access through scopes, click the Asset Groups drop-down, and then select the asset groups you want to retrieve data for.
-
Click Save.
The new user receives an email from AssetNote asking them to complete their registration. Once that is completed, the new user can obtain their new API key.
For additional information on creating users and role access, see AssetNote documentation.
Obtain an AssetNote API key
AssetNote administrators and invited users can obtain an AssetNote API key. To do so, follow these steps:
-
Log in to your organization's AssetNote portal.
-
Navigate to Settings, click Account Settings in the drop-down, and then click Rotate API Key.
Your API key displays. While you can come back to this page to obtain your API key, it is recommended that you handle it with caution by storing it in a safe and secure location.
If you do not have the permissions to obtain an API key, contact your AssetNote administrator. For additional information, see AssetNote documentation.
Additional settings
The AssetNote connector contains an additional option for configuration:
- Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
Types of data to retrieve
The AssetNote connector can retrieve the following types of data from the AssetNote API:
Table 1: Data retrieved from AssetNote
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Cloud Asset | No | Cloud Resource |
| IP Address | Yes | IP Range |
| Sub Domain | Yes | Site |
| Vulnerability | Yes | Vulnerability |
| Vulnerability Definition | Yes | Vulnerability Definition |
For detailed steps on how to view the data retrieved from AssetNote in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Cloud Asset
Table 2: Cloud Asset attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| __typename | Local variable |
| activeARecordCount | Local variable |
| activeCnameRecordCount | Local variable |
| apiCount | Local variable |
| asnNetwork | Local variable |
| asnNumber | Local variable |
| asnOrganizationName | Local variable |
| assetGroupId | Local variable |
| assetGroupName | Local variable |
| assetTagCount | Local variable |
| assetType | type |
| bestGuessUrl | Local variable |
| canBeMonitored | Local variable |
| cloudRegion | Local variable |
| cloudService | Local variable |
| commonNames | Local variable |
| created | sourceCreatedDate |
| exposureRating | Local variable |
| hasUnmanagedExposures | Local variable |
| host | hostNames |
| humanName | name |
| id | uid |
| importance | Local variable |
| ipAddress | Local variable |
| isMonitored | Local variable |
| isOnline | Local variable |
| isScannable | Local variable |
| isSensitive | Local variable |
| lastUpdated | sourceLastModified |
| notificationsEnabled | Local variable |
| onlineDnsEntryCount | Local variable |
| onlineLastUpdated | Local variable |
| onlinePortEntryCount | Local variable |
| onlineTechnologyCount | Local variable |
| organizationName | Local variable |
| parentName | Local variable |
| risk | Local variable |
| sensitiveEntity | Local variable |
| sourceCategories | categories |
| subdomain | Local variable |
| verifiedStatus | Local variable |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
IP Address
Table 3: IP Address attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| __typename | Local variable |
| activeARecordCount | Local variable |
| activeCnameRecordCount | Local variable |
| apiCount | Local variable |
| asnNetwork | Local variable |
| asnNumber | Local variable |
| asnOrganizationName | Local variable |
| assetGroupId | Local variable |
| assetGroupName | Local variable |
| assetTagCount | Local variable |
| assetType | type |
| bestGuessUrl | url, Local variable |
| canBeMonitored | Local variable |
| cloudRegion | region_name |
| cloudService | service_name |
| created | sourceCreatedDate |
| exposureRating | Local variable |
| hasUnmanagedExposures | Local variable |
| host | hostnames |
| humanName | name |
| id | uid |
| importance | Local variable |
| ipAddress | ipCalculation |
| isMonitored | Local variable |
| isOnline | Local variable |
| isScannable | Local variable |
| isSensitive | Local variable |
| lastUpdated | sourceLastModified |
| notificationsEnabled | Local variable |
| onlineDnsEntryCount | Local variable |
| onlineLastUpdated | Local variable |
| onlinePortEntryCount | Local variable |
| onlineTechnologyCount | Local variable |
| parentName | Local variable |
| risk | Local variable |
| sensitiveEntity | Local variable |
| sourceCategories | categories |
| sourceIpRangeId | Local variable |
| verifiedStatus | Local variable |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Sub Domain
Table 4: Sub Domain attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| dnsRecord.created | Local variable |
| dnsRecord.id | Local variable |
| dnsRecord.ipAddress | ipAddresses, publicIpAddresses, privateIpAddresses |
| dnsRecord.isInDns | Local variable |
| dnsRecord.isOnline | Local variable |
| dnsRecord.isWildcard | Local variable |
| dnsRecord.lastCheckedOnline | Local variable |
| dnsRecord.lastInDns | Local variable |
| dnsRecord.lastUpdated | Local variable |
| dnsRecord.rawRecord | Local variable |
| dnsRecord.recordIndex | Local variable |
| dnsRecord.recordType | Local variable |
| node.activeARecordCount | Local variable |
| node.activeCnameRecordCount | Local variable |
| node.apiCount | Local variable |
| node.asnNetwork | Local variable |
| node.asnNumber | Local variable |
| node.asnOrganizationName | Local variable |
| node.assetGroupId | Local variable |
| node.assetGroupName | Local variable |
| node.assetTagCount | Local variable |
| node.assetType | Local variable |
| node.bestGuessUrl | url |
| node.canBeMonitored | Local variable |
| node.cloudRegion | region |
| node.cloudService | service |
| node.created | sourceCreatedDate |
| node.exposureRating | Local variable |
| node.hasUnmanagedExposures | Local variable |
| node.host | Local variable |
| node.humanName | name |
| node.id | uid |
| node.importance | Local variable |
| node.isMonitored | Local variable |
| node.isOnline | Local variable |
| node.isScannable | Local variable |
| node.isSensitive | Local variable |
| node.lastUpdated | sourceLastModified |
| node.notificationsEnabled | Local variable |
| node.onlineDnsEntryCount | Local variable |
| node.onlineLastUpdated | Local variable |
| node.onlinePortEntryCount | Local variable |
| node.onlineTechnologyCount | Local variable |
| node.parentName | Local variable |
| node.risk | Local variable |
| node.sensitiveEntity | Local variable |
| node.sourceCategories | categories |
| node.sourceDomainId | Local variable |
| node.subdomain | Local variable |
| node.typename | Local variable |
| node.verifiedStatus | Local variable |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Vulnerability
Table 5: Vulnerability attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| assetGroup.id | Local variable |
| assetGroup.name | Local variable |
| assetId | Targets |
| assetPortRecord.asset | Local variable |
| assetPortRecord.asset.__typename | Local variable |
| assetPortRecord.port | Local variable |
| assetPortRecordId | Local variable |
| category.description | Local variable |
| category.name | Categories |
| created | Source created date |
| currentIncidentUuid | Local variable |
| definition.description | Description |
| definition.name | Local variable |
| domainId | Local variable |
| exposureType | Local variable |
| exposureUrl | Local variable |
| id | Uid |
| isIgnored | Local variable |
| lastDetected | Last seen |
| lastUpdated | Source last modified |
| latestExposureEventType | Local variable |
| name | Name |
| probe.__typename | Local variable |
| probeId | Local variable |
| resolvedAutomatically | Local variable |
| severity | Severity(Normalized)/ Source Severity/ Severity score |
| severityCustom | Local variable |
| severityCustomFloat | Local variable |
| severityString | Local variable |
| signature.__typename | Local variable |
| signatureId | Type |
| signatureTriggered.cve | Cve_Records, Cve_ids |
| signatureTriggered.description | Local variable |
| signatureTriggered.id | Local variable |
| signatureTriggered.name | Local variable |
| signatureTriggered.recommendations | Recommendations |
| signatureTriggered.references | References |
| signatureTriggered.req_path | Local variable |
| signatureTriggered.severity | Local variable |
| targetId | Local variable |
| tppeAssetsIgnoredCount | Local variable |
| triageState | Local variable |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Vulnerability Definition
Table 6: Vulnerability Definition attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| __typename | Type |
| categoryId | Local variable |
| categoryName | Categories |
| created | Source created date |
| cve | Cve_Records, CVE-IDS |
| definitionId | Local variable |
| definitionName | Local variable |
| dependsOnPostModules | Local variable |
| description | Description |
| enabled | Local variable |
| followRedirects | Local variable |
| hasTemplate | Local variable |
| id | Uid |
| lastUpdated | Source last modified |
| name | Name |
| recommendations | Recommendation |
| references | References |
| severity | Severity(Normalized), Source Severity, Severity score |
| signatureClass | Local variable |
| signatureOwnerType | Local variable |
| signatureType | Local variable |
| uuid | Local variable |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Operation options
The AssetNote connector supports the following operation options. See connector operation options for information about how to apply them.
Table 7: AssetNote connector operation options
| Connector Object | Option | All Possible values | Description | Example |
|---|---|---|---|---|
| Cloud Asset, IP Address, Sub Domain | verifiedStatus | true | Returns all cloud assets, IP addresses, or sub domains that have been verified. By default, the AssetNote connector returns all assets, whether they are verified or not. | Key: verifiedStatus Value: true. This key and value combination only retrieves verified assets. |
| Vulnerability | severityString | LOW, MEDIUM, HIGH, CRITICAL | Returns all vulnerabilities of the specified severity, as determined by AssetNote. | Key: severityString Value: CRITICAL. This key and value combination only retrieves critical vulnerabilities. |
| triageState | UNRESOLVED, RESOLVED | Returns all vulnerabilities of the specified triage state, as determined by AssetNote. | Key: triageState Value: UNRESOLVED. This key and value combination only retrieves unresolved vulnerabilities. | |
| Vulnerability Definition | severity | Any numeric value from 0.1-10.0 | Returns all vulnerability definitions with a severity score of the specified value or higher, as determined by AssetNote. | Key: severity Value: 7. This key and value combination only retrieves vulnerability definitions with a severity of 7 or higher. |
The option keys and values are case-sensitive as they are shown in this documentation.
APIs
The AssetNote connector uses the AssetNote GraphQL API v2. Specifically, it uses the v2/graphql endpoint and the following queries:
Cloud Asset GraphQL
v2/graphql
query ($f: [ApiFilter!], $s: [ApiSort!], $count: Int, $page: Int) {
page: assets(f: $f, s: $s, count: $count, page: $page) {
pageInfo {
hasNextPage
hasPreviousPage
startCursor
endCursor
}
nodes: edges {
node {
__typename
... on CloudAsset {
asnNetwork
apiCount
canBeMonitored
onlineTechnologyCount
cloudRegion
activeARecordCount
asnNumber
cloudService
isOnline
assetTagCount
onlineDnsEntryCount
exposureRating
activeCnameRecordCount
hasUnmanagedExposures
onlinePortEntryCount
isSensitive
parentName
humanName
asnOrganizationName
assetGroupId
assetGroupName
assetType
bestGuessUrl
commonNames
created
host
id
importance
ipAddress
isMonitored
isScannable
lastUpdated
notificationsEnabled
onlineLastUpdated
organizationName
risk
sensitiveEntity
sourceCategories
subdomain
verifiedStatus
}
... on SubdomainAsset {
asnNetwork
apiCount
canBeMonitored
onlineTechnologyCount
cloudRegion
activeARecordCount
asnNumber
cloudService
isOnline
assetTagCount
onlineDnsEntryCount
exposureRating
activeCnameRecordCount
hasUnmanagedExposures
onlinePortEntryCount
isSensitive
parentName
humanName
asnOrganizationName
assetGroupId
assetGroupName
assetType
bestGuessUrl
created
host
id
importance
isMonitored
isScannable
lastUpdated
notificationsEnabled
onlineLastUpdated
risk
sensitiveEntity
sourceCategories
sourceDomainId
subdomain
verifiedStatus
}
... on IpAsset {
asnNetwork
apiCount
canBeMonitored
onlineTechnologyCount
cloudRegion
activeARecordCount
asnNumber
cloudService
isOnline
assetTagCount
onlineDnsEntryCount
exposureRating
activeCnameRecordCount
hasUnmanagedExposures
onlinePortEntryCount
isSensitive
parentName
humanName
asnOrganizationName
assetGroupId
assetGroupName
assetType
bestGuessUrl
created
host
id
importance
ipAddress
isMonitored
isScannable
lastUpdated
notificationsEnabled
onlineLastUpdated
risk
sensitiveEntity
sourceCategories
sourceIpRangeId
verifiedStatus
}
}
}
totalCount
}
}
IP Address GraphQL
v2/graphql
query ($f: [ApiFilter!], $s: [ApiSort!], $count: Int, $page: Int) {
page: assets(f: $f, s: $s, count: $count, page: $page) {
pageInfo {
hasNextPage
hasPreviousPage
startCursor
endCursor
}
nodes: edges {
node {
__typename
... on CloudAsset {
asnNetwork
apiCount
canBeMonitored
onlineTechnologyCount
cloudRegion
activeARecordCount
asnNumber
cloudService
isOnline
assetTagCount
onlineDnsEntryCount
exposureRating
activeCnameRecordCount
hasUnmanagedExposures
onlinePortEntryCount
isSensitive
parentName
humanName
asnOrganizationName
assetGroupId
assetGroupName
assetType
bestGuessUrl
commonNames
created
host
id
importance
ipAddress
isMonitored
isScannable
lastUpdated
notificationsEnabled
onlineLastUpdated
organizationName
risk
sensitiveEntity
sourceCategories
subdomain
verifiedStatus
}
... on SubdomainAsset {
asnNetwork
apiCount
canBeMonitored
onlineTechnologyCount
cloudRegion
activeARecordCount
asnNumber
cloudService
isOnline
assetTagCount
onlineDnsEntryCount
exposureRating
activeCnameRecordCount
hasUnmanagedExposures
onlinePortEntryCount
isSensitive
parentName
humanName
asnOrganizationName
assetGroupId
assetGroupName
assetType
bestGuessUrl
created
host
id
importance
isMonitored
isScannable
lastUpdated
notificationsEnabled
onlineLastUpdated
risk
sensitiveEntity
sourceCategories
sourceDomainId
subdomain
verifiedStatus
}
... on IpAsset {
asnNetwork
apiCount
canBeMonitored
onlineTechnologyCount
cloudRegion
activeARecordCount
asnNumber
cloudService
isOnline
assetTagCount
onlineDnsEntryCount
exposureRating
activeCnameRecordCount
hasUnmanagedExposures
onlinePortEntryCount
isSensitive
parentName
humanName
asnOrganizationName
assetGroupId
assetGroupName
assetType
bestGuessUrl
created
host
id
importance
ipAddress
isMonitored
isScannable
lastUpdated
notificationsEnabled
onlineLastUpdated
risk
sensitiveEntity
sourceCategories
sourceIpRangeId
verifiedStatus
}
}
}
totalCount
}
}
Sub Domain GraphQL
v2/graphql
query ($f: [ApiFilter!], $s: [ApiSort!], $count: Int, $page: Int) {
page: assets(f: $f, s: $s, count: $count, page: $page) {
pageInfo {
hasNextPage
hasPreviousPage
startCursor
endCursor
}
nodes: edges {
node {
__typename
... on CloudAsset {
asnNetwork
apiCount
canBeMonitored
onlineTechnologyCount
cloudRegion
activeARecordCount
asnNumber
cloudService
isOnline
assetTagCount
onlineDnsEntryCount
exposureRating
activeCnameRecordCount
hasUnmanagedExposures
onlinePortEntryCount
isSensitive
parentName
humanName
asnOrganizationName
assetGroupId
assetGroupName
assetType
bestGuessUrl
commonNames
created
host
id
importance
ipAddress
isMonitored
isScannable
lastUpdated
notificationsEnabled
onlineLastUpdated
organizationName
risk
sensitiveEntity
sourceCategories
subdomain
verifiedStatus
}
... on SubdomainAsset {
asnNetwork
apiCount
canBeMonitored
onlineTechnologyCount
cloudRegion
activeARecordCount
asnNumber
cloudService
isOnline
assetTagCount
onlineDnsEntryCount
exposureRating
activeCnameRecordCount
hasUnmanagedExposures
onlinePortEntryCount
isSensitive
parentName
humanName
asnOrganizationName
assetGroupId
assetGroupName
assetType
bestGuessUrl
created
host
id
importance
isMonitored
isScannable
lastUpdated
notificationsEnabled
onlineLastUpdated
risk
sensitiveEntity
sourceCategories
sourceDomainId
subdomain
verifiedStatus
}
... on IpAsset {
asnNetwork
apiCount
canBeMonitored
onlineTechnologyCount
cloudRegion
activeARecordCount
asnNumber
cloudService
isOnline
assetTagCount
onlineDnsEntryCount
exposureRating
activeCnameRecordCount
hasUnmanagedExposures
onlinePortEntryCount
isSensitive
parentName
humanName
asnOrganizationName
assetGroupId
assetGroupName
assetType
bestGuessUrl
created
host
id
importance
ipAddress
isMonitored
isScannable
lastUpdated
notificationsEnabled
onlineLastUpdated
risk
sensitiveEntity
sourceCategories
sourceIpRangeId
verifiedStatus
}
}
}
totalCount
}
}
Vulnerability GraphQL
v2/graphql
query ($count: Int, $page: Int) {
page: vulnerabilities(count: $count, page: $page) {
nodes: edges {
node {
id
latestExposureEventType
lastDetected
isIgnored
severityCustom
triageState
severityString
exposureType
severityCustomFloat
currentIncidentUuid
resolvedAutomatically
assetGroup
assetId
assetPortRecordId
category
created
definition
domainId
lastUpdated
name
probeId
severity
signatureId
signatureTriggered
targetId
tppeAssetsIgnoredCount
exposureUrl
signature {
__typename
}
probe {
__typename
}
assetPortRecord {
asset {
__typename
}
port
}
}
}
totalCount
pageInfo {
endCursor
hasNextPage
hasPreviousPage
startCursor
}
}
}
Vulnerability Definition GraphQL
v2/graphql
query ($f: [ApiFilter!], $s: [ApiSort!], $count: Int, $page: Int) {
page: exposureSignatures(f: $f, s: $s, count: $count, page: $page) {
pageInfo {
hasNextPage
hasPreviousPage
startCursor
endCursor
}
nodes: edges {
node {
__typename
... on HTTPSignature {
categoryId
categoryName
created
cve
definitionName
dependsOnPostModules
description
enabled
followRedirects
hasTemplate
id
lastUpdated
name
recommendations
references
severity
signatureClass
signatureOwnerType
signatureType
uuid
definitionId
}
... on HTTPSignatureMeta {
categoryId
categoryName
created
cve
definitionName
dependsOnPostModules
description
enabled
followRedirects
hasTemplate
id
lastUpdated
name
recommendations
references
severity
signatureClass
signatureOwnerType
signatureType
uuid
definitionId
}
... on TPPESignature {
categoryId
categoryName
created
cve
definitionName
dependsOnPostModules
description
enabled
followRedirects
hasTemplate
id
lastUpdated
name
recommendations
references
severity
signatureClass
signatureOwnerType
signatureType
uuid
definitionId
}
... on TPPESignatureMeta {
categoryId
categoryName
created
cve
definitionName
dependsOnPostModules
description
enabled
followRedirects
hasTemplate
id
lastUpdated
name
recommendations
references
severity
signatureClass
signatureOwnerType
signatureType
uuid
definitionId
}
... on JavascriptSignature {
categoryId
categoryName
created
cve
definitionName
dependsOnPostModules
description
enabled
followRedirects
hasTemplate
id
lastUpdated
name
recommendations
references
severity
signatureClass
signatureOwnerType
signatureType
uuid
definitionId
}
... on JavascriptSignatureMeta {
categoryId
categoryName
created
cve
definitionName
dependsOnPostModules
description
enabled
followRedirects
hasTemplate
id
lastUpdated
name
recommendations
references
severity
signatureClass
signatureOwnerType
signatureType
uuid
definitionId
}
... on NetworkSignature {
categoryId
categoryName
created
cve
definitionName
dependsOnPostModules
description
enabled
followRedirects
hasTemplate
id
lastUpdated
name
recommendations
references
severity
signatureClass
signatureOwnerType
signatureType
uuid
definitionId
}
... on NetworkSignatureMeta {
categoryId
categoryName
created
cve
definitionName
dependsOnPostModules
description
enabled
followRedirects
hasTemplate
id
lastUpdated
name
recommendations
references
severity
signatureClass
signatureOwnerType
signatureType
uuid
definitionId
}
... on IOCSignature {
categoryId
categoryName
created
cve
definitionName
dependsOnPostModules
description
enabled
followRedirects
hasTemplate
id
lastUpdated
name
recommendations
references
severity
signatureClass
signatureOwnerType
signatureType
uuid
definitionId
}
... on IOCSignatureMeta {
categoryId
categoryName
created
cve
definitionName
dependsOnPostModules
description
enabled
followRedirects
hasTemplate
id
lastUpdated
name
recommendations
references
severity
signatureClass
signatureOwnerType
signatureType
uuid
definitionId
}
}
}
totalCount
}
}
Changelog
The AssetNote connector has undergone the following changes:
3.0.3
-
Added the following DNS record fields to the Sub Domain object:
- dnsRecord.created
- dnsRecord.id
- dnsRecord.ipAddress
- dnsRecord.isInDns
- dnsRecord.isOnline
- dnsRecord.isWildcard
- dnsRecord.lastCheckedOnline
- dnsRecord.lastInDns
- dnsRecord.lastUpdated
- dnsRecord.rawRecord
- dnsRecord.recordIndex
- dnsRecord.recordType
3.0.2
- Fixed an issue with the Vulnerability Definition object sync.
3.0.1
- Added a new operation option to retrieve only verified assets:
verifiedStatus.
3.0.0
- Initial Integration+ release.