Assets & Networks
Assets and networks form the foundation of your security assessment data in Hawkra. Networks represent logical groupings of infrastructure (subnets, VLANs, segments), while assets represent individual hosts within those networks. Every asset belongs to exactly one network, and networks belong to a workspace.
Networks
Networks are the top-level organizational unit for your infrastructure inventory. They represent logical network segments such as subnets, VLANs, or isolated environments within your assessment scope.
Creating a Network
To create a network, navigate to the Networks section of your workspace and provide the following details:
| Field | Required | Description |
|---|---|---|
| Name | Yes | A descriptive name for the network (1-255 characters). Example: "Corporate LAN", "DMZ", "Guest WiFi" |
| CIDR Range | No | The network's CIDR notation (e.g., 192.168.1.0/24, 10.0.0.0/8). Validated for correct IPv4 CIDR format |
| VLAN ID | No | The 802.1Q VLAN identifier, if applicable |
| Access Port | No | How the network is accessed during the assessment (up to 100 characters). Example: "eth0 on jump box", "VPN tunnel" |
| Description | No | Free-text description of the network's purpose or scope |
Use descriptive names that your team will recognize. If you are performing a segmented assessment, create one network per segment to keep your assets organized and your reports clear.
Listing Networks
The network list view displays all networks in your workspace along with the count of assets in each network. This gives you a quick overview of your assessment inventory at a glance.
Viewing Network Details
Clicking on a network takes you to its detail view, which shows the network's properties and a complete list of all assets within it. From here you can manage individual assets, run scans, or drill into asset details.
Updating a Network
You can update any network field after creation. Changes to the CIDR range are re-validated to ensure the new value is a valid CIDR notation.
Deleting a Network
Deleting a network also deletes all assets within it and their associated data (ports, services, vulnerability links). This operation cascades and cannot be undone.
Deleting a network permanently removes all assets, discovered ports, service data, and vulnerability links within that network. Make sure you have exported any data you need before deleting.
Assets
Assets represent individual hosts, devices, or systems discovered or documented during your security assessment. Each asset lives within a network and can have associated vulnerabilities, credentials, ports, and services.
Creating an Asset
To add an asset, navigate into a network and create a new asset with the following fields:
| Field | Required | Description |
|---|---|---|
| IP Address | One of IP or Hostname required | The asset's IP address. Bare IPs (e.g., 192.168.1.100) are automatically assigned a /24 CIDR prefix. You can also specify an explicit CIDR (e.g., 10.0.1.50/32) |
| Hostname | One of IP or Hostname required | The asset's hostname or FQDN (up to 255 characters) |
| MAC Address | No | The hardware MAC address (up to 17 characters, e.g., AA:BB:CC:DD:EE:FF) |
| Operating System | No | The detected or known OS (up to 255 characters) |
| OS Version | No | The OS version string (up to 255 characters) |
| Asset Type | Yes | The type of device (see table below) |
| Tags | No | Up to 50 tags for organization, each up to 100 characters |
| Description | No | Free-text description (up to 5,000 characters) |
At least one of IP Address or Hostname must be provided. You can provide both for a more complete record.
Asset Types
When creating or updating an asset, you must select a type from the following options:
| Type | Description |
|---|---|
| Desktop/Laptop | Workstations and portable computers |
| Server | Physical or virtual servers |
| Router | Network routers |
| Switch | Network switches |
| Firewall | Network firewalls and security appliances |
| Wireless Access Point | WiFi access points |
| Printer | Network printers and MFPs |
| Camera | IP cameras and surveillance systems |
| Cell Phone | Mobile phones and tablets |
| IoT | Internet of Things devices |
| Smart TV | Smart televisions and media devices |
| Modem | Cable, DSL, or fiber modems |
| VoIP Phone | Voice over IP phone systems |
| Other | Devices that do not fit other categories |
| Unknown | Unidentified devices (default for auto-discovered assets) |
Viewing Asset Details
The asset detail view provides a comprehensive view of everything known about a host:
- Basic information: IP address, hostname, MAC address, OS, asset type, tags, and description
- Linked vulnerabilities: All vulnerabilities associated with this asset, with their severity and remediation status
- Ports and services: Discovered open ports, protocols, and identified services (populated by scans or manual entry)
- Credentials: Any stored credentials associated with this asset
Port Discovery and Services
Ports and services are primarily populated through scan imports (Nmap, Nessus, OpenVAS, ZAP) but can also be discovered through Hawkra's built-in scanning tools. Each port entry includes:
- Port number and protocol (TCP/UDP)
- Service name (e.g., ssh, http, smb)
- Service version information when detected
Port and service data enriches vulnerability analysis and is included in AI context when the "Include Services" toggle is enabled.
MAC Address Vendor Lookup
If an asset has a MAC address recorded, you can use the Import MAC Data action to look up the hardware vendor. This feature:
- Identifies the device manufacturer from the MAC OUI prefix
- Automatically updates the asset type if it is currently set to "Unknown" (e.g., a Cisco MAC sets the type to "Router")
- Appends the vendor name to the asset description
This is useful for identifying unknown devices discovered during network scans.
Tagging System
Tags provide a flexible way to organize and categorize assets beyond the built-in asset type. Common tagging patterns include:
- Environment:
production,staging,development - Criticality:
critical,high-value,low-priority - Assessment scope:
in-scope,out-of-scope,phase-1 - Compliance:
pci-dss,hipaa,sox
Each asset supports up to 50 tags, with each tag limited to 100 characters.
Updating an Asset
All asset fields can be updated after creation. The same validation rules apply: at least one of IP address or hostname must remain present, and IP addresses are re-validated.
Deleting an Asset
Deleting an asset removes it along with its associated port/service data and vulnerability links. The vulnerabilities themselves are not deleted -- only the links between the vulnerability and this specific asset.
Deleting an asset also removes all port/service discoveries and vulnerability associations for that asset. The vulnerabilities will still exist in the workspace but will no longer be linked to this asset.
Asset Limits by Tier
The number of assets you can create per workspace depends on your subscription tier:
| Tier | Assets per Workspace |
|---|---|
| Free | 15 |
| Premium | 5,000 |
| Self-Hosted | Unlimited |
Asset limits are enforced atomically at creation time. When you reach your tier's limit, you will receive an error indicating the limit has been reached. Upgrading your tier immediately raises the limit without requiring any data migration.
If you are approaching your asset limit on the Free tier, consider removing assets that are no longer in scope before adding new ones, or upgrade to Premium for significantly higher limits.
Tips and Notes
- Network-first organization: Always create your networks before adding assets. Think of networks as folders and assets as files within them.
- IP address handling: When you enter a bare IP like
192.168.1.100, Hawkra automatically stores it with a/24prefix. If you need a specific CIDR (e.g.,/32for a single host), enter it explicitly. - Scan imports populate assets automatically: When importing scan results (Nmap, Nessus, OpenVAS, ZAP), assets are created or updated automatically based on discovered hosts. Existing assets are matched by IP address within the target network.
- Permissions: Viewing assets requires the "View Assets" permission. Creating, updating, and deleting assets requires the "Edit Assets" permission. Workspace owners and admins have both by default.
- Cascade behavior: Deleting a network cascades to all its assets. Deleting an asset cascades to its ports and vulnerability links but not to the vulnerabilities themselves.
- Audit trail: All asset and network creation, modification, and deletion events are recorded in the workspace audit log with the acting user and their IP address.