Asset Management

Escape records every discovered Asset—external or internal—in a single ASM.

This section explains how the platform enriches each Asset, tracks its lifecycle, and lets you make bulk edits.

Attribute	How it’s derived	Typical uses
Reachability (`External-<Region>` / `Internal`)	IP geolocation, Private Location ID	Filter by attack surface exposed to the Internet vs on-prem
Environment (`Production` / `Staging` / `Development`)	Regex on subdomain/path (e.g. `.staging.`), Git branch tags	Suppress noise from Dev Services in alerts
Technology	HTTP headers, TLS banner, byte-signature matching	Identify outdated stacks (e.g. PHP 5)
CloudHosting	ASN lookup, integration metadata	Track AWS vs Azure vs self-hosted Hosts
Edge/Firewall	Reverse-proxy headers (e.g. `cf-ray`), WAF fingerprints	Spot Assets missing a WAF layer
Authentication	Response codes + heuristic probes	Pinpoint open Admin panels
CodeOwners	`CODEOWNERS` file pulled through SCM integration	Route Findings to the right team

All attributes are searchable and filterable; you can also export them via the API.

Status	Meaning	Effect on scans & alerts
Monitored (default)	Asset is in scope and actively scanned.	Findings generated and routed.
Deprecated	Still reachable but scheduled for retirement.	Findings generated; SLA timers paused.
Out Of Scope	Legitimate Asset but excluded by policy.	Findings suppressed; Asset kept for audit.
False Positive	Discovery error or duplicate entry.	Asset hidden from views; no further scans.

Status changes apply immediately to both ASM surface tests and queued DAST runs.

Select multiple Assets with Shift-click or table filters.
Click Bulk Edit to update:
- Status (Monitored, Deprecated, etc.)
- Environment (Production, Staging, ... )
- Custom Tags — free-form key:value pairs for additional grouping.
Review the summary and confirm. Edits are logged in ASM Changes for traceability.

Bulk edits can also be scripted via the REST API (see /assets/bulk-edit).