Skip to content
Xint Docs

What is an Asset?

An Asset represents a single site you want to scan. It exists so that you don’t have to re-enter the same settings every time you scan the same site, and so that the testing history for that site is accumulated in one place.

Asset Configuration

Section titled “Asset Configuration”

A single Asset holds the following configuration values.

  • Asset Name: A label used to identify the Asset in the list.
  • Target URL: The URL that serves as the starting point of a scan. This cannot be changed after the Asset is created.
  • Target Options: User Agent, Accept Insecure TLS Certificate, HTTP Basic Authentication, Proxy URL, and so on.
  • Scan scope: The list of domains that scan traffic is allowed to reach.
  • Vulnerability Categories: The categories of vulnerabilities to test for. You can use the list recommended by the Xint team or customize it yourself.
  • Allowed Scanning Time: The days and time windows during which scanning is allowed.

What an Asset Accumulates

Section titled “What an Asset Accumulates”

An Asset accumulates the results of every scan that has been run against it.

  • Findings: Vulnerabilities discovered across scans are accumulated here. When the same type of vulnerability is detected repeatedly across multiple scans, you can consolidate them into a single Finding for unified management, or run a Retest to verify whether the issue has been resolved. For details, see Managing Findings.
  • Endpoints: All endpoints identified across the Asset’s scans are listed here.
  • Threat scenarios: A list of attack scenarios generated and executed by Xint AI against this Asset. You can trace which scenario was used to test for and discover each vulnerability.
  • Scan history: All scans run against this Asset are stored in chronological order. Each entry’s status, start/end time, and result summary let you track how the security posture has changed over time.

How Assets and Scans Relate

Section titled “How Assets and Scans Relate”
Asset (acme-production)
 ├─ Scan #1   ✅ Success    2026-04-12 10:00
 ├─ Scan #2   ✅ Success    2026-04-19 10:00
 ├─ Scan #3   ⚠️ Failure    2026-04-26 10:00
 └─ Scan #4   🔵 Running    2026-05-03 10:00
  • An Asset represents what to scan, while a Scan represents a single point-in-time check.
  • Once you’ve configured an Asset, you can easily create new scans against the same site by reusing the Asset’s settings.
  • Even for the same site, results can vary over time because the site itself changes and its security posture changes with it. That’s why each scan’s results are stored separately.
  • When the same vulnerability is repeatedly detected across scans, its Finding history is tracked at the Asset level.