top of page
Writer's picturethreatwatch io

Asset Status with twigs


Screenshot from ThreatWorx console tracking status of your discovered assets.


It's important to understand the status of your assets that are being tracked for various aspects of cyber hygiene. twigs automation makes it very simple to understand and track across your entire your entire attack surface, from code to cloud to corporate assets.


Up-to-date Assets : These are assets that were refreshed within the last week. Bulk of your assets should ideally fall under this bucket.


Stale Assets : These assets haven't been refreshed within 90 days. There were always be some assets that are either ephemeral in nature or get spun up on a on-demand basis. This metric helps you determine exactly those assets and decide if they are adding to the noise or still relevant to be considered for your pro-active security efforts.


Obsolete Assets: These assets haven't been refreshed in more than 90 days and are probably not in service anymore. It is also likely that these are not even on your network. So how do you address this in your vulnerability management program ?


Ideally - you would like to purge these assets and also all the observations that are related to the assets. ThreatWorx allows you to create asset purge policy that do exactly this, this will ensure you always look at only the relevant gaps within your organization and reduce or eliminate the noise. To be operationally effective this is a mechanism that will help streamline work for your operational teams.


Well, that seems good but how do I even make sure my automation is really working and not providing a false picture. The twigs run log is your answer to that.


Each execution / run of twigs gives you a log and a status that indicates whether the run was a success, a warning or a failure. Now these are important to understand not just success or failure but potential problems that need to be addressed.



Screenshot from ThreatWorx console showing the twigs run log.


So how can you get all of this information for your environment , assuming you are running twigs for your attack surface discovery ?


To get status of all assets in terms of last refresh times, call the following ReST API with a calid API token or session object. API token can be retrieved from your registered account at ThreatWorx.


POST api/v3/assets
Request Payload: 
stats_list: ["asset_update_timeline"]
asset_risk_history_window: 365 # Last 1 year 


To get a status of all your twigs runs ( each with its associated run id ), just call with a valid API token or session object.

GET api/v1/toolruns


10 views0 comments

Recent Posts

See All

CI / CD Integration with twigs

Integrating twigs in your CI / CD pipeline is very easy. Here we take Jenkins as an example, however similar steps will be applicable to...

Comentarios


bottom of page