Documentation Index

Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt

Use this file to discover all available pages before exploring further.

Assets

  • 2 minute(s) read
Prev Next

Overview

In the quest for Vulnerability Management superiority, Nucleus has had to become adept at asset management as well because that is the first step of any VM program. To understand how data is structured in Nucleus, you need to understand the concept of an asset. Because Nucleus is ingesting data from multiple data sources, we needed a flexible system for normalizing vulnerabilities. And for Nucleus, the asset sits at the center of that system.

Definition

In Nucleus, an asset is anything that can have a vulnerability correlated to it.

Where assets come from

The asset inventory in Nucleus is automatically populated based on all the data coming into the Nucleus platform. This is generally automatically populated in Nucleus based on the scan, asset inventory, CMDB, and cloud data we are receiving from your connected tools. It can also come from custom asset CMDBs, custom file uploads, the API, or from pushes from your systems of asset record.

Your organization's Assets are discovered, inventoried, and categorized automatically as data is ingested by Nucleus. In general, for licensing purposes, there are two classes of Asset categories in Nucleus: Devices and Applications. An asset can be anything, such as an EC2 instance ID or AWS account, depending on what data you are ingesting into Nucleus.

Why an asset is important

All vulnerabilities in Nucleus are correlated to an asset. An asset is required for a vulnerability to be uploaded into Nucleus. We do the heavy lifting of this for you, and the mapping of vulnerabilities to assets happens automatically as data is ingested into Nucleus.

What we care about is the vulnerability information on the asset, but we also keep all the metadata about each asset, with the associated scan history, ports and services, software, tickets, etc ingested from all tools in your environment.

Device-category assets

A Device in Nucleus is typically a host computer (server, workstation, laptop, virtual machine, etc.) or a network device (router, switch, firewall, etc.) that is identified by a hostname, FQDN, database, or IP address. Nucleus discovers your devices when ingesting scan results network and infrastructure scanners (e.g. Qualys, Tenable, Rapid 7) by counting the number of scan "targets" in the result/report.

Application-category assets

An application in Nucleus is typically a custom piece of software/code that is most commonly identified by a code repository, URL, container image, or application name. Nucleus discovers your applications when ingesting scan results from SAST, DAST, and SCA scanners (e.g. Fortify, Netsparker, Snyk) by counting the number of scan "targets" in the result/report.

To understand how this factors into the subscription, please refer to the subscription management support page.

If you have any questions, please contact us through the support center.