
AssetNote
External Attack Surface Management- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
The AssetNote connector integrates with the Assetnote External Attack Surface Management (EASM) platform via its GraphQL API (v2/graphql). It synchronizes three types of internet-facing assets — IP addresses, subdomains, and cloud resources — along with their associated vulnerability findings and vulnerability definitions into the Brinqa platform.
Data retrieved from AssetNote
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| IP Address | Yes | Host |
| Sub Domain | Yes | Site |
| Cloud Asset | Yes | Cloud Asset |
| Vulnerability | Yes | Vulnerability |
| Vulnerability Definition | Yes | Vulnerability Definition |
Model relationships
For detailed steps on how to view the data retrieved from AssetNote in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select AssetNote from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| API URL | Yes | Default - (user input, Required) | AssetNote Security API URL |
| API key | Yes | Default - (user input, Required) | AssetNote Security integration API key |
| Page size | No | 25 | Maximum number of records to get per API request |
| Maximum retries | No | 5 | The maximum number of retry attempts before giving up a request |
Authentication
Method
API Key authentication. All API requests include the key in a custom request header.
Request Headers
| Header | Value |
|---|---|
X-ASSETNOTE-API-KEY | <your-api-key> |
Accept | application/json |
Content-Type | application/json |
Usage
The API key is sent with every request via the X-ASSETNOTE-API-KEY header. No token refresh or OAuth flow is required.
Connection Test
The connector validates authentication by executing a lightweight GraphQL query that fetches a single vulnerability ID:
query {
page:vulnerabilities(count: 1, page: 1) {
nodes:edges {
node {
id
}
}
}
}
How to obtain AssetNote credentials
Create an AssetNote user
For the AssetNote connector to use the AssetNote API, you must provide an API key. AssetNote administrators can obtain API keys for full access, or they can create new AssetNote users with the minimum access needed to read and retrieve data from the AssetNote API. To create a new AssetNote user, follow these steps:
-
Log in to your organization's AssetNote portal as an administrator.
-
Navigate to Settings > Manage Users.
-
Click Invite User.
The Invite User dialog appears.
-
Select Scoped. This restricts the access to only specific asset groups.
-
Click Next.
The Invite User dialog remains with new fields and options to complete.
-
Fill out the first name, last name, and email address.
-
For the Role, click the dropdown and select Read Only. The Read Only role is considered to be the minimum role needed to read and retrieve data.
-
(Optional) If you want to restrict access to specific asset groups, click Restrict user access through scopes, click the Asset Groups dropdown, and then select the asset groups you want to retrieve data for.
-
Click Save.

The new user receives an email from AssetNote asking them to complete their registration. Once that is completed, the new user can obtain their new API key.
Note: For additional information on creating users and role access, see AssetNote documentation.
Obtain an AssetNote API key
AssetNote administrators and invited users can obtain an AssetNote API key. To do so, follow these steps:
-
Log in to your organization's AssetNote portal.
-
Navigate to Settings, click Account Settings in the dropdown, and then click Rotate API Key.

Your API key displays. While you can come back to this page to obtain your API key, it is recommended that you handle it with caution by storing it in a safe and secure location.
Note: If you do not have the permissions to obtain an API key, contact your AssetNote administrator. For additional information, see AssetNote documentation.
Note: To retrieve finding definitions through the AssetNote connector, you must enable the signature_data_viewable_by_customer_enabled feature flag in AssetNote. If it is not enabled for your account, contact AssetNote support.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
IP Address
| Source Field Name | SDM Attribute |
|---|---|
geoData.city | ASSET_LOCATION_CITY |
geoData.country | ASSET_LOCATION_COUNTRY |
geoData.region | ASSET_LOCATION_REGION |
node.activeARecordCount | ACTIVE_RECORD_COUNT |
node.activeCnameRecordCount | ACTIVE_CNAME_RECORD_COUNT |
node.apiCount | API_COUNT |
node.asnNetwork | ASN_NETWORK |
node.asnNumber | ASN_NUMBER |
node.asnOrganizationName | ASN_ORGANIZATION_NAME |
node.assetGroupId | ASSET_GROUP_ID |
node.assetGroupName | ASSET_GROUP_NAME |
node.assetTagCount | ASSET_TAG_COUNT |
node.bestGuessUrl | URL |
node.bestGuessUrl | BEST_GUESS_URL |
node.canBeMonitored | CAN_BE_MONITORED |
node.cloudRegion | REGION |
node.cloudService | SERVICE |
node.created | SOURCE_CREATED_DATE |
node.exposureRating | EXPOSURE_RATING |
node.hasUnmanagedExposures | HAS_UNMANAGED_EXPOSURES |
node.host | HOST |
node.humanName | NAME |
node.humanName + node.id | DESCRIPTION |
node.id | UID |
node.id | IP_RANGE |
node.importance | IMPORTANCE |
node.ipAddress | IP_ADDRESSES |
node.ipAddress | PUBLIC_IP_ADDRESSES |
node.ipAddress | PRIVATE_IP_ADDRESSES |
node.isMonitored | IS_MONITORED |
node.isOnline | IS_ONLINE |
node.isScannable | IS_SCANNABLE |
node.isSensitive | IS_SENSITIVE |
node.lastUpdated | SOURCE_LAST_MODIFIED |
node.notificationsEnabled | NOTIFICATION_ENABLED |
node.onlineDnsEntryCount | ONLINE_DNS_ENTRY_COUNT |
node.onlineLastUpdated | ONLINE_LAST_UPDATED |
node.onlinePortEntryCount | ONLINE_PORT_ENTRY_COUNT |
node.onlineTechnologyCount | ONLINE_TECHNOLOGY_COUNT |
node.parentName | PARENT_NAME |
node.risk | RISK |
node.sensitiveEntity | SENSITIVE_ENTITY |
node.sourceIpRangeId | SOURCE_IP_RANGE_ID |
node.typename, node.assetType, node.sourceCategories | CATEGORIES |
node.verifiedStatus | VERIFIED_STATUS |
| System generated | LAST_CAPTURED |
Sub Domain
| Source Field Name | SDM Attribute |
|---|---|
dnsRecord.created | DNS_RECORD_CREATED |
dnsRecord.id | DNS_RECORD_ID |
dnsRecord.ipAddress | IP_ADDRESSES |
dnsRecord.ipAddress | PUBLIC_IP_ADDRESSES |
dnsRecord.ipAddress | PRIVATE_IP_ADDRESSES |
dnsRecord.isInDns | IS_IN_DNS |
dnsRecord.isWildcard | IS_WILD_CARD |
dnsRecord.lastCheckedOnline | DNS_LAST_CHECKED_ONLINE |
dnsRecord.lastInDns | LAST_IN_DNS |
dnsRecord.lastUpdated | DNS_RECORD_LAST_UPDATED |
dnsRecord.rawRecord | RAW_RECORD |
dnsRecord.recordIndex | RECORD_INDEX |
dnsRecord.recordType | RECORD_TYPE |
node.bestGuessUrl | URL |
node.cloudRegion | REGION |
node.cloudService | SERVICE |
node.created | SOURCE_CREATED_DATE |
node.humanName | NAME |
node.id | UID |
node.lastUpdated | SOURCE_LAST_MODIFIED |
node.sourceDomainId | SOURCE_DOMAIN_ID |
node.subdomain | SUB_DOMAIN |
node.typename, node.assetType, node.sourceCategories | CATEGORIES |
| See IP Address model | Common asset attributes |
sslCert.assetCount | ASSET_COUNT |
sslCert.created | CREATED |
sslCert.dateExpires | DATE_EXPIRES |
sslCert.dateIssued | DATE_ISSUED |
sslCert.dnsNames | DNS_NAMES |
sslCert.emails | EMAILS |
sslCert.id | SSL_CERT_ID |
sslCert.issuerCommonName | ISSUER_COMMON_NAME |
sslCert.issuerCountry | ISSUER_COUNTRY |
sslCert.issuerDn | ISSUER_DN |
sslCert.issuerOrganization | ISSUER_ORGANIZATION |
sslCert.issuerOrganizationalUnit | ISSUER_ORGANIZATIONAL_UNIT |
sslCert.lastUpdated | CERT_LAST_UPDATED |
sslCert.locationCity | SSL_LOCATION_CITY |
sslCert.locationContinent | SSL_LOCATION_CONTINENT |
sslCert.locationCountry | SSL_LOCATION_COUNTRY |
sslCert.locationCountryCode | SSL_LOCATION_COUNTRY_CODE |
sslCert.locationLatitude | SSL_LOCATION_LATITUDE |
sslCert.locationLongitude | SSL_LOCATION_LONGITUDE |
sslCert.locationPostalCode | SSL_LOCATION_POSTAL_CODE |
sslCert.locationProvince | SSL_LOCATION_PROVINCE |
sslCert.locationRegisteredCountry | SSL_LOCATION_REGISTERED_COUNTRY |
sslCert.locationRegisteredCountryCode | SSL_LOCATION_REGISTERED_COUNTRY_CODE |
sslCert.locationTimezone | SSL_LOCATION_TIMEZONE |
sslCert.parsedFingerprintMd5 | PARSED_FINGERPRINT_MD5 |
sslCert.parsedFingerprintSha1 | PARSED_FINGERPRINT_SHA1 |
sslCert.parsedFingerprintSha256 | PARSED_FINGERPRINT_SHA256 |
sslCert.parsedNames | PARSED_NAMES |
sslCert.subjectCommonName | SUBJECT_COMMON_NAME |
sslCert.subjectCountry | SUBJECT_COUNTRY |
sslCert.subjectCounty | SUBJECT_COUNTY |
sslCert.subjectDn | SUBJECT_DN |
sslCert.subjectKeyInfoFingerprintSha256 | SUBJECT_KEY_INFO_FINGERPRINT_SHA256 |
sslCert.subjectKeyInfoKeyAlgorithmName | SUBJECT_KEY_INFO_KEY_ALGORITHM_NAME |
sslCert.subjectKeyInfoRsaPublicKeyExponent | SUBJECT_KEY_INFO_RSA_PUBLIC_KEY_EXPONENT |
sslCert.subjectKeyInfoRsaPublicKeyLength | SUBJECT_KEY_INFO_RSA_PUBLIC_KEY_LENGTH |
sslCert.subjectLocation | SUBJECT_LOCATION |
sslCert.subjectOrganization | SUBJECT_ORGANIZATION |
sslCert.subjectOrganizationalUnit | SUBJECT_ORGANIZATIONAL_UNIT |
| System generated | LAST_CAPTURED |
Cloud Asset
| Source Field Name | SDM Attribute |
|---|---|
node.bestGuessUrl | URL |
node.cloudRegion | REGION |
node.cloudService | SERVICE |
node.commonNames | COMMON_NAMES |
node.created | SOURCE_CREATED_DATE |
node.humanName | NAME |
node.id | UID |
node.ipAddress | IP_ADDRESSES |
node.lastUpdated | SOURCE_LAST_MODIFIED |
node.organizationName | ORGANIZATION_NAME |
node.subdomain | SUB_DOMAIN |
node.typename, node.assetType, node.sourceCategories | CATEGORIES |
| See IP Address model | Common asset attributes |
| System generated | LAST_CAPTURED |
Vulnerability
| Source Field Name | SDM Attribute |
|---|---|
assetPortRecord.port | PORT |
category.description | CATEGORY_DESCRIPTION |
category.name | CATEGORIES |
node.assetId, node.tppeAssets | TARGETS |
node.created | SOURCE_CREATED_DATE |
node.currentIncidentUuid | CURRENT_INCIDENT_UUID |
node.domainId | DOMAIN_ID |
node.exposureType | EXPOSURE_TYPE |
node.exposureUrl | EXPOSURE_URL |
node.id | UID |
node.isIgnored | IS_IGNORED |
node.lastDetected | LAST_SEEN |
node.lastUpdated | SOURCE_LAST_MODIFIED |
node.latestExposureEventType | LATEST_EXPOSURE_EVENT_TYPE |
node.name | NAME |
node.probeId | PROBE_ID |
node.resolvedAutomatically | RESOLVED_AUTOMATICALLY |
node.severityCustom | SEVERITY_CUSTOM |
node.severityCustomFloat | SEVERITY_CUSTOM_FLOAT |
node.severityString | SEVERITY_STRING |
node.signatureId | TYPE |
node.tppeAssetsIgnoredCount | TPPE_ASSETS_IGNORED_COUNT |
node.triageState | PROVIDER_STATUS |
node.triageState | SOURCE_STATUS |
node.triageState | TRIAGE_STATE |
probe.__typename | PROBE_TYPE |
signatureTriggered.reqPath | REQUEST_PATH |
| System generated | LAST_CAPTURED |
Vulnerability Definition
| Source Field Name | SDM Attribute |
|---|---|
signature.__typename | TYPE_NAME |
signature.categoryId | CATEGORY_ID |
signature.categoryName | CATEGORIES |
signature.created | SOURCE_CREATED_DATE |
signature.cve | CVE_IDS |
signature.cve | CVE_RECORDS |
signature.definitionId | DEFINITION_ID |
signature.definitionName | DEFINITION_NAME |
signature.dependsOnPostModules | DEPENDS_ON_POST_MODULES |
signature.description | DESCRIPTION |
signature.enabled | ENABLED |
signature.followRedirects | FOLLOWED_REDIRECTS |
signature.hasTemplate | HAS_TEMPLATE |
signature.id | UID |
signature.lastUpdated | SOURCE_LAST_MODIFIED |
signature.name | NAME |
signature.recommendations | RECOMMENDATION |
signature.references | REFERENCES |
signature.severity | SOURCE_SEVERITY |
signature.severity | SEVERITY |
signature.severity | SOURCE_SEVERITY_SCORE |
signature.severity | SEVERITY_SCORE |
signature.signatureClass | SIGNATURE_CLASS |
signature.signatureOwnerType | SIGNATURE_OWNER_TYPE |
signature.signatureType | SIGNATURE_TYPE |
signature.uuid | UUID |
| System generated | LAST_CAPTURED |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
IP Address
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: GraphQL · Endpoint:
POST /api/v2/graphql - Default filters:
assetType EQ IP,verifiedStatus EQ true(default; overridable), pluscreated GT <since>on incremental sync
query ($f: [ApiFilter!], $s: [ApiSort!], $count: Int, $page: Int) {
page: assets(f: $f, s: $s, count: $count, page: $page) {
pageInfo {
hasNextPage
hasPreviousPage
startCursor
endCursor
}
nodes: edges {
node {
__typename
... on BaseAsset {
asnNumber
asnNetwork
asnOrganizationName
apiCount
canBeMonitored
onlineTechnologyCount
cloudRegion
cloudService
activeARecordCount
isOnline
assetTagCount
onlineDnsEntryCount
exposureRating
activeCnameRecordCount
hasUnmanagedExposures
onlinePortEntryCount
isSensitive
parentName
humanName
assetGroupId
assetGroupName
assetType
bestGuessUrl
created
host
id
importance
isMonitored
isScannable
lastUpdated
notificationsEnabled
onlineLastUpdated
risk
sensitiveEntity
sourceCategories
verifiedStatus
geoData {
city
country
region
}
}
... on CloudAsset {
ipAddress
commonNames
organizationName
subdomain
}
... on SubdomainAsset {
subdomain
sourceDomainId
sslCertificates(s: [{field: "dateIssued", dir: DESC}], count: 1) {
sslCert: edges {
node {
assetCount
created
dateIssued
dateExpires
dnsNames
emails
id
issuerCommonName
issuerCountry
issuerDn
issuerOrganization
issuerOrganizationalUnit
lastUpdated
locationCity
locationContinent
locationCountry
locationCountryCode
locationLatitude
locationLongitude
locationPostalCode
locationProvince
locationRegisteredCountry
locationRegisteredCountryCode
parsedFingerprintMd5
locationTimezone
parsedFingerprintSha1
parsedFingerprintSha256
parsedNames
subjectCommonName
subjectCountry
subjectCounty
subjectKeyInfoFingerprintSha256
subjectDn
subjectKeyInfoRsaPublicKeyExponent
subjectKeyInfoKeyAlgorithmName
subjectKeyInfoRsaPublicKeyLength
subjectLocation
subjectOrganization
subjectOrganizationalUnit
}
}
}
activeDnsRecords {
dnsRecord: edges {
node {
... on CnameDnsRecord {
id
isInDns
created
assetId
isWildcard
lastCheckedOnline
lastUpdated
lastInDns
rawRecord
recordIndex
recordType
subdomain
}
... on ADnsRecord {
id
ipAddress
assetId
created
isInDns
isWildcard
lastCheckedOnline
lastInDns
lastUpdated
rawRecord
recordIndex
recordType
}
}
}
}
}
... on IpAsset {
ipAddress
sourceIpRangeId
}
}
}
totalCount
}
}
Sub Domain
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: GraphQL · Endpoint:
POST /api/v2/graphql - Default filters:
assetType EQ SUBDOMAIN,verifiedStatus EQ true(default; overridable), pluscreated GT <since>on incremental sync
query ($f: [ApiFilter!], $s: [ApiSort!], $count: Int, $page: Int) {
page: assets(f: $f, s: $s, count: $count, page: $page) {
pageInfo {
hasNextPage
hasPreviousPage
startCursor
endCursor
}
nodes: edges {
node {
__typename
... on BaseAsset {
asnNumber
asnNetwork
asnOrganizationName
apiCount
canBeMonitored
onlineTechnologyCount
cloudRegion
cloudService
activeARecordCount
isOnline
assetTagCount
onlineDnsEntryCount
exposureRating
activeCnameRecordCount
hasUnmanagedExposures
onlinePortEntryCount
isSensitive
parentName
humanName
assetGroupId
assetGroupName
assetType
bestGuessUrl
created
host
id
importance
isMonitored
isScannable
lastUpdated
notificationsEnabled
onlineLastUpdated
risk
sensitiveEntity
sourceCategories
verifiedStatus
geoData {
city
country
region
}
}
... on CloudAsset {
ipAddress
commonNames
organizationName
subdomain
}
... on SubdomainAsset {
subdomain
sourceDomainId
sslCertificates(s: [{field: "dateIssued", dir: DESC}], count: 1) {
sslCert: edges {
node {
assetCount
created
dateIssued
dateExpires
dnsNames
emails
id
issuerCommonName
issuerCountry
issuerDn
issuerOrganization
issuerOrganizationalUnit
lastUpdated
locationCity
locationContinent
locationCountry
locationCountryCode
locationLatitude
locationLongitude
locationPostalCode
locationProvince
locationRegisteredCountry
locationRegisteredCountryCode
parsedFingerprintMd5
locationTimezone
parsedFingerprintSha1
parsedFingerprintSha256
parsedNames
subjectCommonName
subjectCountry
subjectCounty
subjectKeyInfoFingerprintSha256
subjectDn
subjectKeyInfoRsaPublicKeyExponent
subjectKeyInfoKeyAlgorithmName
subjectKeyInfoRsaPublicKeyLength
subjectLocation
subjectOrganization
subjectOrganizationalUnit
}
}
}
activeDnsRecords {
dnsRecord: edges {
node {
... on CnameDnsRecord {
id
isInDns
created
assetId
isWildcard
lastCheckedOnline
lastUpdated
lastInDns
rawRecord
recordIndex
recordType
subdomain
}
... on ADnsRecord {
id
ipAddress
assetId
created
isInDns
isWildcard
lastCheckedOnline
lastInDns
lastUpdated
rawRecord
recordIndex
recordType
}
}
}
}
}
... on IpAsset {
ipAddress
sourceIpRangeId
}
}
}
totalCount
}
}
Cloud Asset
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: GraphQL · Endpoint:
POST /api/v2/graphql - Default filters:
assetType EQ CLOUD,verifiedStatus EQ true(default; overridable), pluscreated GT <since>on incremental sync
query ($f: [ApiFilter!], $s: [ApiSort!], $count: Int, $page: Int) {
page: assets(f: $f, s: $s, count: $count, page: $page) {
pageInfo {
hasNextPage
hasPreviousPage
startCursor
endCursor
}
nodes: edges {
node {
__typename
... on BaseAsset {
asnNumber
asnNetwork
asnOrganizationName
apiCount
canBeMonitored
onlineTechnologyCount
cloudRegion
cloudService
activeARecordCount
isOnline
assetTagCount
onlineDnsEntryCount
exposureRating
activeCnameRecordCount
hasUnmanagedExposures
onlinePortEntryCount
isSensitive
parentName
humanName
assetGroupId
assetGroupName
assetType
bestGuessUrl
created
host
id
importance
isMonitored
isScannable
lastUpdated
notificationsEnabled
onlineLastUpdated
risk
sensitiveEntity
sourceCategories
verifiedStatus
geoData {
city
country
region
}
}
... on CloudAsset {
ipAddress
commonNames
organizationName
subdomain
}
... on SubdomainAsset {
subdomain
sourceDomainId
sslCertificates(s: [{field: "dateIssued", dir: DESC}], count: 1) {
sslCert: edges {
node {
assetCount
created
dateIssued
dateExpires
dnsNames
emails
id
issuerCommonName
issuerCountry
issuerDn
issuerOrganization
issuerOrganizationalUnit
lastUpdated
locationCity
locationContinent
locationCountry
locationCountryCode
locationLatitude
locationLongitude
locationPostalCode
locationProvince
locationRegisteredCountry
locationRegisteredCountryCode
parsedFingerprintMd5
locationTimezone
parsedFingerprintSha1
parsedFingerprintSha256
parsedNames
subjectCommonName
subjectCountry
subjectCounty
subjectKeyInfoFingerprintSha256
subjectDn
subjectKeyInfoRsaPublicKeyExponent
subjectKeyInfoKeyAlgorithmName
subjectKeyInfoRsaPublicKeyLength
subjectLocation
subjectOrganization
subjectOrganizationalUnit
}
}
}
activeDnsRecords {
dnsRecord: edges {
node {
... on CnameDnsRecord {
id
isInDns
created
assetId
isWildcard
lastCheckedOnline
lastUpdated
lastInDns
rawRecord
recordIndex
recordType
subdomain
}
... on ADnsRecord {
id
ipAddress
assetId
created
isInDns
isWildcard
lastCheckedOnline
lastInDns
lastUpdated
rawRecord
recordIndex
recordType
}
}
}
}
}
... on IpAsset {
ipAddress
sourceIpRangeId
}
}
}
totalCount
}
}
Vulnerability
Operation options
| Option | Type | Default | Description |
|---|---|---|---|
severityString | String | Filter by severity string (e.g., LOW, MEDIUM, HIGH, CRITICAL) | |
triageState | String | Filter by triage state (e.g., UNRESOLVED, RESOLVED) | |
severityCustomFloat | Double | Filter by custom severity score (GTE) |
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: GraphQL · Endpoint:
POST /api/v2/graphql - Default filters:
created GT <since>on incremental sync; optionalseverityString EQ <value>,triageState EQ <value>, andseverityCustomFloat GTE <value>when supplied via operation options
query ($f: [ApiFilter!], $count: Int, $page: Int) {
page: vulnerabilities(f: $f, count: $count, page: $page) {
nodes: edges {
node {
id
latestExposureEventType
lastDetected
isIgnored
severityCustom
triageState
severityString
exposureType
severityCustomFloat
currentIncidentUuid
resolvedAutomatically
assetGroup
assetId
assetPortRecordId
category
created
definition
domainId
lastUpdated
name
probeId
severity
signatureId
signatureTriggered
targetId
tppeAssetsIgnoredCount
exposureUrl
tppeAssets {
edges {
node {
... on CloudAsset {
id
}
... on SubdomainAsset {
id
}
... on IpAsset {
id
}
}
}
}
signature {
__typename
... on BaseExposureSignature {
categoryId
categoryName
created
cve
definitionName
dependsOnPostModules
description
enabled
followRedirects
hasTemplate
id
lastUpdated
name
recommendations
references
severity
signatureClass
signatureOwnerType
signatureType
uuid
definitionId
}
}
probe {
__typename
}
assetPortRecord {
asset {
__typename
}
port
}
}
}
totalCount
pageInfo {
endCursor
hasNextPage
hasPreviousPage
startCursor
}
}
}
Vulnerability Definition
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: GraphQL · Endpoint:
POST /api/v2/graphql - Default filters:
created GT <since>on incremental sync; optionalseverityString EQ <value>,triageState EQ <value>, andseverityCustomFloat GTE <value>when supplied via operation options
query ($f: [ApiFilter!], $count: Int, $page: Int) {
page: vulnerabilities(f: $f, count: $count, page: $page) {
nodes: edges {
node {
id
signature {
__typename
... on BaseExposureSignature {
categoryId
categoryName
created
cve
definitionName
dependsOnPostModules
description
enabled
followRedirects
hasTemplate
id
lastUpdated
name
recommendations
references
severity
signatureClass
signatureOwnerType
signatureType
uuid
definitionId
}
}
}
}
totalCount
pageInfo {
endCursor
hasNextPage
hasPreviousPage
startCursor
}
}
}
Changelog
The AssetNote connector has undergone the following changes:
| Version | Description | Migration Steps |
|---|---|---|
| 3.0.9 | Improvements - Added sync timestamp tracking ( LAST_CAPTURED) to all five models - Added provider-status and normalized source-status reporting for the Vulnerability model - Added source severity tracking for the Vulnerability Definition model - Added geolocation attributes (city, country, region) to the IP Address, Sub Domain, and Cloud Asset models - Renamed Sub Domain model — SSL certificate location attributes now use an SSL_ prefix to distinguish them from asset-level address fields - Improved multi-valued attribute consolidation and merge behavior for 7 attributes across asset models - Upgraded local storage API for vulnerability and vulnerability definition deduplication - Fixed the PORT attribute in the Vulnerability model to use the correct integer type - Added MockWebServer-based integration test suite for all five models - Updated documentation to match current implementation | • IP Address: Model renamed from Ip Address to IP Address — Action: purge and re-sync • Vulnerability: PORT attribute type changed from Long to Integer — Action: re-sync • Sub Domain: 11 SSL certificate location attributes renamed with SSL_ prefix (e.g., LOCATION_CITY → SSL_LOCATION_CITY) — Action: purge and re-sync |
| 3.0.8 | Improvements - Refactored Vulnerability Definition model to fetch data from the vulnerabilities GraphQL API instead of the separate exposureSignatures endpoint — aligns vulnerability definitions with actual vulnerability data - Extracted common BaseVulnerability base class from Vulnerability and VulnerabilityDefinition to share GraphQL query, local storage, and pagination logic - Added Signature API DTO to parse signature metadata embedded in vulnerability responses - Introduced local storage–based deduplication for Vulnerability and Vulnerability Definition syncs using LocalStoreUtils and SimpleKVStore to prevent duplicate records across paginated API responses - Added local-store (1.3.10) and speedbjni (2.8.0) dependencies to support local KV storage - Added transaction ID support ( TRANSACTION_ID operation option) for resumable sync operations - Fixed PARSED_NAMES attribute in Sub Domain model — changed from single-valued to multi-valued - Removed deprecated VulnerabilityDefinitionNode and VulnerabilityDefinitionResource API DTOs - Updated README.md with expanded attribute mapping tables for all models | N/A |
| 3.0.7 | Improvements - Optimized GraphQL query for asset models — removed redundant field selections from SubdomainAsset and IpAsset fragments that were already covered by the shared query fields - Added CloudAsset-specific fields (ipAddress, commonNames, organizationName, subdomain) to the asset GraphQL query - Limited SSL certificate retrieval to the most recent certificate only by adding s: [{field: "dateIssued", dir: DESC}], count: 1 sort/limit to the sslCertificates query | N/A |
| 3.0.6 | Improvements - The vulnerability severity filter ( severityCustomFloat) now accepts decimal threshold values, allowing finer-grained filtering of vulnerabilities by their custom severity score - The Vulnerability Definition source severity score is now reported as a numeric (decimal) value instead of a whole number, giving consistent numeric handling of severity data | • Vulnerability Definition: source severity score values are now stored as decimals rather than integers — Action: re-sync |
| 3.0.5 | New Features - The Sub Domain model now captures SSL/TLS certificate details for each subdomain, including issuer and subject identity (common name, organization, country), validity dates (issued and expiry), certificate fingerprints (MD5, SHA-1, SHA-256), public-key information, and the geographic location associated with the certificate Improvements - The custom severity filter for vulnerabilities now applies to the severityCustomFloat field, enabling threshold-based filtering on the custom severity score | • IP Address, Sub Domain, Cloud Asset: ASN_NUMBER attribute type changed from Long to Integer — Action: re-sync • IP Address, Sub Domain, Cloud Asset: EXPOSURE_RATING attribute type changed from Double to Float — Action: re-sync • Vulnerability: PORT attribute type changed from Integer to Long — Action: re-sync |
| 3.0.4 | New Features - Added a custom severity filter ( severityCustomFloat) for the Vulnerability sync, allowing vulnerabilities to be filtered by a minimum custom severity score | N/A |
| 3.0.3 | New Features - The Sub Domain model now captures active DNS record details for each subdomain, including the record type, raw record, DNS presence and wildcard flags, and the relevant timestamps (created, last updated, last checked online, last seen in DNS) - The Sub Domain model now reports the IP addresses resolved from its DNS records, including separate public and private IP address attributes | N/A |
| 3.0.2 | Bug Fixes - Vulnerability Definition records without an identifier are now skipped during sync instead of causing the sync to fail, improving reliability when the source returns incomplete definition data | N/A |
| 3.0.1 | New Features - Added a verifiedStatus sync option (defaulting to verified assets only) for the IP Address, Sub Domain, and Cloud Asset models, so syncs can be scoped to verified or unverified assets | N/A |
| 3.0.0 | Overview The AssetNote connector integrates with AssetNote Security to synchronize external attack surface assets, vulnerabilities, and vulnerability definitions. Category: External Attack Surface Management Models | N/A |