What are Assets?
Assets are what Chariot is scanning to find risks in your environment. Chariot supports the following types of assets:
- Root domains (acme.com)
- Hostnames (web01.acme.com)
- CIDR ranges (35.196.215.0/24)
- IP addresses (IPv4, IPv6)
- GitHub organizations (https://github.com/praetorian-inc)
- GitHub repositories (https://github.com/praetorian-inc/noseyparker)
- Third party integrations like Crowdstrike, Nessus, and NS1*
- Cloud integrations**
Upon adding an asset from one of the categories above, Chariot expands the enumeration scope iteratively until it finds and exhausts all assets discoverable from the originally provided assets. For example, starting with a root domain, Chariot might discover subdomains under the root, one of which hosts a web server whose TLS certificate contains additional linked domains.
*Chariot currently uses a different flow to add third party integrations such as Crowdstrike, Nessus, and NS1. To add assets from these integrations, please refer to Asset Ingestion (Nessus, NS1, and CrowdStrike).
**Chariot currently uses a different flow to add cloud seeds, such as AWS accounts, GCP projects, or Azure subscriptions. To add cloud seeds to your Chariot instance please refer to Cloud Providers. You may, however, use the instructions on this page to add generic asset types that merely correspond to assets in a cloud environment, such as IP addresses or domain names that point to cloud-hosted machines.
Viewing Assets
Access your Assets page from the menu in the top left corner:
The Assets page filters assets so that they can be viewed in manageable groups based on common elements. The asset table will show you each asset with IP, DNS, and First Seen data.
Adding Assets
To add new assets to Chariot, click Asset Discovery:
When you click on Asset Discovery the Configure Asset Discovery form will pop up:
On this form you can add a new generic asset type (listed above), and then set the Chariot scan priority. Standard Scan is the default scan priority, but you can select Comprehensive Scan, Standard Scan, or Asset Discovery scans only.
As noted in the Configure Asset Discovery form, you can use the Praetorian CLI to add assets in bulk.
After receiving new assets, Chariot will begin enumerating each asset using whois, subdomain enumerators, port scanners, web crawling, and other techniques. Each day, Chariot will repeat all enumeration tasks against all assets in your instance to discover new assets that may have been created after adding the original asset.
Managing Assets
When you click on an individual asset, the asset drawer will pop out from the right side of the UI. Within the asset drawer, you can see Risks associated with the asset (if any exist), Asset Attributes, Related Assets, Asset History, and the Scan Priority dropdown.
Risks
If there are any Risks associated with the asset, they will appear on the Risks tab:
Attributes
The Attributes tab will show you more information on that asset. Note that you can add custom Attributes with the Add Attribute drop down.
Related Assets
The Related Assets tab provides information on other assets associated with the primary asset. As an example, the IP for gladiator.systems is listed.
History
The History tab, lets you see the scan history of your asset.
Set Asset Scan Priority
Chariot allows you to chose the priority level at which each asset is scanned.
The Comprehensive Scan will enumerate the asset for additional assets and risks and will apply more intensive testing. The additional testing may generate a measurable load on the asset and should be applied to highly resilient yet business critical assets.
The Standard Scan will enumerate the asset for additional assets and risks.
Asset Discovery will enumerate the asset for additional assets, but will not scan for risks.
Excluded will cease all scanning against the asset.
Users can chose the scan priority that is right for each asset and can make changes at any time.
Bulk operations
Chariot supports bulk operations against assets. With the Attribute and Status filters you can organize assets and change scan priorities on groups of assets. Combine custom attributes with filtering to make a customized experience.