Skip to content

Assets

Assets are organization-scoped attack-surface records such as domains, subdomains, IP addresses, services, URLs, paths, certificates, and related entities.

Asset Criticality

Asset criticality is a manual business-importance marker for future prioritization and risk scoring work. It is not vulnerability severity. A low-severity issue on a critical VPN may be more important than a medium issue on a test host.

Supported values:

  • unknown
  • low
  • medium
  • high
  • critical

New assets default to unknown. The source is always manual in this MVP. hxEASM does not infer criticality from hostnames, banners, technologies, vulnerabilities, exposure changes, LLMs, agents, or heuristics. Suggested criticality and AI-assisted recommendations are future work.

Users with admin or hacker role can update criticality. Clients can read the field but cannot modify it. Asset list and graph responses include criticality so the UI can show it in tables and node details.

API update endpoint:

PATCH /api/v1/assets/{asset_id}/criticality

{ "criticality": "high" }

The response is the updated asset. List filtering supports criticality=critical, criticality=high, criticality=medium, criticality=low, and criticality=unknown.