AssetNote
AssetNote is an external attack surface management tool that monitors your organization's assets exposed to the internet. You can import cloud asset, IP address, sub domain, and other security data from AssetNote into Brinqa to enhance visibility into potential vulnerabilities associated with your assets, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with AssetNote and how to obtain that information from AssetNote. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select AssetNote from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate AssetNote with Brinqa:
-
API URL: Your organization's AssetNote server URL. The default format is
https://<ServerName>/. -
API key: The API key associated with the AssetNote account, which must have permissions to log in to the API server and return data.
Create an AssetNote user
For the AssetNote connector to use the AssetNote API, you must provide an API key. AssetNote administrators can obtain API keys for full access, or they can create new AssetNote users with the minimum access needed to read and retrieve data from the AssetNote API. To create a new AssetNote user, follow these steps:
-
Log in to your organization's AssetNote portal as an administrator.
-
Navigate to Settings > Manage Users.
-
Click Invite User.
The Invite User dialog appears.
-
Select Scoped. This restricts the access to only specific asset groups.
-
Click Next.
The Invite User dialog remains with new fields and options to complete.
-
Fill out the first name, last name, and email address.
-
For the Role, click the dropdown and select Read Only. The Read Only role is considered to be the minimum role needed to read and retrieve data.
-
(Optional) If you want to restrict access to specific asset groups, click Restrict user access through scopes, click the Asset Groups dropdown, and then select the asset groups you want to retrieve data for.
-
Click Save.
The new user receives an email from AssetNote asking them to complete their registration. Once that is completed, the new user can obtain their new API key.
For additional information on creating users and role access, see AssetNote documentation.
Obtain an AssetNote API key
AssetNote administrators and invited users can obtain an AssetNote API key. To do so, follow these steps:
-
Log in to your organization's AssetNote portal.
-
Navigate to Settings, click Account Settings in the dropdown, and then click Rotate API Key.
Your API key displays. While you can come back to this page to obtain your API key, it is recommended that you handle it with caution by storing it in a safe and secure location.
If you do not have the permissions to obtain an API key, contact your AssetNote administrator. For additional information, see AssetNote documentation.
Additional settings
The AssetNote connector contains additional options for configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 25. It is not recommended to go over 25.
-
Max retries: The maximum number of retry attempts before giving up. The default setting is 5.
Types of data to retrieve
The AssetNote connector can retrieve the following types of data from the AssetNote API:
Table 1: Data retrieved from AssetNote
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Cloud Asset | No | Cloud Resource |
| IP Address | Yes | Host |
| Sub Domain | Yes | Site |
| Vulnerability | Yes | Vulnerability |
| Vulnerability Definition | Yes | Vulnerability Definition |
You must enable the following feature flag in AssetNote to retrieve finding definitions through the AssetNote connector:
signature_data_viewable_by_customer_enabled
For additional information or assistance enabling the feature flag, contact your AssetNote Support team. Brinqa and AssetNote are working to remove this requirement in a future update.
For detailed steps on how to view the data retrieved from AssetNote in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Cloud Asset
Table 2: Cloud Asset attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| commonNames | commonNames |
| created | sourceCreatedDate |
| geoData.city | assetLocationCity |
| geoData.country | assetLocationCountry |
| geoData.region | assetLocationRegion |
| host | host |
| humanName | name |
| id | uid |
| ipAddress | ipAddresses |
| lastUpdated | sourceLastModified |
| organizationName | organizationName |
| sourceCategories | categories |
| subdomain | subDomain |
| All common asset fields | See IP Address model |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
IP Address
Table 3: IP Address attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| bestGuessUrl | url |
| cloudRegion | region |
| cloudService | service |
| created | sourceCreatedDate |
| geoData.city | assetLocationCity |
| geoData.country | assetLocationCountry |
| geoData.region | assetLocationRegion |
| host | host |
| humanName | name |
| id | uid, ipRange, description |
| ipAddress | ipAddresses, publicIpAddresses, privateIpAddresses |
| lastUpdated | sourceLastModified |
| sourceCategories | categories |
| sourceIpRangeId | sourceIpRangeId |
| All common asset fields | asnNetwork, asnNumber, asnOrganizationName, and other base asset attributes |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Sub Domain
Table 4: Sub Domain attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| dnsRecord.created | dnsRecordCreated |
| dnsRecord.id | dnsRecordId |
| dnsRecord.ipAddress | ipAddresses, publicIpAddresses, privateIpAddresses |
| dnsRecord.isInDns | isInDns |
| dnsRecord.isWildcard | isWildCard |
| dnsRecord.lastCheckedOnline | dnsLastCheckedOnline |
| dnsRecord.lastInDns | lastInDns |
| dnsRecord.lastUpdated | dnsRecordLastUpdated |
| dnsRecord.rawRecord | rawRecord |
| dnsRecord.recordIndex | recordIndex |
| dnsRecord.recordType | recordType |
| geoData.city | assetLocationCity |
| geoData.country | assetLocationCountry |
| geoData.region | assetLocationRegion |
| node.sourceDomainId | sourceDomainId |
| node.subdomain | subDomain |
| sslCert.assetCount | assetCount |
| sslCert.created | created |
| sslCert.dateExpires | dateExpires |
| sslCert.dateIssued | dateIssued |
| sslCert.dnsNames | dnsNames |
| sslCert.emails | emails |
| sslCert.id | sslCertId |
| sslCert.issuerCommonName | issuerCommonName |
| sslCert.issuerCountry | issuerCountry |
| sslCert.issuerDn | issuerDn |
| sslCert.issuerOrganization | issuerOrganization |
| sslCert.issuerOrganizationalUnit | issuerOrganizationalUnit |
| sslCert.lastUpdated | certLastUpdated |
| sslCert.locationCity | sslLocationCity |
| sslCert.locationContinent | sslLocationContinent |
| sslCert.locationCountry | sslLocationCountry |
| sslCert.locationCountryCode | sslLocationCountryCode |
| sslCert.locationLatitude | sslLocationLatitude |
| sslCert.locationLongitude | sslLocationLongitude |
| sslCert.locationPostalCode | sslLocationPostalCode |
| sslCert.locationProvince | sslLocationProvince |
| sslCert.locationRegisteredCountry | sslLocationRegisteredCountry |
| sslCert.locationRegisteredCountryCode | sslLocationRegisteredCountryCode |
| sslCert.locationTimezone | sslLocationTimezone |
| sslCert.parsedFingerprintMd5 | parsedFingerprintMd5 |
| sslCert.parsedFingerprintSha1 | parsedFingerprintSha1 |
| sslCert.parsedFingerprintSha256 | parsedFingerprintSha256 |
| sslCert.parsedNames | parsedNames |
| sslCert.subjectCommonName | subjectCommonName |
| sslCert.subjectCountry | subjectCountry |
| sslCert.subjectCounty | subjectCounty |
| sslCert.subjectDn | subjectDn |
| sslCert.subjectKeyInfoFingerprintSha256 | subjectKeyInfoFingerprintSha256 |
| sslCert.subjectKeyInfoKeyAlgorithmName | subjectKeyInfoKeyAlgorithmName |
| sslCert.subjectKeyInfoRsaPublicKeyExponent | subjectKeyInfoRsaPublicKeyExponent |
| sslCert.subjectKeyInfoRsaPublicKeyLength | subjectKeyInfoRsaPublicKeyLength |
| sslCert.subjectLocation | subjectLocation |
| sslCert.subjectOrganization | subjectOrganization |
| sslCert.subjectOrganizationalUnit | subjectOrganizationalUnit |
| All common asset fields | See IP Address model |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Vulnerability
Table 5: Vulnerability attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| assetId | targets |
| assetPortRecord.port | port |
| category.description | categoryDescription |
| category.name | categories |
| created | sourceCreatedDate |
| currentIncidentUuid | currentIncidentUuid |
| domainId | domainId |
| exposureType | exposureType |
| exposureUrl | exposureUrl |
| id | uid |
| isIgnored | isIgnored |
| lastDetected | lastSeen |
| lastUpdated | sourceLastModified |
| latestExposureEventType | latestExposureEventType |
| name | name |
| probe.__typename | probeType |
| probeId | probeId |
| resolvedAutomatically | resolvedAutomatically |
| severityCustom | severityCustom |
| severityCustomFloat | severityCustomFloat |
| severityString | severityString |
| signatureId | type |
| signatureTriggered.req_path | requestPath |
| tppeAssets | targets |
| tppeAssetsIgnoredCount | tppeAssetsIgnoredCount |
| triageState | triageState, providerStatus, sourceStatus |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Vulnerability Definition
Table 6: Vulnerability Definition attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| __typename | typeName |
| categoryId | categoryId |
| categoryName | categories |
| created | sourceCreatedDate |
| cve | cveIds, cveRecords |
| definitionId | definitionId |
| definitionName | definitionName |
| dependsOnPostModules | dependsOnPostModules |
| description | description |
| enabled | enabled |
| followRedirects | followedRedirects |
| hasTemplate | hasTemplate |
| id | uid |
| lastUpdated | sourceLastModified |
| name | name |
| recommendations | recommendation |
| references | references |
| severity | severity, sourceSeverity, severityScore, sourceSeverityScore |
| signatureClass | signatureClass |
| signatureOwnerType | signatureOwnerType |
| signatureType | signatureType |
| uuid | uuid |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Operation options
The AssetNote connector supports the following operation options. See connector operation options for information about how to apply them.
Table 7: AssetNote connector operation options
| Connector Object | Option | All Possible values | Description | Example |
|---|---|---|---|---|
| Cloud Asset, IP Address, Sub Domain | verifiedStatus | true | Returns all cloud assets, IP addresses, or sub domains that have been verified. By default, the AssetNote connector returns all assets, whether they are verified or not. | Key: verifiedStatus Value: true. This key and value combination only retrieves verified assets. |
| Vulnerability, Vulnerability Definition | severityCustomFloat | Any numeric value from 0.1-10.0 | Returns all vulnerabilities or vulnerability definitions with a severity score of the specified value or higher, as determined by AssetNote. | Key: severityCustomFloat Value: 8. This key and value combination retrieves all records with a severity of 8 or higher. |
| severityString | LOW, MEDIUM, HIGH, CRITICAL | Returns all vulnerabilities or vulnerability definitions of the specified severity, as determined by AssetNote. | Key: severityString Value: CRITICAL. This key and value combination only retrieves critical records. | |
| triageState | UNRESOLVED, RESOLVED | Returns all vulnerabilities or vulnerability definitions of the specified triage state, as determined by AssetNote. | Key: triageState Value: UNRESOLVED. This key and value combination only retrieves unresolved records. | |
| severity | Any numeric value from 0.1-10.0 | Returns all vulnerabilities or vulnerability definitions with a severity score of the specified value or higher, as determined by AssetNote. | Key: severity Value: 7. This key and value combination retrieves all records with a severity of 7 or higher. |
The option keys and values are case-sensitive as they are shown in this documentation.
APIs
The AssetNote connector uses the AssetNote GraphQL API v2. Specifically, it uses the v2/graphql endpoint.
Changelog
The AssetNote connector has undergone the following changes:
Table 8: AssetNote connector changelog
| Version | Description | Date Published |
|---|---|---|
| 3.0.9 | Improvements - Added sync timestamp tracking ( LAST_CAPTURED) to all five models - Added provider-status and normalized source-status reporting for the Vulnerability model - Added source severity tracking for the Vulnerability Definition model - Added geolocation attributes (city, country, region) to the IP Address, Sub Domain, and Cloud Asset models - Renamed Sub Domain model. SSL certificate location attributes now use an SSL_ prefix to distinguish them from asset-level address fields - Improved multi-valued attribute consolidation and merge behavior for 7 attributes across asset models - Upgraded local storage API for vulnerability and vulnerability definition deduplication - Fixed the PORT attribute in the Vulnerability model to use the correct integer type - Added MockWebServer-based integration test suite for all five models - Updated documentation to match current implementation Migration Required - 'IP Address': Model renamed from Ip Address to IP Address. Action: purge and re-sync - 'Vulnerability': PORT attribute type changed from Long to Integer. Action: re-sync - 'Sub Domain': 11 SSL certificate location attributes renamed with SSL_ prefix (e.g., LOCATION_CITY to SSL_LOCATION_CITY). Action: purge and re-sync | June 11th, 2026 |
| 3.0.8 | Improvements - Refactored Vulnerability Definition model to fetch data from the vulnerabilities GraphQL API instead of the separate exposureSignatures endpoint. This aligns vulnerability definitions with actual vulnerability data. - Extracted common base class from Vulnerability and Vulnerability Definition to share GraphQL query, local storage, and pagination logic - Introduced local storage-based deduplication for Vulnerability and Vulnerability Definition syncs to prevent duplicate records across paginated API responses - Added transaction ID support ( TRANSACTION_ID operation option) for resumable sync operations - Fixed PARSED_NAMES attribute in Sub Domain model. Changed from single-valued to multi-valued No Migration | November 26th, 2025 |
| 3.0.7 | - Improved how the connector retrieves SSL certificate details on the Sub Domain object. The connector now retrieves only the most recent SSL certificate from AssetNote. - Modified the Sub Domain GraphQL query to improve performance by moving common fields across assets, such as ip, subdomain, and cloud, into the BaseAsset section of the query. | July 1st, 2025 |
| 3.0.6 | Fixed an issue where the Vulnerability and Vulnerability Definition object syncs were failing. | June 23rd, 2025 |
| 3.0.5 | - Fixed an issue where the Sub Domain object sync was failing by setting the default page size to 25, as recommended by AssetNote. - Enhanced the Sub Domain object to include SSL certificate details from the AssetNote GraphQL API. | June 18th, 2025 |
| 3.0.4 | Added a new operation option for the Vulnerability object to filter by severity score: severityCustomFloat. | March 12th, 2025 |
| 3.0.3 | Added the following DNS record fields to the Sub Domain object:
| June 19th, 2024 |
| 3.0.2 | Fixed an issue with the Vulnerability Definition object sync. | April 24th, 2024 |
| 3.0.1 | Added a new operation option to retrieve only verified assets: verifiedStatus. | April 19th, 2024 |
| 3.0.0 | Initial Integration+ release. | April 15th, 2024 |