Asset View

Each asset in Enso Standalone contains different types of data. This information allows to fully understand the reasoning behind the asset's associated risk.
Learning more about any asset is done by clicking the asset's name in the inventory layouts. Once clicked, a pop-up screen will appear with all relevant information on that specific asset.
The asset information is divided into a few tabs:
  • Summary - the summary tab is a concentrated view of the asset properties
  • Score - the score tab details the calculation behind the security gap and risk score. The main table includes drawers that can be unfolded to reveal the actual defects or coverage gaps. The security gap is the sum of all costs being attributed to an asset’s defects based on severity and mitigation status, as well as related policy coverage gaps. The risk is the result of a deduction between the security gap and the asset class. Read more about the scoring mechanism.
  • Defects - the defects tab displays the top 500 defects (vulnerabilities) associated with the asset. An asset's defects are usually generated by various AST scanners, but can also be created manually or by customizations. In this tab, there are few valuable actions:
    • Click the defect's title to drill-down into the defect's description
    • Create a new ticket (Jira or other)
    • Create a new manual defect. Useful especially when defects are found externally, for example during pentests
    • Change the defect’s remediation status to report progress/completion, mark false-positives, etc. (the defect status also impact its cost. For example, defects in progress cost less)
    • Change the defect's severity to reduce noise or to increase priority
  • Tasks - tasks are generated automatically or manually by users or Enso. Users can either create policy rules that generate tasks automatically according to a certain logic, or create tasks manually in the tab itself. Enso generates smart tasks. A smart task is an aggregation of few defects that can be mitigated by a single package update. Smart tasks are generated automatically according to the SCA findings (smart tasks are being generated for specific popular SCA scanners).
  • Events - in the events tab one can review a log of changes that were applied to the asset. There are many types of logged events, including scan execution, class change, commits done and many more.
  • Attributes - the attributes tab includes miscellaneous attributes that are fetched from the data source, but don’t have a dedicated column. The benefit of having this info is not only by presenting it, but mostly by making it searchable. Searching within attributes is done either via the inventory search bar or the filters.