Assetnote¶
About¶
The Assetnote platform enables organizations to effectively map and continuously monitor their external attack surface. Using advanced reconnaissance techniques across web and mobile channels paired with high-signal, continuous security analysis, Assetnote gives enterprises insight and control of their evolving exposure.
Product Details¶
Vendor URL: Assetnote.io
Product Type: Attack Surface Management Platform
Product Tier: Tier II
Integration Method: Webhook
Integration URL: Generic-webhook-Cyderes Documentation
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 100%
Data Label: ASSETNOTE
Parsing technique: MultiEventOutput
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| AssetNote (static) | metadata.vendor_name |
| AssetNote (static) | metadata.product_name |
| value.asset | principal.asset.hostname |
| value.asset | principal.hostname |
| value.exposure_description | metadata.description |
| value.exposure_request | additional.fields |
| value.exposure_response | additional.fields |
| value.exposure_severity | security_result.severity_details |
| value.exposure_name | security_result.rule_name |
| value.exposure_id | security_result.rule_id |
| value.asset_details_url | additional.fields |
| value.indicator_of_compromise | additional.fields |
| value.javascript_file | additional.fields |
| value.exposure_triage_url | security_result.url_back_to_product |
| value.exposure_url | target.url |
| value.asset_type | principal.resource.resource_subtype |
| custom filter | target.application |
| custom filter | network.http.response_code |
| custom filter | network.http.response_code |
| custom filter | network.http.referral_url |
| custom filter | network.http.method |
| custom filter | network.http.user_agent |
| eumerated output | network.application_protocol |
| record.asset | principal.asset.hostname |
| record.asset | principal.hostname |
| record.asset_details_url | additional.fields |
| record.asset_group_url | additional.fields |
| record.asset_id | principal.asset_id |
| record.asset_type | principal.resource.resource_subtype |
| record.ssl_subject_dn | network.dns_domain |
| record.indicator_of_compromise | additional.fields |
| record.javascript_file | additional.fields |
| record.screenshot | security_result.url_back_to_product |
| record.status_code | additional.fields |
| record.a_records | principal.ip |
| record.cname_records | about.hostname |
| record.ports | about.port |
| record.technologies | additional.fields |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| all others | GENERIC_EVENT |
Log Sample¶
{
"exposures": [
{
"asset": "hostname1",
"asset_details_url": "https://assetnotecloud.com/asset-groups/overview",
"asset_id": "1027222528",
"asset_type": "SUBDOMAIN",
"exposure_description": "A stacktrace can be triggered on some environments by abusing the URLDecode function in NodeJS. If the URL parser is unable to decode the URL, a stacktrace containing sensitive information such as internal paths can be disclosed.",
"exposure_id": "3709",
"exposure_name": "NodeJS - URLDecode Stack Trace",
"exposure_request": "base64_encoded_string",
"exposure_response": "base64_encoded_string",
"exposure_severity": "LOW",
"exposure_triage_url": "https://assetnotecloud.com/exposures/overview",
"exposure_url": "https://hostname2.com/admin",
"indicator_of_compromise": "",
"javascript_file": ""
}
],
"trigger": "automatic"
}
Sample Parsing¶
additional.fields["asset_details_url"] = "https://assetnotecloud.com/asset-groups/overview"
additional.fields["exposure_request"] = "base64_decoded_string"
additional.fields["exposure_response"] = "base64_decoded_string"
additional.fields["X-Assetnote-Service"] = "ExposureScan"
metadata.description = "A stacktrace can be triggered on some environments by abusing the URLDecode function in NodeJS. If the URL parser is unable to decode the URL, a stacktrace containing sensitive information such as internal paths can be disclosed."
metadata.event_timestamp.seconds = 1708624000
metadata.event_timestamp.nanos = 899641000
metadata.event_type = "GENERIC_EVENT"
metadata.product_name = "AssetNote"
metadata.vendor_name = "AssetNote"
network.application_protocol = "HTTP"
network.http.method = "GET"
network.http.referral_url = "10.0.0.1"
network.http.user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Assetnote/1.0.0"
principal.asset.hostname = "hostname1"
principal.hostname = "hostname1"
principal.resource.resource_subtype = "SUBDOMAIN"
security_result.rule_id = "3709"
security_result.rule_name = "NodeJS - URLDecode Stack Trace"
security_result.severity_details = "LOW"
security_result.url_back_to_product = "https://assetnotecloud.com/exposures/overview"
target.url = "https://hostname2.com/admin"
Rules¶
Coming Soon