Overview
The Assets page provides a comprehensive view of your organization's attack surface by displaying all discovered digital assets. Assets are automatically discovered through seed domains, third-party service integrations, and Chariot asset discovery capabilities.
Asset Discovery
When Chariot discovers assets, it employs a wide range of sophisticated discovery methods. Starting with your seed domains, Chariot analyzes your attack surface using various techniques. It examines Content Security Policies to find related domains and assets, performs WHOIS and reverse WHOIS lookups to identify connected properties, and even searches SEC EDGAR filings for mentions of digital assets. The system also integrates with major cloud providers like GCP, Azure, and AWS, as well as services like NS1, Cloudflare, Akamai, etc. to discover assets across your cloud infrastructure. Through IP and network range analysis, DNS examination, and technology fingerprinting, Chariot continues to expand its understanding of your digital footprint. These capabilities represent just a sample of how Chariot discovers assets - the system employs many additional discovery methods to ensure comprehensive coverage of your attack surface.
Filtering Assets
Chariot provides powerful filtering capabilities to help you organize and analyze your attack surface effectively. Since your asset inventory can grow rapidly through automated discovery, these filters are essential for focusing on specific segments of your infrastructure or investigating particular types of assets.
Filter your assets using various criteria:
- Surface: Filter by providence (provided by user, discovered through integrations)
- Port: View assets with specific open ports
- Protocol: Filter by detected protocols (FTP, HTTP, HTTPS, SSH, etc.)
- Status: Filter by asset state (Active, Frozen, Deleted)
Asset Details
When you click on an asset, a detailed information drawer opens, providing comprehensive insights through multiple specialized tabs. The Overview tab, which appears by default, gives you immediate access to critical asset information.
Overview Tab
The Overview tab serves as your command center for the asset, presenting key security metrics and historical context:
Security Status
- At-a-glance view of open vulnerabilities, categorized by severity level
- Direct insights into the asset's current security posture
Discovery Timeline
- First seen timestamp: Track when Chariot initially discovered the asset
- Last seen timestamp: Monitor when the asset was last active or scanned
Asset Origin
- Providence information showing how Chariot discovered the asset (e.g., through seed domain analysis, CSP headers, cloud integrations, etc.)
- Visual parent-child relationship graph that maps how this asset connects to others in your attack surface
- Clear illustration of the discovery path that led Chariot to find this asset
Asset Identification
- IP addresses associated with the asset
- Domain information
- Reverse DNS lookup results
- Core networking details
Vulnerabilities Tab
The Vulnerabilities tab provides a comprehensive view of all identified security issues affecting this asset. Here you can monitor current vulnerabilities, track their severity levels, and follow their remediation status.
- List of identified vulnerabilities
- Severity ratings
- Current status
Domain Tab
The Domain tab provides detailed insights into the asset's domain history and WHOIS information. Here you can trace the domain's history within Chariot, including historical scan results and changes in domain registration details over time.
Technologies Tab
The Technologies tab offers a detailed view of the technical fingerprint of your asset, showing what services and technologies are actively running. Here you can see a non-exhaustive example of open ports discovered during scans, along with the specific technologies and services detected on those ports. Each technology entry includes a timestamp of when it was last observed, helping you track changes in the asset's configuration over time. This information is crucial for understanding your asset's exposure and maintaining an accurate inventory of running services. Whether it's web servers, databases, or other network services, this tab provides visibility into the technical stack powering your asset.
Cloud Tab
The Cloud tab reveals infrastructure details about assets hosted in cloud environments, providing essential information about the asset's network placement and ownership. Here you can find the following information:
- AS Name
- Identifier
- AS Number
- Grouping
- Owner
- Last seen timestamp
Notes Tab
The Notes tab serves as a collaborative space for your team to document important information about the asset. Here, team members can add, edit, and review crucial details that may not fit into other structured categories. Whether it's recording maintenance history, documenting configuration decisions, tracking incidents, or sharing operational insights, this tab maintains a chronological record of all user-generated documentation. This collaborative approach ensures that institutional knowledge about the asset is preserved and easily accessible to all team members, helping maintain consistency in how the asset is managed and secured over time.
It's important to establish consistent practices for asset monitoring and management. Chariot provides this monitoring and management automatically.
We're here to help you make the most of Chariot's capabilities. If you have questions about using the Assets page or need assistance with any aspect of Chariot, please reach out to our support team at support@praetorian.com. Our team is committed to helping you effectively secure and manage your attack surface.