Asset Management
Escape records every discovered Asset—external or internal—in a single ASM.
This section explains how the platform enriches each Asset, tracks its lifecycle, and lets you make bulk edits.
Attribute Enrichment & Fingerprinting¶
Some of the approaches we take to categorize and add more context to each Assets when they are identified. Not all are always assigned depending on the data we get.
| Attribute | How it’s derived | Typical uses |
|---|---|---|
Reachability (External-<Region> / Internal) | IP geolocation, Private Location ID | Filter by attack surface exposed to the Internet vs on-prem |
Environment (Production / Staging / Development) | Regex on subdomain/path (e.g. *.staging.*), Git branch tags | Distinguishes Dev Services from Prod services |
| Framework Technology | HTTP headers, TLS banner, byte-signature matching | Identify outdated stacks (e.g. PHP 5) |
| Cloud Hosting | ASN lookup, integration metadata | Track AWS vs Azure vs self-hosted Hosts |
| WAFl | Reverse-proxy headers (e.g. cf-ray), WAF fingerprints | Spot Assets missing a WAF layer |
| Authentication | Response codes + heuristic probes | Pinpoint open Admin panels |
| Code Owners | CODEOWNERS file pulled through SCM integration | Route Findings to the right team |
All attributes are searchable and filterable; you can also export them via the API.
Asset Status Lifecycle¶
| Status | Meaning | Effect on scans & alerts |
|---|---|---|
| Monitored | Asset is in scope and actively scanned. | Findings generated and routed. |
| Deprecated | Asset is not reachable anymore (decommissioned). | Findings marked as resolved, kept for audit |
| Out Of Scope | Legitimate Asset but excluded by policy (such as Third-Party Assets for instance). | Findings marked as resolved, kept for audit |
| False Positive | Discovery error or duplicate entry. | Findings marked as resolved, kept for audit |
Status changes apply immediately to both ASM surface tests and queued DAST runs.
After 30 days without be seeing, asset MONITORED are updated to asset DEPRECATED.
Bulk Editing & Tagging¶
- Select multiple Assets with Shift-click or table filters.
- Click Bulk Edit to update:
- Status (Monitored, Deprecated, etc.)
- Environment (Production, Staging, ... )
- Custom Tags — free-form
key:valuepairs for additional grouping.
- Review the summary and confirm. Edits are logged in ASM Changes for traceability.
Bulk edits can also be scripted via the REST API (see /assets/bulk-edit).