Open Asset Model Specification

Goals

The Open Asset Model is an effort to uniformly describe assets that belong to both organizations and individuals.

Asset specifications have traditionally focused upon the technical, infrastructure-specific things that can be discovered on the internet. While this represents a potentially significant portion of an organization's assets, it is also limiting. The Open Asset Model seeks to expand on this and cover the breadth and depth of both physical and digital assets so that an organization can realize their full Attack Surface.

Open Asset Model defines not just the assets themselves, but also the relationships within and across types of assets. This allows the model to express the real-world interconnectedness that exists between assets.

Open Asset Model also seeks to provide models to support the discovery path to understand how assets were discovered / exposed.

When it comes to asset discovery, it is sometimes a bit of a mystery as to how an asset was discovered. For this reason, we believe it is necessary to to record the order of events, including the source, that lead to the discovery of an asset.

The source of the data is useful in a number of different ways:

It can help understand the trustworthiness and/or accuracy of the data provided. Data sourced from less trusted sources may need to go through additional validation steps before it can be used.
It can inform whether the data can be transferred with other parties, which is especially important in meeting modern data privacy requirements.
It explain how a disputed asset was discovered during an investigation.

View Image

Asset Taxonomy

Contact Assets

Email Address

Property	Type	Required	Description
`address`	string	true	The full email address
`local`	string	false	The local part of the email address
`domain`	string	false	The part of the address after the @ symbol

Outgoing Relationships

No outgoing relationships

Incoming Relationships

Relationship	Type
`admin_email`	`Whois`
`tech_email`	`Whois`
`billing_email`	`Whois`
`registrant_email`	`Whois`
`email`	`Person`
`email`	`Organization`
`abuse_email`	`Registrar`
`subject_email_address`	`TLSCertificate`

Location

Property	Type	Required	Description
`formatted_address`	string	false	The formatted address
`building_number`	string	false	the number of the building at the location
`street_name`	string	false	the name of the street at the location
`unit`	string	false	the unit number at the location
`building`	string	false	the name of the building at the location
`town`	string	false	the name town or city at the location
`locality`	string	false	the locality at the location
`region`	string	false	the name of the region or state at the location
`country_code`	string	false	the ISO 3166-1 alpha-2 country code
`postal_code`	string	false	the postal code at the location

Outgoing Relationships

No outgoing relationships

Incoming Relationships

Relationship	Type
`admin_location`	`Whois`
`tech_location`	`Whois`
`billing_location`	`Whois`
`registrant_location`	`Whois`
`location`	`Person`
`location`	`Organization`
`subject_state_or_province`	`TLSCertificate`
`subject_locality`	`TLSCertificate`

Phone

Property	Type	Required	Description
`type`	string	false	The type of phone number
`raw`	string	true	The raw phone number
`e164`	string	false	The E.164 formatted phone number
`country_abbrev`	string	false	The ISO 3166-1 alpha-2 country code
`country_code`	string	false	The ISO 3166-1 numeric country code
`subscriber_number`	string	false	The subscriber number
`ext`	string	false	The extension of the phone number

Outgoing Relationships

No outgoing relationships

Incoming Relationships

Relationship	Type
`admin_phone`	`Whois`
`tech_phone`	`Whois`
`billing_phone`	`Whois`
`registrant_phone`	`Whois`
`phone_number`	`Person`
`phone_number`	`Organization`
`abuse_phone`	`Registrar`

Domain Assets

FQDN

Property	Type	Required	Description
`name`	string	true	Fully Qualified Domain Name

Outgoing Relationships

Relationships	Type
`a_record`	`IPAddress`
`aaaa_record`	`IPAddress`
`cname_record`	`FQDN`
`ns_record`	`FQDN`
`ptr_record`	`FQDN`
`mx_record`	`FQDN`
`srv_record`	`FQDN`
`node`	`FQDN`
`registration`	`Whois`

Incoming Relationships

Relationship	Type
`cname_record`	`FQDN`
`ns_record`	`FQDN`
`ptr_record`	`FQDN`
`mx_record`	`FQDN`
`srv_record`	`FQDN`
`node`	`FQDN`
`whois_server`	`Registrar`
`name_server`	`Whois`
`common_name`	`TLSCertificate`
`subject_alt_names`	`TLSCertificate`
`ip_address`	`URL`

Fingerprint Assets

Fingerprint

Property	Type	Required	Description
`type`	string	true	The type of fingerprint
`value`	string	true	The value of the fingerprint

Outgoing Relationships

Relationship	Type
`jarm`	`TLSCertificate`

Incoming Relationships

No Incoming Relationships

Network Assets

AutonomousSystem

Property	Type	Required	Description
`number`	int	true	Autonomous System Number

Outgoing Relationships

Relationship	Type
`announces`	`Netblock`
`managed_by`	`RIROrganization`

Incoming Relationships

No incoming relationships

IP Address

Property	Type	Required	Description
`address`	object	true	Network address
`type`	string	true	IPv4 or IPv6

Outgoing Relationships

Relationship	Type
`port`	`Port`

Incoming Relationships

Relationship	Type
`a_record`	`FQDN`
`aaaa_record`	`FQDN`
`contains`	`Netblock`
`ip_address`	`URL`

Netblock

Property	Type	Required	Description
`cidr`	object	true	CIDR representation of an IP block
`type`	string	true	IPv4 or IPv6

Outgoing Relationships

Relationship	Type
`contains`	`IPAddress`

Incoming Relationships

Relationship	Type
`announces`	`AutonomousSystem`

Port

Property	Type	Required	Description
`port`	int	true	Port number
`protocol`	string	true	TCP or UDP

Outgoing Relationships

No Outgoing Relationships

Incoming Relationships

Relationship	Type
`port`	`URL`

RIROrganization

Property	Type	Required	Description
`name`	string	true	Organization Name
`rir_id`	string	false	unique identifier of the RIR organization
`rir`	string	false	Regional Internet Registry

Outgoing Relationships

No outgoing relationships

Incoming Relationships

Relationship	Type
`managed_by`	`AutonomousSystem`
`rir_org`	`Organization`

Organization Assets

Organization

Property	Type	Required	Description
`org_name`	string	true	The name of the organization
`industry`	string	false	Primary industry that the organization is associated with.

Outgoing Relationships

Relationship	Type
`rir_organization`	`RIROrganization`
`location`	`Location`
`phone_number`	`Phone`
`email`	`Email`
`operates`	`Registrar`

Incoming Relationships

Relationship	Type
`reseller`	`Whois`
`admin_org`	`Whois`
`tech_org`	`Whois`
`billing_org`	`Whois`
`registrant_org`	`Whois`
`subject_organization`	`TLSCertificate`
`subject_organization_unit`	`TLSCertificate`
`issuer_organization`	`TLSCertificate`
`issuer_organization_unit`	`TLSCertificate`

People Assets

Person

Property	Type	Required	Description
`full_name`	string	true	The full name of the person
`first_name`	string	false	The first name of the person
`middle_name`	string	false	The middle name of the person
`last_name`	string	false	The last name of the person
`birth_country`	string	false	The country where the person was born.
`date_of_birth`	string	false	The date of birth of the person.

Outgoing Relationships

Relationship	Type
`phone_number`	`Phone`
`email`	`Email`
`location`	`Location`

Incoming Relationships

Relationship	Type
`admin_person`	`Whois`
`tech_person`	`Whois`
`billing_person`	`Whois`
`registrant_person`	`Whois`

TLS Certificate Assets

TLSCertificate

Property	Type	Required	Description
`common_name`	string	true	The common name of the certificate
`subject_organization`	string	false	The subject organization of the certificate
`subject_organization_unit`	string	false	The subject organization unit of the certificate
`subject_state_or_province`	string	false	The subject state or province of the certificate
`subject_locality`	string	false	The subject locality of the certificate
`subject_country`	string	false	The subject country of the certificate
`issuer`	string	false	The issuer of the certificate
`issuer_organization`	string	false	The issuer organization of the certificate
`issuer_organization_unit`	string	false	The issuer organization unit of the certificate
`not_before`	string	false	The not before date of the certificate
`not_after`	string	false	The not after date of the certificate
`subject_alt_names`	[]string	false	The subject alternative names of the certificate
`signature_algorithm`	string	false	The signature algorithm of the certificate
`public_key_algorithm`	string	false	The public key algorithm of the certificate
`fingerprint_sha1`	string	false	The SHA1 fingerprint of the certificate
`fingerprint_sha256`	string	false	The SHA256 fingerprint of the certificate

Outgoing Relationships

Relationship	Type
`common_name`	`FQDN`
`subject_organization`	`Organization`
`subject_organization_unit`	`Organization`
`subject_state_or_province`	`Location`
`subject_locality`	`Location`
`subject_email_address`	`Email`
`issuer`	`FQDN`
`issuer_organization`	`Organization`
`issuer_organization_unit`	`Organization`
`subject_alt_names`	`FQDN`
`issuer_urls`	`URL`
`oscp_server`	`URL`

Incoming Relationships

No Incoming Relationships

URL Assets

URL

Property	Type	Required	Description
`url`	string	true	The URL
`scheme`	string	false	The scheme of the URL
`username`	string	false	The username of the URL
`password`	string	false	The password of the URL
`host`	string	false	The host of the URL
`port`	int	false	The port of the URL
`path`	string	false	The path of the URL
`options`	string	false	The options of the URL
`fragment`	string	false	The fragment of the URL

Outgoing Relationships

Relationship	Type
`port`	`Port`
`url`	`IPAddress`
`url`	`FQDN`

Incoming Relationships

Relationship	Type
`issuer_urls`	`TLSCertificate`
`oscp_server`	`TLSCertificate`

Whois / Registration Assets

Registrar

Property	Type	Required	Description
`name`	string	true	The name of the registrar.
`url`	string	false	The URL of the registrar's website.
`iana_id`	string	false	The IANA ID of the registrar.

Outgoing Relationships

Relationship	Type
`abuse_email`	`Email`
`abuse_phone`	`Phone`
`whois_server`	`FQDN`

Incoming Relationships

Relationship	Type
`published_by`	`Whois`
`operates`	`Organization`

Whois

Property	Type	Required	Description
`type`	string	true	Type of whois record
`registrar`	string	false	The registrar of the domain name
`domain`	string	false	The domain name
`reseller`	string	false	The reseller of the domain name
`name_servers`	[]string	false	The name servers of the domain name
`created_date`	string	false	The creation date of the domain name
`updated_date`	string	false	The last updated date of the domain name
`expiration_date`	string	false	The expiration date of the domain name
`domain_status`	[]string	false	The status of the domain name
`registry_registrant_id`	string	false	The registrant id of the domain name
`registry_registrant_name`	string	false	The registrant name of the domain name
`registry_registrant_org`	string	false	The registrant organization of the domain name
`registry_registrant_location`	string	false	The registrant street of the domain name
`registry_registrant_phone`	string	false	The registrant phone of the domain name
`registry_registrant_fax`	string	false	The registrant fax of the domain name
`registry_registrant_email`	string	false	The registrant email of the domain name
`registry_domain_id`	string	false	The domain id of the domain name
`registry_billing_id`	string	false	The billing id of the domain name
`registry_billing_name`	string	false	The billing name of the domain name
`registry_billing_org`	string	false	The billing organization of the domain name
`registry_billing_location`	string	false	The billing location of the domain name
`registry_billing_phone`	string	false	The billing phone of the domain name
`registry_billing_fax`	string	false	The billing fax of the domain name
`registry_billing_email`	string	false	The billing email of the domain name
`registry_admin_id`	string	false	The admin id of the domain name
`registry_admin_name`	string	false	The admin name of the domain name
`registry_admin_org`	string	false	The admin organization of the domain name
`registry_admin_location`	string	false	The admin location of the domain name
`registry_admin_phone`	string	false	The admin phone of the domain name
`registry_admin_fax`	string	false	The admin fax of the domain name
`registry_admin_email`	string	false	The admin email of the domain name
`registry_tech_id`	string	false	The tech id of the domain name
`registry_tech_name`	string	false	The tech name of the domain name
`registry_tech_org`	string	false	The tech organization of the domain name
`registry_tech_location`	string	false	The tech location of the domain name
`registry_tech_phone`	string	false	The tech phone of the domain name
`registry_tech_fax`	string	false	The tech fax of the domain name
`registry_tech_email`	string	false	The tech email of the domain name
`description`	string	false	The description of the whois record
`dnssec`	string	false	The DNSSEC status of the domain.

Outgoing Relationships

Relationship	Type
`published_by`	`Registrar`
`name_server`	`FQDN`
`reseller`	`Organization`
`admin_org`	`Organization`
`admin_person`	`Person`
`admin_phone`	`Phone`
`admin_email`	`Email`
`admin_location`	`Location`
`tech_org`	`Organization`
`tech_person`	`Person`
`tech_phone`	`Phone`
`tech_email`	`Email`
`tech_location`	`Location`
`billing_org`	`Organization`
`billing_person`	`Person`
`billing_phone`	`Phone`
`billing_email`	`Email`
`billing_location`	`Location`
`registrant_org`	`Organization`
`registrant_person`	`Person`
`registrant_phone`	`Phone`
`registrant_email`	`Email`
`registrant_location`	`Location`

Incoming Relationships

Relationship	Type
`registration`	`FQDN`

Discovery Path

In order to understand how assets have been discovered, the Open Asset Model provides a specification that allows an operator to trace the path of how an asset was discovered.

As an example, the following log event could be used to determine how 108.162.193.247 was associated with the owasp.org domain.

Source Asset {"id":1,"name":"owasp.org","tld":"org"} generated a [DNS A Record Request] that was serviced by [source] on [timestamp] and exposed Asset {id:2,"address":"108.162.193.247","type":"v4"}

or in the negative case

Source Asset [] generated [request type] on [timestamp] that had no sources that could fulfill the request

source_asset: the id of the asset that was used to generate the request that found the asset.
asset: the id of the asset discovered.
timestamp: the timestamp in which the asset was discovered.
source: - The source that the asset was derived from.
- name - The name of the source

In the future, source can be extended to capture additional information about the nature of the collection that was performed.

Files

taxonomy.md

Latest commit

History

taxonomy.md

File metadata and controls

Open Asset Model Specification

Goals

Asset Taxonomy

Contact Assets

Email Address

Outgoing Relationships

Incoming Relationships

Location

Outgoing Relationships

Incoming Relationships

Phone

Outgoing Relationships

Incoming Relationships

Domain Assets

FQDN

Outgoing Relationships

Incoming Relationships

Fingerprint Assets

Fingerprint

Outgoing Relationships

Incoming Relationships

Network Assets

AutonomousSystem

Outgoing Relationships

Incoming Relationships

IP Address

Outgoing Relationships

Incoming Relationships

Netblock

Outgoing Relationships

Incoming Relationships

Port

Outgoing Relationships

Incoming Relationships

RIROrganization

Outgoing Relationships

Incoming Relationships

Organization Assets

Organization

Outgoing Relationships

Incoming Relationships

People Assets

Person

Outgoing Relationships

Incoming Relationships

TLS Certificate Assets

TLSCertificate

Outgoing Relationships

Incoming Relationships

URL Assets

URL

Outgoing Relationships

Incoming Relationships

Whois / Registration Assets

Registrar

Outgoing Relationships

Incoming Relationships

Whois

Outgoing Relationships

Incoming Relationships

Discovery Path