Asset Management

The Assets section of the Operations module provides comprehensive asset inventory management, supporting multiple import formats and sophisticated relationship tracking between assets and vulnerabilities.

Asset Management

Asset Types

SPEAR includes the following default asset types:

Type	Description	Example Value
`ip_address`	IPv4 or IPv6 addresses	`192.168.1.1`, `2001:db8::1`
`hostname`	Domain names and hostnames	`example.com`, `mail.corp.local`
`email`	Email addresses	`[email protected]`
`credential`	Leaked or discovered credentials	`admin:password123`
`badge`	Company identification badges	`Badge #12345`
`address`	Physical addresses	`123 Main St, City, State`

Custom asset types can be created to accommodate project-specific requirements.

Asset Fields

Each asset record contains the following fields:

Field	Type	Description
`asset_type`	Relation	Reference to asset type definition
`name`	String	Display name for the asset
`value`	String	The actual asset value (IP, hostname, etc.)
`status`	Select	Current status: `active`, `inactive`, `archived`
`tags`	Array	Tags for categorization and filtering
`metadata`	JSON	Additional key-value metadata
`structured_data`	JSON	Structured data including ports, services

🖥️ Asset Management Interface with Filtering Options Screenshot

CRUD Operations

Full create, read, update, and delete operations are supported:

Create: Add individual assets or bulk import from files
Read: View assets in table or floating window format
Update: Edit asset details, status, tags, and metadata
Delete: Remove assets with confirmation, supports bulk deletion

Filtering and Search

The asset list supports comprehensive filtering:

Asset Type: Filter by one or more asset types
Status: Filter by active, inactive, or archived status
Vulnerability Severity: Filter assets by the severity of related vulnerabilities
Import Source: Filter by the tool that imported the asset
Component: Filter by project component (for multi-component projects)
Text Search: Search across asset names and values

Sorting Options

Sort the asset list by:

Severity (of related vulnerabilities)
Asset value
Status
Created date
Updated date

Floating Window Editor

🖥️ Floating Window Editor for Assets Screenshot

Assets can be viewed and edited in floating windows:

Open multiple assets in separate windows
Minimize windows to a taskbar for quick access
Restore minimized windows with one click
View related vulnerabilities within the asset editor

Multi-Format Import

🖥️ Multi-Format Import Modal Screenshot

Supported Formats

SPEAR supports importing from major security tools:

Format	File Types	Max Size	Key Features
Burp Suite	XML, HTML	500MB	Web vulnerabilities, request/response data
Nessus	XML	500MB	Network vulnerabilities, CVSS scores
Nexpose	XML	500MB	Rapid7 vulnerability data
NodeZero	CSV	500MB	Autonomous pentest findings
BloodHound	ZIP	500MB	AD attack paths, relationships
ATLAS	JSON	500MB	Physical security field data
Nmap	XML	500MB	Ports, services, OS detection
Nuclei	JSON	500MB	Template-based findings
SPEAR	JSON	50MB	Standardized format

Import Process

🎨 Import Process Workflow Diagram Illustration

The import workflow follows these steps:

Upload: Select a file through the import modal (up to 500MB)
Detection: System automatically detects the file format
Parsing: Extract assets and vulnerabilities from the file
Deduplication: Check for existing records using matching rules
Creation/Update: Create new records or update existing ones
Mapping: Create asset-vulnerability relationships
Notification: Display import results with success/failure counts

Deduplication Logic

Assets are deduplicated using the following rules:

Match Key: value + asset_type + project
If Identical: Record is skipped (no changes)
If Changed: Record is updated with new data
If New: Record is created

This ensures that multiple imports of the same scan data don’t create duplicate records.

Import Tracking

Each import creates an import record tracking:

Import source and file name
Timestamp of import
Status: success, partial, fail
Counts of created, updated, and skipped records
Error messages for failed items

SPEAR Import Format

The SPEAR format provides a standardized JSON structure for importing data from tools without dedicated importers.

Format Structure

{
  "version": "1.0",
  "project_id": "abc123def456",
  "import_source": "custom_scanner",
  "assets": [...],
  "vulnerabilities": [...]
}

Root Fields

Field	Type	Required	Description
`version`	string	Yes	Format version (currently “1.0”)
`project_id`	string	Yes	PocketBase project ID to import into
`import_source`	string	Yes	Name of the tool/source
`assets`	array	No	Array of asset objects
`vulnerabilities`	array	No	Array of vulnerability objects

Asset Object Structure

{
  "asset_type": "ip_address",
  "name": "Web Server",
  "value": "192.168.1.1",
  "status": "active",
  "tags": ["production", "web"],
  "metadata": {
    "os": "Linux",
    "ports": [80, 443]
  }
}

Asset Fields

Field	Type	Required	Description
`asset_type`	string	Yes	Asset type name (must exist in system)
`name`	string	Yes	Display name for the asset
`value`	string	Yes	The actual asset value
`status`	string	No	Status: `active` (default), `inactive`, `archived`
`tags`	array	No	Tags for categorization
`metadata`	object	No	Additional key-value metadata

Complete Example

{
  "version": "1.0",
  "project_id": "abc123def456",
  "import_source": "custom_scanner",
  "assets": [
    {
      "asset_type": "ip_address",
      "name": "Web Server",
      "value": "192.168.1.1",
      "status": "active",
      "tags": ["production", "web"],
      "metadata": {
        "os": "Linux",
        "ports": [80, 443]
      }
    },
    {
      "asset_type": "hostname",
      "name": "Main Website",
      "value": "example.com",
      "status": "active",
      "tags": ["production"]
    }
  ],
  "vulnerabilities": [
    {
      "title": "SQL Injection in Login Form",
      "severity": "high",
      "cve_id": "CVE-2024-1234",
      "cwe_id": "CWE-89",
      "cvss_score": 8.5,
      "description": "The login form is vulnerable to SQL injection attacks.",
      "affected_assets": ["192.168.1.1", "example.com"],
      "source": "custom_scanner",
      "source_id": "scan_001"
    }
  ]
}

Asset Relationships

🖥️ Asset Relationships with Related Vulnerabilities Screenshot

Each asset displays its related vulnerabilities with:

Vulnerability title and severity
Port, protocol, and service information
Link to the full vulnerability record

Port Aggregation

The asset view aggregates port information from:

Asset structured_data field containing port lists
Vulnerability mappings with port/protocol details

This provides a consolidated view of all services running on an asset.

BloodHound Relationships

For BloodHound imports, assets track Active Directory relationships:

User-to-group memberships
Computer-to-domain relationships
Attack path connections

Statistics and Analytics

The Assets dashboard displays:

Metric	Description
Total Assets	Count of all assets in the current filter
Active Assets	Count of assets with `active` status
Total Vulnerabilities	Count of related vulnerabilities
Critical Vulnerabilities	Count of critical severity findings

Statistics can be filtered by:

Project selection
Component selection (for multi-component projects)
Asset type
Status

Best Practices

Import Workflow

Start with network scans - Import Nmap results first to establish the asset baseline
Add vulnerability scans - Import Nessus/Nexpose to map vulnerabilities to discovered assets
Include web scans - Import Burp Suite results for web application findings
Supplement with manual entries - Add assets discovered through manual testing

Asset Organization

Use consistent naming conventions for assets
Apply tags to group related assets (e.g., “dmz”, “internal”, “web-tier”)
Archive assets that are no longer in scope
Use metadata to store additional context

Deduplication Tips

Ensure the project ID is correct before importing
Use the same import source name for related scans
Review partial imports for any failed records