Define Your Assets

Security professionals perform pentests on your assets. Collect the info they need.

You can launch multiple pentests for an asset. Once you’ve set up an asset, you can reuse it in your next pentests.

Workflow for creating a pentest

Create an Asset

Once you’ve signed in, you land on the Assets page.

To add a single asset, select New Asset. Specify asset details.
To upload assets in bulk in CSV or XLSX format, select Bulk Assets. Once uploaded, you can select an asset to add an image, technology stack, and attachments.
- If the upload is successful, all your assets from the file are added. Otherwise, no assets are created. Our algorithm doesn’t process the request partially.
- We don’t prevent you from creating duplicate assets.

Best practices for creating an asset:

Describe your asset as clearly as possible.
Add a product walk-through and asset documentation using the provided templates.
Keep your assets up to date.
Start creating or editing your asset before creating a pentest. You can reuse the asset for future pentests.
Use tags to map your assets to external systems.

The Asset screen prompts you for the following information:

Asset Title: Set up a descriptive name to attract attention from the best pentesters.
Asset Image: Use it to help identify what you need from a list of assets.
Asset Type: Select one of the options described in the linked page.
Technology Stack (for Web, Mobile, API, and combined asset types): Add a technology stack for your asset. You can preview potential vulnerabilities based on the Common Vulnerabilities and Exposures (CVE) standard for this stack.
Asset Description: Add information that can help your pentesters fully analyze your asset.
Attachments: Upload documentation, architecture diagrams, images, spreadsheets, or videos related to your asset.
Assigned Group: The group that is assigned to the asset will have exclusive access to it and its associated pentests and findings. Learn how to create a group.
Tags: An asset tag is customer-defined metadata associated with a Cobalt asset. Learn how to use asset tags.

Specify asset details

An asset tag is customer-defined metadata associated with a Cobalt asset. You can add multiple tags to an asset. Use tags to:

Map your assets to external systems, such as your vulnerability management application or task tracking software. Add the asset identifier in your third-party system as a tag.
Associate other metadata such as vulnerabilities in external systems with Cobalt assets.
Assign internal teams or business units to manage specific assets in Cobalt.
Assign a compliance audit type the asset is subject to, such as SOC 2, PCI-DSS, or CREST.

You can also add asset tags using the Cobalt API. Learn more in our API documentation.

Add custom tags to Cobalt assets

Last modified November 14, 2024