Asset Intelligence

Understand the product surface, the main concepts, and where to go deeper.

Asset Intelligence helps you understand what internet-facing assets exist, how they are exposed, what has changed, and which observations matter from a security and trust perspective. In practice, those assets begin as monitored domains and public IP addresses.

It is designed to answer practical questions such as:

What assets are currently in scope?
What services, pages, DNS records, and certificates are associated with them?
What organization context is related to the asset?
What changed recently?
Which changes are simply observations, and which should be treated as issues?
How should teams interpret that information over time?

What Asset Intelligence is

Asset Intelligence is not just an inventory. It is a living view of internet-facing reality.

A basic inventory tells you what should exist. Asset Intelligence helps you see what is actually observable, how that picture evolves, and where that evolution may deserve attention.

This matters because asset posture is rarely static. Domains gain new pages. Services appear on new ports. DNS records change. Certificates are replaced. Similar domains emerge. What matters operationally is often not the existence of a thing, but the fact that it is new, changed, unexpected, or no longer present.

What you can see in the product

Asset Intelligence is organized so teams can move from summary to evidence.

Asset overview

The overview is the starting point for understanding an asset's current state. It brings together current posture, recent activity, and related context so you can orient quickly before moving deeper. Where available, that context can also include related organization information.

Recent activity is usually easiest to read in two lanes:

operational events for material changes across the monitored surface
intelligence events for lower-noise discovery signals such as curated similar-domain observations

Ports

The Ports area shows discovered open ports and related transport context. It helps answer which services are externally reachable and whether new network-facing behavior has appeared.

Pages

The Pages area helps you understand the observed web surface of an asset. Depending on the page and monitoring mode, this can include screenshots, technologies, HTTP headers, cookies, resources, console logs, and page services.

Use the page view when you need to answer questions such as:

what the page looked like when it was observed
which frameworks, libraries, or third-party tools were detected
which headers were returned by the server
which cookies were present before and after consent handling
which resources were loaded by the page
whether the browser logged warnings, errors, or other runtime messages
which durable third-party services appear to be in use on the page

DNS and certificates

These areas provide visibility into resolution, trust material, and the changes that affect them over time.

Similar domains

The Similar Domains area surfaces lookalike and adjacent-domain intelligence around a monitored domain.

Organization context

When Kantoku can relate an asset to an organization, Asset Intelligence can also surface supporting organization context such as profile details, trust pages, and known security incidents. This helps teams connect the observed technical surface to the entity behind it.

Events and findings

These areas help you move from observation to interpretation:

Events explain change.
Findings highlight conditions that may require review, tracking, or disposition.

In practice, recent events can also be separated into operational and intelligence views so teams can review important surface changes without losing curated discovery history.

Reports

Reports package the current picture for sharing when it needs to be communicated outside the live product views. They can also help communicate recent change categories, including page-service changes, without requiring other stakeholders to navigate the live interface.

How to read Asset Intelligence

Asset Intelligence is most useful when it is read as a time-aware product rather than a static catalog.

At any moment, an asset can contain a mix of:

stable conditions that have been known for some time
newly observed conditions
changed conditions
conditions that have disappeared
conditions that are noteworthy enough to become findings

That distinction matters. A stable open port and a newly exposed open port may both be visible, but they do not mean the same thing. A long-known similar domain and a newly observed lookalike domain do not carry the same operational weight.

This is also why Asset Intelligence separates some discovery-heavy signals from the main operational timeline. A newly observed lookalike domain may be worth seeing, but it is not the same kind of change as a newly exposed service, changed certificate, or shifted page behavior.

A good working pattern

A practical way to use Asset Intelligence is:

start from the asset overview to understand the current picture
review recent events to understand what changed
review findings to understand what may need attention
inspect supporting evidence in ports, pages, DNS, certificates, and similar domains
generate a report when the current picture needs to be shared

What Asset Intelligence is for

Asset Intelligence is for understanding internet-facing reality with more context than a basic inventory or periodic scan can provide.

It helps teams:

maintain a current picture of exposed assets
understand what changed and when
separate observation from interpretation
investigate findings with supporting evidence
communicate posture more clearly across technical and non-technical stakeholders