Skip to main content

AssetNote

AssetNote is an external attack surface management tool that monitors your organization's assets exposed to the internet. You can import cloud asset, IP address, sub domain, and other security data from AssetNote into Brinqa to enhance visibility into potential vulnerabilities associated with your assets, thus strengthening your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with AssetNote and how to obtain that information from AssetNote. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select AssetNote from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate AssetNote with Brinqa:

  • API URL: Your organization's AssetNote server URL. The default format is https://<ServerName>/.

  • API key: The API key associated with the AssetNote account, which must have permissions to log in to the API server and return data.

Create an AssetNote user

For the AssetNote connector to use the AssetNote API, you must provide an API key. AssetNote administrators can obtain API keys for full access, or they can create new AssetNote users with the minimum access needed to read and retrieve data from the AssetNote API. To create a new AssetNote user, follow these steps:

  1. Log in to your organization's AssetNote portal as an administrator.

  2. Navigate to Settings > Manage Users.

  3. Click Invite User.

    The Invite User dialog appears.

  4. Select Scoped. This restricts the access to only specific asset groups.

  5. Click Next.

    The Invite User dialog remains with new fields and options to complete.

  6. Fill out the first name, last name, and email address.

  7. For the Role, click the drop-down and select Read Only. The Read Only role is considered to be the minimum role needed to read and retrieve data.

  8. (Optional) If you want to restrict access to specific asset groups, click Restrict user access through scopes, click the Asset Groups drop-down, and then select the asset groups you want to retrieve data for.

  9. Click Save.

    AssetNote create new user

The new user receives an email from AssetNote asking them to complete their registration. Once that is completed, the new user can obtain their new API key.

note

For additional information on creating users and role access, see AssetNote documentation.

Obtain an AssetNote API key

AssetNote administrators and invited users can obtain an AssetNote API key. To do so, follow these steps:

  1. Log in to your organization's AssetNote portal.

  2. Navigate to Settings, click Account Settings in the drop-down, and then click Rotate API Key.

    AssetNote API Key

Your API key displays. While you can come back to this page to obtain your API key, it is recommended that you handle it with caution by storing it in a safe and secure location.

note

If you do not have the permissions to obtain an API key, contact your AssetNote administrator. For additional information, see AssetNote documentation.

Additional settings

The AssetNote connector contains an additional option for configuration:

  • Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.

Types of data to retrieve

The AssetNote connector can retrieve the following types of data from the AssetNote API:

Table 1: Data retrieved from AssetNote

Connector ObjectRequiredMaps to Data Model
Cloud AssetNoCloud Resource
IP AddressYesIP Range
Sub DomainYesSite
VulnerabilityYesVulnerability
Vulnerability DefinitionYesVulnerability Definition
note

For detailed steps on how to view the data retrieved from AssetNote in the Brinqa Platform, see How to view your data.

Attribute mappings

Expand the sections below to view the mappings between the source and the Brinqa data model attributes.

Cloud Asset

Table 2: Cloud Asset attribute mappings

Source Field NameMaps to Attribute
__typenameLocal variable
activeARecordCountLocal variable
activeCnameRecordCountLocal variable
apiCountLocal variable
asnNetworkLocal variable
asnNumberLocal variable
asnOrganizationNameLocal variable
assetGroupIdLocal variable
assetGroupNameLocal variable
assetTagCountLocal variable
assetTypetype
bestGuessUrlLocal variable
canBeMonitoredLocal variable
cloudRegionLocal variable
cloudServiceLocal variable
commonNamesLocal variable
createdsourceCreatedDate
exposureRatingLocal variable
hasUnmanagedExposuresLocal variable
hosthostNames
humanNamename
iduid
importanceLocal variable
ipAddressLocal variable
isMonitoredLocal variable
isOnlineLocal variable
isScannableLocal variable
isSensitiveLocal variable
lastUpdatedsourceLastModified
notificationsEnabledLocal variable
onlineDnsEntryCountLocal variable
onlineLastUpdatedLocal variable
onlinePortEntryCountLocal variable
onlineTechnologyCountLocal variable
organizationNameLocal variable
parentNameLocal variable
riskLocal variable
sensitiveEntityLocal variable
sourceCategoriescategories
subdomainLocal variable
verifiedStatusLocal variable
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

IP Address

Table 3: IP Address attribute mappings

Source Field NameMaps to Attribute
__typenameLocal variable
activeARecordCountLocal variable
activeCnameRecordCountLocal variable
apiCountLocal variable
asnNetworkLocal variable
asnNumberLocal variable
asnOrganizationNameLocal variable
assetGroupIdLocal variable
assetGroupNameLocal variable
assetTagCountLocal variable
assetTypetype
bestGuessUrlurl, Local variable
canBeMonitoredLocal variable
cloudRegionregion_name
cloudServiceservice_name
createdsourceCreatedDate
exposureRatingLocal variable
hasUnmanagedExposuresLocal variable
hosthostnames
humanNamename
iduid
importanceLocal variable
ipAddressipCalculation
isMonitoredLocal variable
isOnlineLocal variable
isScannableLocal variable
isSensitiveLocal variable
lastUpdatedsourceLastModified
notificationsEnabledLocal variable
onlineDnsEntryCountLocal variable
onlineLastUpdatedLocal variable
onlinePortEntryCountLocal variable
onlineTechnologyCountLocal variable
parentNameLocal variable
riskLocal variable
sensitiveEntityLocal variable
sourceCategoriescategories
sourceIpRangeIdLocal variable
verifiedStatusLocal variable
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

Sub Domain

Table 4: Sub Domain attribute mappings

Source Field NameMaps to Attribute
dnsRecord.createdLocal variable
dnsRecord.idLocal variable
dnsRecord.ipAddressipAddresses, publicIpAddresses, privateIpAddresses
dnsRecord.isInDnsLocal variable
dnsRecord.isOnlineLocal variable
dnsRecord.isWildcardLocal variable
dnsRecord.lastCheckedOnlineLocal variable
dnsRecord.lastInDnsLocal variable
dnsRecord.lastUpdatedLocal variable
dnsRecord.rawRecordLocal variable
dnsRecord.recordIndexLocal variable
dnsRecord.recordTypeLocal variable
node.activeARecordCountLocal variable
node.activeCnameRecordCountLocal variable
node.apiCountLocal variable
node.asnNetworkLocal variable
node.asnNumberLocal variable
node.asnOrganizationNameLocal variable
node.assetGroupIdLocal variable
node.assetGroupNameLocal variable
node.assetTagCountLocal variable
node.assetTypeLocal variable
node.bestGuessUrlurl
node.canBeMonitoredLocal variable
node.cloudRegionregion
node.cloudServiceservice
node.createdsourceCreatedDate
node.exposureRatingLocal variable
node.hasUnmanagedExposuresLocal variable
node.hostLocal variable
node.humanNamename
node.iduid
node.importanceLocal variable
node.isMonitoredLocal variable
node.isOnlineLocal variable
node.isScannableLocal variable
node.isSensitiveLocal variable
node.lastUpdatedsourceLastModified
node.notificationsEnabledLocal variable
node.onlineDnsEntryCountLocal variable
node.onlineLastUpdatedLocal variable
node.onlinePortEntryCountLocal variable
node.onlineTechnologyCountLocal variable
node.parentNameLocal variable
node.riskLocal variable
node.sensitiveEntityLocal variable
node.sourceCategoriescategories
node.sourceDomainIdLocal variable
node.subdomainLocal variable
node.typenameLocal variable
node.verifiedStatusLocal variable
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

Vulnerability

Table 5: Vulnerability attribute mappings

Source Field NameMaps to Attribute
assetGroup.idLocal variable
assetGroup.nameLocal variable
assetIdTargets
assetPortRecord.assetLocal variable
assetPortRecord.asset.__typenameLocal variable
assetPortRecord.portLocal variable
assetPortRecordIdLocal variable
category.descriptionLocal variable
category.nameCategories
createdSource created date
currentIncidentUuidLocal variable
definition.descriptionDescription
definition.nameLocal variable
domainIdLocal variable
exposureTypeLocal variable
exposureUrlLocal variable
idUid
isIgnoredLocal variable
lastDetectedLast seen
lastUpdatedSource last modified
latestExposureEventTypeLocal variable
nameName
probe.__typenameLocal variable
probeIdLocal variable
resolvedAutomaticallyLocal variable
severitySeverity(Normalized)/ Source Severity/ Severity score
severityCustomLocal variable
severityCustomFloatLocal variable
severityStringLocal variable
signature.__typenameLocal variable
signatureIdType
signatureTriggered.cveCve_Records, Cve_ids
signatureTriggered.descriptionLocal variable
signatureTriggered.idLocal variable
signatureTriggered.nameLocal variable
signatureTriggered.recommendationsRecommendations
signatureTriggered.referencesReferences
signatureTriggered.req_pathLocal variable
signatureTriggered.severityLocal variable
targetIdLocal variable
tppeAssetsIgnoredCountLocal variable
triageStateLocal variable
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

Vulnerability Definition

Table 6: Vulnerability Definition attribute mappings

Source Field NameMaps to Attribute
__typenameType
categoryIdLocal variable
categoryNameCategories
createdSource created date
cveCve_Records, CVE-IDS
definitionIdLocal variable
definitionNameLocal variable
dependsOnPostModulesLocal variable
descriptionDescription
enabledLocal variable
followRedirectsLocal variable
hasTemplateLocal variable
idUid
lastUpdatedSource last modified
nameName
recommendationsRecommendation
referencesReferences
severitySeverity(Normalized), Source Severity, Severity score
signatureClassLocal variable
signatureOwnerTypeLocal variable
signatureTypeLocal variable
uuidLocal variable
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

Operation options

The AssetNote connector supports the following operation options. See connector operation options for information about how to apply them.

Table 7: AssetNote connector operation options

Connector ObjectOptionAll Possible valuesDescriptionExample
Cloud Asset,
IP Address,
Sub Domain		verifiedStatustrueReturns all cloud assets, IP addresses, or sub domains that have been verified. By default, the AssetNote connector returns all assets, whether they are verified or not.Key: verifiedStatus Value: true. This key and value combination only retrieves verified assets.
VulnerabilityseverityCustomFloatAny numeric value from 0.1-10.0Returns all vulnerabilities with a severity score of the specified value or higher, as determined by AssetNote.Key: severityCustomFloat Value: 8. This key and value combination retrieves all vulnerabilities with a severity of 8 or higher.
severityStringLOW, MEDIUM, HIGH, CRITICALReturns all vulnerabilities of the specified severity, as determined by AssetNote.Key: severityString Value: CRITICAL. This key and value combination only retrieves critical vulnerabilities.
triageStateUNRESOLVED, RESOLVEDReturns all vulnerabilities of the specified triage state, as determined by AssetNote.Key: triageState Value: UNRESOLVED. This key and value combination only retrieves unresolved vulnerabilities.
Vulnerability DefinitionseverityAny numeric value from 0.1-10.0Returns all vulnerability definitions with a severity score of the specified value or higher, as determined by AssetNote.Key: severity Value: 7. This key and value combination retrieves all vulnerability definitions with a severity of 7 or higher.
note

The option keys and values are case-sensitive as they are shown in this documentation.

APIs

The AssetNote connector uses the AssetNote GraphQL API v2. Specifically, it uses the v2/graphql endpoint.

Changelog

The AssetNote connector has undergone the following changes:

Table 8: AssetNote connector changelog

VersionDescription
3.0.4Added a new operation option for the Vulnerability object to filter by severity score: severityCustomFloat.
3.0.3Added the following DNS record fields to the Sub Domain object:
  • dnsRecord.created
  • dnsRecord.id
  • dnsRecord.ipAddress
  • dnsRecord.isInDns
  • dnsRecord.isOnline
  • dnsRecord.isWildcard
  • dnsRecord.lastCheckedOnline
  • dnsRecord.lastInDns
  • dnsRecord.lastUpdated
  • dnsRecord.rawRecord
  • dnsRecord.recordIndex
  • dnsRecord.recordType
3.0.2Fixed an issue with the Vulnerability Definition object sync.
3.0.1Added a new operation option to retrieve only verified assets: verifiedStatus.
3.0.0Initial Integration+ release.
Last updated on