ACSIA Help Center

Assets Management

Nadia Riccardi
Nadia Riccardi
  • Updated

Overview

This article explains all the management around assets in ACSIA CRA


Prerequisites

To better understand what this article describes, we advise you to read the ACSIA CRA User Manual before diving into this one which will cover specific topics around assets management.

 


How to manually add a new asset

Every asset related to a Company is created after a Company check.

 

Assets can also be created after the recheck of a Company, if they were not present before (the frequency of the rechecks depends on your subscription. Read how many you have available here).

Note that it's more likely that ACSIA CRA will find more assets on your Company than you can expect. But, for different reasons, some assets may be missing, so you have the chance to add them manually.

 

To manually add a new asset to a Company, click on the Company you're interested in, and then click on "Go to assets":

2024-04-10_17-29.png

 

Then, we click on "Add an asset":

2024-04-10_17-26.png

 

 

Then, we define its type and write the value. Finally, we click on "Create asset":

2024-04-10_17-30.png


Changing the status of an asset

To change the status of an asset we have, first, to go to the assets associated with a particular Company.

 

Then, we select a particular asset and click on "Go to asset":

2024-04-10_17-32.png

 

We can set the status of the asset as:

  • Enabled. 
  • Disabled.
  • Acknowledged.

2024-04-10_17-36.png

 

Here's what happens to the status of an asset when we change it:

  • Enabled. The asset is rechecked in accordance with the characteristics of the subscription and concurs with creating the calculation of the rating of the Company.
  • Disabled. The asset is not rechecked in accordance with the characteristics of the subscription (but can be rechecked occasionally, due to some other criteria) and doesn't concur with creating the calculation of the rating of the Company.
  • Acknowledged. The asset is rechecked in accordance with the characteristics of the subscription but doesn't concur with creating the calculation of the rating of the Company.

 

Disabled and Acknowledged assets are shown in the PDF report because they influence the rating of the Company. Beware that we said that these don't concur with the calculation. So, "influence" means that if you have an asset that is "enabled", and, for example, you change the status to "disabled", if you perform a manual recheck (or if you wait for the recheck due to your subscription) the rating will change because of the absence of the asset you disabled.

Since the attack perimeter is inferred from manually added assets, we advise to not mark them as disabled or acknowledged.

Checking the related assets

As described in the User Manual, the plots that are shown in the Company Overview show us how the assets of that particular Company are related.

 

We have also another way to visualize how the assets are related. We can go to the assets associated with a particular Company, and click on related assets:

2024-04-10_17-37.png

 

When we click on the source asset, we can see all the derived assets:

2024-04-10_17-38.png


Checking the Technologies

This table contains the list of technologies detected on the website. The technologies are grouped by environment (server, client, external, other) and category.

  • Server technologies are running on the server side (PHP, Apache, Nginx, etc.)
  • Client technologies are libraries running on the client's browser.
  • External technologies are loaded from external domains (CDN, analytics, etc.).

2024-04-10_17-42.png


Checking the Vulnerabilities

This table contains the list of vulnerabilities detected on the website. The vulnerabilities are ordered by weight. 

2024-04-10_17-46.png

The vulnerabilities that weigh the most are also indicated in the highlights of the asset. 

2024-04-10_17-46_1.png

 

Related to