All Collections
Connectors
Assets Categorization into Types
Assets Categorization into Types

Learn how the Vulcan Platform caegorizes assets into types

Updated over a week ago

About

The Vulcan Platform integrates with various security tools and systems through connectors, allowing for the synchronization and ingestion of relevant data. Below is a breakdown of asset types ingested into the Vulcan Platform.

Hosts (VCP-Host)

Assets Categorized as Hosts

Hosts refer to a wide range of devices and systems that are connected to a network and are capable of receiving, processing, or transmitting data.

Assets Type Host

Description

Computers and Laptops

Personal computers and laptops are common hosts in both home and corporate networks. These devices run operating systems such as Windows, macOS, or Linux.

Servers

Servers are powerful computers designed to provide services or resources to other devices on the network. Examples include web servers, file servers, and database servers.

Virtual Machines (VMs)

VMs are software-based emulations of physical computers that run on a host machine. Each VM acts as an independent host with its own operating system and applications. Examples include virtual servers created using hypervisors like VMware, Hyper-V, or VirtualBox.

Cloud Instances

Cloud instances are virtual servers or computing resources provided by cloud service providers (e.g., Amazon Web Services, Microsoft Azure, Google Cloud). Users can deploy and manage virtual servers, storage, and networking resources in the cloud.

Routers and Switches

Network devices like routers and switches can also be considered hosts. Routers connect different networks, while switches manage local network traffic.

Smartphones and Tablets

Mobile devices with network connectivity, such as smartphones and tablets, are hosts in a network. They can communicate with other devices and access network resources.

Network-Attached Storage (NAS)

NAS devices are hosts that provide centralized storage accessible over a network. They are commonly used for file sharing and backup purposes.

Printers and Scanners

Network-connected printers and scanners are hosts that can be vulnerable to cyber threats. They are often overlooked but should be secured to prevent unauthorized access.

Internet of Things (IoT) Devices

IoT devices, like smart thermostats, cameras, and appliances, are hosts that connect to a network. Their security is crucial to prevent unauthorized access or exploitation.

Connectors Supporting Host Assets and their Unique Identifier

Connector

Unique Identifier

Tenable

id

Qualys

qualys ID

Azure

properties.vmId

Crowdstrike

device_id

microsofttvm

id

Prismacloud

id

Rapid7

Asset ID

microsoftdfc

ID

RedHat Insights

ID

Sentinelone

id

Wiz

  • If the asset exists in asset inventory report, the identifier is the name and provider id.

  • Else (exists only on vulnerabilities report), the identifier is the asset name and provider unique id.

Tenablesc

if uuid length == 36 then uuid else repository_id|ip|dnsName

BitSight

asset

Jamf

host_id

Intune

deviceId

prisma_cspm

ID

Gcp

id

Lacework

MID

aqua_cwpp

vm- id
image- name, registry
serverless- function_id

Axonius

internal_axon_id

Tanium

node.id

AWS

instance_id(ec2)

Outpost24

id

Orca

asset_unique_id

or

group_unique_id

or

cluster_unique_id

Cycognito

Asset Id

Google SCC

asset.securityCenterProperties.resourceName

ServicenNow

asset_id

Tenable Nessus File

name

Code Project (VCP-App)

Assets categorized as Code Project

  • Code projects typically refer to initiatives involving the creation, development, and maintenance of software code.

  • A Code Project can be any undertaking that involves writing, testing, and managing source code to achieve a specific goal or set of goals.

  • Code Projects can range from small scripts and utilities to large-scale applications, libraries, or frameworks.

Connectors Supporting Code Project Assets and their Unique Identifier

  • A unique identifier for a code project is typically referred to as a repository identifier or repository URL. This identifier is a unique address or label associated with a specific code repository, making it easy for developers and tools to access and interact with the project.

  • The choice of repository identifier depends on the platform or version control system used for hosting the code.

  • Usual scanners for these projects include Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Infrastructure as Code (IAC) scanners.

Connector

Unique Identifier

Github_Dependabot

node.id

Snyk

id

Github_Code_Scanning

node.id

Whitesource

keyUuid

Sonarqube

componen.key

fortifysast

applicationId

Checkmarxcxsast

Project id

Blackduck

name

Sonarcloud

componen.key

Sonatype

id

Veracode_Sca

_embedded.applications.guid

Veracode_SAST

._embedded.applications.guid (nocode)

Whitehat

id

Shiftleft_Sca

name

Shifteft_sast

name

GitLab

id

Websites (VCP-App)

Assets categorized as Websites

Websites refer to web-based applications or services accessible through the internet.

In cybersecurity, websites play a crucial role as potential targets for various cyber threats. Websites are vulnerable to attacks such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and other security risks.

To assess and enhance the security of websites, various scanning techniques are employed, including Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST).

  • In IAST tools, the main domain name indicates a website

  • In DAST tools, the Base URL indicates the website, and the children's URL is the application.

Connectors Supporting Website Assets and their Unique Identifier

Usual scanners for these projects include Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Infrastructure as Code (IAC) scanners.

Connector

Unique Identifier

Risk Recon

host_name or ip_address or domain_name

Tenablewas

deprecated

Qualyswas

http://Webapp.id

security_scorecard

company_domain

Bugcrowd

id

fortifydast

applicationId

Hackerone

asset_identifier

Burpsuite

id

Detectify

token

Netsparker

Id

Whitehat

id

acunetix360

id

Acunetix_Premium

target_id

Purplemet

Web application ID

Cycognito

Asset Id

Images(VCP-Host)

Assets Categorized as Images

In the context of software development, particularly in the realm of containerization and microservices architecture, the terms "images," "containers," and "registries" are commonly used.

Assets Type Image

Description

Image

An image is a lightweight, standalone, and executable package that includes everything needed to run a piece of software, including the code, runtime, libraries, and system tools. In containerization, images serve as the blueprint for containers. Images are typically created from a set of instructions specified in a Dockerfile or a similar configuration file.

Container

A container is a running instance of a Docker image or another container image. Containers provide a consistent and isolated environment for executing applications. They encapsulate an application and its dependencies, ensuring that it can run consistently across various environments. Containers are lightweight, portable, and can be easily moved between different host systems.

Registry

A registry is a centralized storage system for container images. It serves as a repository where developers can push and pull container images. Registries play a crucial role in sharing and distributing containerized applications. Popular container registries include Docker Hub, Google Container Registry, Amazon Elastic Container Registry (ECR), and others.

Connectors Supporting Image Assets and their Unique Identifier

Connector

Unique Identifier

Snyk

id

Wiz

If the asset exists in asset inventory report - name and provider id.
Else (exists only on vulnerabilities report) - asset name and provider unique id

Lacework

imageId

Aqua CWPP

for /api/v1/images?filterBaseImage=true
/api/v1/images?filterBaseImage=false
/api/v1/registry : _id
for /api/v1/scans?filterBaseImage=false
/api/v1/scans?filterBaseImage=true : asset_id

Google SCC

asset.securityCenterProperties.resourceName

Cloud Resources(VCP-CSPM)

Assets Categorized as Cloud Resources

Cloud resources refer to the various computing services and infrastructure components that are provided by cloud service providers (CSPs) to users over the Internet. These resources are hosted and managed in data centers operated by the cloud provider. Cloud computing offers a flexible and scalable model where users can access and utilize these resources on-demand, paying only for the resources they consume.

Asset Type Cloud Resource

Description

Storage Resources

These are cloud-based solutions that offer scalable and secure data storage options. Users can store, back up, and retrieve any amount of data at any time, from anywhere on the internet, making it an essential component for data management and disaster recovery.

Networking Resources

These include virtual networks, dedicated connections, and other networking services that enable communication between cloud services, users, and other internet-connected devices. They provide the backbone for cloud environments, ensuring data can be transferred securely and efficiently.

Database Resources

Cloud databases are managed database services hosted in the cloud, designed to store and manage data. They offer high availability, scalability, and convenience, allowing users to focus on application development without worrying about database management tasks.

Identity and Access Management (IAM)

This refers to the framework of policies and technologies ensuring that the right users have the appropriate access to technology resources. IAM systems can be used to initiate, capture, record, and manage user identities and their related access permissions automatically.

Compute Resources

These are cloud-based processing power services, which include virtual machines (VMs), containers, and serverless computing. They allow users to run applications and workloads in the cloud, providing scalable computing capacity that eliminates the need for physical hardware investments.

Connectors Supporting Cloud Resource Assets and their Unique Identifier

Connector

Unique Identifier

Supported Cloud Resources

Microsoft Defender For Cloud

id

Storage Solutions:

- microsoft.storage - storageaccounts

- microsoft.classicstorage - storageaccounts

Database Services:

- microsoft.documentdb - databaseaccounts

- Microsoft.Sql - servers

- microsoft.dbforpostgresql - servers

- microsoft.azurearcdata - sqlserverinstances

Compute Services:

- microsoft.compute - virtualmachines

- Microsoft.Compute - virtualMachineScaleSets

- microsoft.compute - virtualmachinescalesets

Networking Solutions:

- microsoft.network - virtualnetworkgateways

- microsoft.network - applicationgateways

- Microsoft.Network - virtualNetworks

Other Services:

- Microsoft.OperationalInsights - workspaces

- microsoft.eventhub - namespaces

- microsoft.cache - redis

- Microsoft.HybridCompute - machines

- microsoft.search - searchservices

- Microsoft.ContainerRegistry - registries

- microsoft.appconfiguration - configurationstores

- microsoft.logic - workflows

- microsoft.servicebus - namespaces

- microsoft.keyvault - vaults

- microsoft.containerservice - managedclusters

- microsoft.streamanalytics - streamingjobs

- microsoft.databricks - workspaces

- microsoft.machinelearningservices - workspaces

- microsoft.automation - automationaccounts

- Microsoft.ContainerService - managedClusters

- microsoft.operationalinsights - workspaces

- microsoft.apimanagement - service

- microsoft.synapse - workspaces

- microsoft.web - sites

- microsoft.dbformysql - servers

- microsoft.eventgrid - topics

- microsoft.sql - servers

Security and Management:

- SqlServerVulnerability

- ServerVulnerabilityTvm

- GeneralVulnerability

- Key Vault

Kubernetes and Containers:

- Kubernetes Service

- microsoft.containerregistry - registries

Miscellaneous:

- subscription

- identities

- SQL Database

- Azure Resource

- Virtual Machine Scale Set

- None

Prisma CSPM

id

Cloud Services and Resources:

- dnsRecord, Serverless, ecs, compute#disk, Serverless, DaemonSet, cluster, Serverless, vpc, Serverless, container, inlinePolicy, Serverless, bucket, Serverless, None, Serverless, autoScalingGroup, Serverless, Container, Serverless, role, hostedContainer, None, Serverless, customerManagedPolicy

AWS Resources:

- rds/AmazonAuroraMySQL/instance, rds/PostgreSQL/instance, rds/Oracle/instance, rds/AmazonAuroraPostgreSQL/instance, rds/AmazonAuroraPostgreSQL/cluster, elastiCache/Redis/instance, elastiCache/Memcached/instance, rds/MariaDB/instance, rds/MySQL/instance, rds/AmazonDocDB/cluster, rds/MSSQLServer/instance, rds/AmazonDocDB/instance, elasticFileSystem

Microsoft Azure Resources:

- Microsoft.Compute/disks, Microsoft.Web/sites/functions, Microsoft.DBforMySQL/flexibleServers, Microsoft.DBforPostgreSQL/flexibleServers, Microsoft.Network/publicIPAddresses, Microsoft.Compute/virtualMachineScaleSets/virtualMachines, Microsoft.Storage/storageAccounts/blobServices/containers, Microsoft.DocumentDB/databaseAccounts, Microsoft.AzureActiveDirectory/User, Microsoft.ContainerRegistry/registries, Microsoft.Network/virtualNetworks, Microsoft.Subscription, Microsoft.Storage/storageAccounts, microsoft.synapse/workspaces, Microsoft.Compute/virtualMachineScaleSets, microsoft.app/containerapps/containers, sql#instance, microsoft.app/containerapps/revisions, Microsoft.ContainerService/ManagedClusters, microsoft.kusto/clusters

Linode Resources:

- linode/networking/firewall, linode/nodebalancer, linode/instance, linode/databases/mysql, linode/domain, linode/user, linode/objectsotragebucket, linode/lke/cluster

Miscellaneous:

- IAM Credentials Report, KubernetesCluster, publicRepository, account, User, volume, hostedContainer, elasticMapReduceSyntheticInstanceGroup, elasticIP, storage#bucket, useraccount#instance, region, compute#instanceGroup, KubernetesCluster, serviceaccount#serviceAgent, loadBalancerv2/application, cognito-identity#identitypool, spotinstSyntheticInstanceGroup, Deployment, KubernetesCluster, containerRegistry, group, Microsoft.AzureActiveDirectory/tenants, user, service, rootUser, repository, loadBalancerv1, Other, workspaces#workspace, IAM Policy, Managed Storage Bucket, hostedContainer, ServicePrincipal/Application, compute#address, compute#forwardingRule, serviceaccount#instance, securityGroup, Microsoft.Cache/Redis, run#revision, compute#network, project#instance, codebuild#project, ami, container#instance, keypair, encryptionKey, backupvault, compute#backendService, elasticSearchService, lightsail#Instance, cloudSearch#domain

AWS Specific:

- sqs, redshift, redis#instance, compute#unmanagedInstanceGroup, Microsoft.Compute/availabilitySets, sns

Lacework

urn or resource

Compute and Networking:

- ec2:instance, ec2:vpc, ec2:subnet, ec2:internet-gateway, ec2:route-table, ec2:network-interface, ec2:prefix-list, ec2:key-pair, ec2:security-group, ec2:dhcp-options

Load Balancing and Networking:

- elbv2:loadbalancer, elbv2:listener, elbv2:target-group, elbv2:listener-rule

Database Services:

- rds:db-parameter-group, rds:db-snapshot, neptune:db-cluster, neptune:db-cluster-endpoint, neptune:db-instance, neptune:db-cluster-snapshot, neptune:db-parameter-group, neptune:db-subnet-group, docdb:db-cluster-snapshot, dms:replication-subnet-group, dms:endpoint

Storage and Content Delivery:

- s3:bucket, cloudfront:distribution, ec2:snapshot, firehose:delivery-stream, ec2:volume

Automation and Management:

- cloudformation:stack, cloudformation:stack-set, autoscaling:auto-scaling-group, autoscaling:policy, autoscaling:launchConfiguration, lambda:function, config:delivery-channel, config:configuration-recorder

Security, Identity, and Compliance:

- iam:user, iam:role, iam:instance-profile, acm:certificate, guardduty:detector, guardduty:publishing-destination, securityhub:hub, securityhub:enabled-standard, secretsmanager:secret, kms:key, kms:alias

Monitoring and Governance:

- cloudwatch:alarm, cloudtrail:trail, logs:log-group, events:rule, events:event-bus

Application Integration:

- sns:subscription, sns:topic, sqs:queue, appsync:type, appsync:resolver, appsync:data-source

API Gateway and Networking:

- apigateway:rest-api, apigateway:gateway-response, apigateway:resource, apigateway:stage, apigateway:model, apigateway:deployment

Other Services:

- ecs:cluster, organizations:parent-accounts, organizations:account, organizations:organization, organizations:organizational-units, organizations:policy, organizations:delegated-administrator, athena:work-group, athena:data-catalog, account, group_owner, user, region, None

Aqua CWPP

function_id

-

Aqua CSP

key.name + region

or

resource

Orca

asset_unique_id

or

group_unique_id

or

cluster_unique_id

AWS Services:

- Autoscaling: autoscaling:auto-scaling-group, autoscaling:policy

- EC2: ec2:instance, ec2:vpc, ec2:subnet, ec2:internet-gateway, ec2:route-table, ec2:key-pair, ec2:security-group, ec2:prefix-list, ec2:flow-log

- RDS: rds:db-parameter-group, rds:db-security-group, rds:db-snapshot

- Lambda, CloudFormation, CloudTrail, CloudFront, S3, DynamoDB, ElasticCache, EKS, CodeBuild, CodeCommit, CodeDeploy, CloudWatch, IAM, GuardDuty, KMS, SecretsManager, SNS, SQS, Glue, Athena, Neptune, DocumentDB, Kinesis, API Gateway, WAFv2, FSx, Backup, Step Functions, Elastic Beanstalk, Transient Gateway, Lake Formation, KeySpaces, Sagemaker

Azure Services:

- Azure: AzureExternalAppRoleAssignment, AzurePublicIp, AzureVnetRouteTable, AzureRunbook, AzureApplicationGatewayRule, AzureNetworkInterface, AzureRoleAssignment, AzureActivityLogAlerts, AzureCacheForRedis, AzureSubscriptionDiagnosticSetting, AzureKeyVaultSecret, AzureResourceLock, AzureSnapshot, AzureSqlDatabase, AzureAksNodePool, AzureVirtualNetworkGateway, AzurePurviewAccount, AzureNetworkWatcher, AzurePostgresFlexibleServer, AzureBackEndPool, AzureVNet, AzureWebAppService, AzureDisk, AzureNetworkSecurityGroup, AzureNetworkSecurityGroupRule, AzureContainerAppEnvironment, AzureWebApplicationFirewall, AzureBatchAccount, AzureMySqlDbServer, AzureSqlDbServer, AzureSynapseWorkspace, AzureKeyVault, AzureServiceAsset, AzureEventGridTopic, AzureOpenAiModel, AzureCdnOrigin, AzureStorageQueue, AzureBastionHost, AzureContainerRegistry, AzureDiagnosticSetting, AzureApiManagement, AzureEventHubNamespace, AzureLogAnalyticsWorkspace, AzureSqlVm, AzureDataFactory, AzureContainerInstance, AzureApplicationGateway, AzureMicrosoftDefenderForCloudSecurityAlert, AzureAksCluster, AzureApiManagementApi, AzureFunctionApp, AzureEventHub, AzureServicePrincipal, AzureAutomationAccount, AzureStorageAccount, AzureStorageFileShare, AzureStorageTable, AzureLoadBalancer, AzureLoadBalancerRule, AzureVirtualNetworkGatewayConnection, AzureSubnet, AzureCosmosDb, AzureServiceBus, AzureApiGatewayV2Endpoint, AzureNetworkFlowLog

GCP Services:

- GCP: GcpMonitoringAlertPolicy, GcpLoadBalancerBackendBucket, GcpRedisInstance, GcpLoggingSink, GcpIamServiceAccountKey, GcpVpcSubnet, GcpBigqueryDataset, GcpLoadBalancerBackendService, GcpVmDisk, GcpBigqueryTable, GcpSqlInstance, GcpVpc, GcpCertificate, GcpSslPolicy, GcpVpcFirewallRule, GcpGarRepository, GcpCloudRunRevision, GcpFilestoreInstance, GcpGkeCluster, GcpKmsKey, GcpDnsManagedZone, GcpIamRole, GcpIamPolicy, GcpIamServiceAccount, GcpPubSubSubscription, GcpPubSubSchema, GcpPubSubTopic, GcpSecretManagerSecret, GcpCloudRunService, GcpLoadBalancerForwardingRule, GcpFirestoreDatabase, GcpScheduleSnapshot, GcpUser, GcpLoadBalancer

Kubernetes Services:

- Kubernetes: K8sServiceAccount, K8sClusterRole, K8sStatefulSet, K8sPersistentVolumeClaim, K8sNetworkPolicy, K8sService, K8sRole, K8sContainerSpec, K8sDeployment, K8sPod, K8sDaemonSet, K8sPodSpec, K8sNode, K8sDeployment, K8sNamespace, K8sEndpoint, K8sConfigMap

Other Services:

- NewDomain, CloudServiceAsset, CloudAccount, function, Domain, NewIP, storage, AwsServiceAsset, AwsOriginAccessControl, AwsCertificate, AwsUser, AwsGroup, AwsSubnet, AwsResourcePolicy, AwsIamGroup, AwsIamRole, AwsIamManagedPolicy, AwsIamAccountSummary, AwsIamUserSshPublicKey, AwsSecurityHub, AwsNeptuneInstance, AwsSagemakerNotebookInstance, AwsEfsFileSystem, AwsServiceCatalogPortfolio, AwsLogsLogGroup, AwsApiGatewayStage, AwsCodePipelinePipeline, AwsSecretsManagerSecret, CloudManagedEndpoint, AwsWorkSpace, IP

Google SCC

asset.securityCenterProperties.resourceName

AWS

arn

Subnet
ENI
Security Group
Virtual Network
ACL

Related Articles
GCP Connector
PrismaCloud Compute (CWPP) Connector
Aqua CWPP Connector
Wiz Connector
Assets Page
Did this answer your question?