Build a living inventory of all assets, owners, and relationships. Track lifecycle, classify data, and surface gaps that impact risk, incidents, and audits.
Hardware, software, data stores, vendors, APIs, cloud resources—classified, owned, and auditable.
Track asset class, category, type, owner, location, business unit, and lifecycle state with custom fields.
Score Confidentiality/Integrity/Availability and apply data classifications to drive risk and policy controls.
Model upstream/downstream relationships (apps ↔ DBs ↔ services) to understand blast radius and impact.
Assign owners/custodians, define SLAs, and escalate automatically on gaps or overdue tasks.
Generate labels to check in/out, view asset records, and log custody or maintenance on the fly.
Immutable activity logs, attachments, and change reasons to support audits and investigations.
Built for real-world estates—from laptops to Kubernetes.
Model desktops, laptops, mobiles, servers, and network gear with warranty, vendor, and maintenance data.
Track licenses, vendors, versions, environments, and EOL/EOS with renewal reminders and approvals.
Catalogue databases, buckets, and shares; define data owners, classification, retention, and encryption state.
Register AWS/Azure/GCP resources (instances, RDS/SQL, storage, functions) and map them to services.
Connect apps to infra and shared services. Visualise service maps and concentration risk.
Procure → in service → maintenance → retire. Capture handovers, health checks, and decommission evidence.
Opinionated defaults that match your CMDB-lite model.
Bulk import CSV/JSON or connect discovery sources. Normalize names and dedupe by fingerprints.
Set business owner and custodian. Enforce ownership SLAs and highlight orphaned assets.
Apply data labels and CIA scoring. These values flow into risk calculations automatically.
Relate apps, DBs, services, and vendors. Understand upstream/downstream impacts.
Track maintenance, patch status, incidents, and secure decommission with data destruction proof.
Sync sources to keep your register living and accurate.
Same hardened, multi-tenant foundation as the rest of PurpleWASP.
Least-privilege roles and SSO/SAML/SCIM for centralized identity and provisioning.
TLS in transit; at-rest encryption; optional field-level encryption for sensitive attributes.
Change history with actor, timestamp, and reason codes—exportable for audits.
Retention/Legal hold; link asset evidence to policy requirements and standards (ISO 27001, GDPR).
Per-org databases and strict query boundaries to prevent cross-tenant access.
Map controls to asset classes to ensure baseline hardening and coverage.
Reduce blind spots, raise accountability, and tie assets to risk and policy.
| Capability | Manual / Ad-hoc | PurpleWASP Asset Management |
|---|---|---|
| Inventory accuracy | Static; frequent drift | Synced from sources; dedupe & normalization |
| Ownership | Unclear or missing | Enforced owner/custodian with SLA & escalations |
| Relationships | Rarely modeled | Topologies & dependencies → impact awareness |
| Compliance evidence | Manual collation | Immutable logs, attachments, and exports |
| Risk linkage | Decoupled from register | CIA & classification feed risk and policy modules |
Answers for asset owners and auditors.
Create assets manually or import from CSV/API. Assign owners and set classification/CIA.
Connect apps, DBs, services, and vendors. Generate service maps for impact analysis.
All changes are logged with timestamps and actors for full traceability.
