Skip to content

Inventory

Select Inventory from the main menu to view detailed, itemized lists of your discovered cryptography.

The tabs organize your cryptography by:

  • Keys - a sequence of bits used as input to a cryptographic algorithm to encrypt, decrypt, sign, or authenticate data.
  • Certificates - a digitally signed document, linking a public key to an identity.
  • Operations - a specific process or function, such as encryption, decryption, signing, or verification, that is performed on data using a key.
  • Handshakes - processes to establish a secure connection between networked applications.
  • Secrets - non-standard or user-defined objects retrieved from an external data source.

AQtive Guard Inventory screen with Keys tab selected

The following sections provide details for each tab.

Keys

The Keys tab provides a comprehensive view of the keys within your cryptography inventory, including the following information for each:

  • Type - the algorithm used to generate the key, such as RSA, DSA, DH, etc.
  • Length - the length of the key, in bits (1024, 2048, etc.)
  • Has private key - indicates whether the key has an associated private key.
  • Last scanned - the date and time of the most recent scan where the object was found (MM/DD/YYYY HH:MM:SS AM/PM), based on the time zone set in your browser, with system time in UTC.
  • Data sources - the integration or sensor that provided the data for the item.
  • Severity - when applicable, indicates the degree of non-compliance with policy as determined by the rule used for analysis.

Use the local filters at the top of the table to filter by key Type or key Length. You may also apply one or more global filters at the top of the screen.

Key details

To view more detailed information about a specific key, select Details. The details panel provides additional insights, including associated:

  • Locations - where the item was discovered.
  • Issues - generated when a rule flags the item.
  • Certificates - a digitally signed document, linking a public key to an identity.
  • Operations - a specific process or function, such as encryption, decryption, signing, or verification, that is performed on data using a key.
  • Hosts - a physical or virtualized computing system, such as a server, workstation, or virtual machine, that serves as the operating environment for applications and container images.
  • Apps - a software program or service running on a host.
  • Container images - a packaged software component that was scanned, containing an application’s filesystem and configuration.
  • Sessions - the date, time, and data source(s) for a specific item that was ingested or detected, providing a detailed breakdown of its Last scanned history.

To access a JSON object containing all key metadata, scroll to the bottom of the panel and select View full key.

Certificates

The certificate inventory is summarized in the Certificates tab, which includes the following information:

  • Subject - the entity that this certificate represents, e.g. web site, application, individual.
  • Issuer - the authority that issued the certificate.
  • Valid until - the certificate expiration date.
  • Validity period - the certificate validity period.
  • Digest algorithm - the hash function used.
  • Last scanned - the date and time of the most recent scan where the object was found (MM/DD/YYYY HH:MM:SS AM/PM), based on the time zone set in your browser, with system time in UTC.
  • Data sources - the integration or sensor that provided the data for the item.
  • Severity - when applicable, indicates the degree of non-compliance with policy as determined by the rule used for analysis.

Use the local filters at the top of the table to filter by certificate Subject or Issuer. You may also apply one or more global filters at the top of the screen.

Certificate details

To view more detailed information about a specific certificate, select Details. The details panel provides additional insights, including associated:

  • Locations - where the item was discovered.
  • Issues - generated when a rule flags the item.
  • Keys - a sequence of bits used as input to a cryptographic algorithm to encrypt, decrypt, sign, or authenticate data.
  • Operations - a specific process or function, such as encryption, decryption, signing, or verification, that is performed on data using a key.
  • Handshakes - processes to establish a secure connection between networked applications.
  • Hosts - a physical or virtualized computing system, such as a server, workstation, or virtual machine, that serves as the operating environment for applications and container images.
  • Apps - a software program or service running on a host.
  • Container images - a packaged software component that was scanned, containing an application’s filesystem and configuration.
  • Sessions - the date, time, and data source(s) for a specific item that was ingested or detected, providing a detailed breakdown of its Last scanned history.

To access a JSON object containing all certificate metadata, scroll to the bottom of the panel and select View full certificate.

Operations

The Operations tab provides a comprehensive view of the cryptographic operations discovered during analysis, including the following information:

  • Type - the cryptographic operation performed.
  • Timestamp - the date and time of the operation (MM/DD/YYYY HH:MM:SS AM/PM), based on the time zone set in your browser, with system time in UTC.
  • Algorithms - the algorithm used, such as AES, RSA, HMAC, etc.
  • Last scanned - the date and time of the most recent scan where the object was found (MM/DD/YYYY HH:MM:SS AM/PM), based on the time zone set in your browser, with system time in UTC.
  • Data sources - the integration or sensor that provided the data for the item.
  • Severity - when applicable, indicates the degree of non-compliance with policy as determined by the rule used for analysis.

Note

If an operation involves multiple calls, the timestamp of the operation reflects the final call.

Use the local filters at the top of the table to filter by operation Type. You may also apply one or more global filters at the top of the screen.

Operations details

To view more detailed information about a specific operation, select Details. The details panel provides additional insights, including associated:

  • Stack trace - the sequence of function calls at the point the item was detected.
  • Issues - generated when a rule flags the item.
  • Keys - a sequence of bits used as input to a cryptographic algorithm to encrypt, decrypt, sign, or authenticate data.
  • Certificates - a digitally signed document, linking a public key to an identity.
  • Hosts - a physical or virtualized computing system, such as a server, workstation, or virtual machine, that serves as the operating environment for applications and container images.
  • Apps - a software program or service running on a host.
  • Container images - a packaged software component that was scanned, containing an application’s filesystem and configuration.
  • Sessions - the date, time, and data source(s) for a specific item that was ingested or detected, providing a detailed breakdown of its Last scanned history.

To access a JSON object containing all operations metadata, scroll to the bottom of the panel and select View full operation.

Handshakes

The Handshakes tab provides details about the negotiation of cryptographic parameters during data transmission:

  • Source IP - the IP address of the host that initiated the connection.
  • Target IP - the IP address of the destination host.
  • TLS Version - the version of Transport Layer Security used.
  • Selected ciphersuite - the ciphersuite selected for use in this connection.
  • Min. client TLS Version - the earliest version of TLS that the client will accept.
  • Status - whether the handshake was performed successfully or not.
  • Target port - the port number used by the target host to receive the connection.
  • Last scanned - the date and time of the most recent scan where the object was found (MM/DD/YYYY HH:MM:SS AM/PM), based on the time zone set in your browser, with system time in UTC.
  • Data sources - the integration or sensor that provided the data for the item.
  • Severity - when applicable, indicates the degree of non-compliance with policy as determined by the rule used for analysis.

You may apply one or more global filters at the top of the screen.

Handshake details

To view more detailed information about a specific handshake, select Details. The details panel provides additional insights, including associated:

  • Client supported ciphersuites - the ciphersuites the client indicated it could support during the scanned handshake.
  • Client supported key exchange algorithms - the key exchange protocols the client indicated it could support during the scanned handshake.
  • Client supported server authentication algorithms - the authentication protocols the client indicated it could support during the scanned handshake.
  • Client supported versions - the security protocol versions, such as TLS 1.2 or TLS 1.3, the client indicated it could support during the scanned handshake.
  • Issues - generated when a rule flags the item.
  • Certificates - a digitally signed document, linking a public key to an identity.
  • Sessions - the date, time, and data source(s) for a specific item that was ingested or detected, providing a detailed breakdown of its Last scanned history.

Note

An ‘UNKNOWN’ value in a handshake indicates AQG was unable to translate a numerical identifier (NID) due to missing data, a non-standard NID, or a recently introduced NID.

To access a JSON object containing all handshake metadata, scroll to the bottom of the panel and select View full handshake.

Secrets

The Secrets tab displays an inventory of non-standard or user-defined objects retrieved from an external data source.

  • Type - the secret type.
  • Last scanned - the date and time of the most recent scan where the object was found (MM/DD/YYYY HH:MM:SS AM/PM), based on the time zone set in your browser, with system time in UTC.
  • Data sources - the integration or sensor that provided the data for the item.
  • Severity - when applicable, indicates the degree of non-compliance with policy as determined by the rule used for analysis.

You may apply one or more global filters at the top of the screen.

Secrets details

To view more detailed information about a specific operation, select Details. The details panel provides additional insights, including associated:

  • Locations - where the item was discovered.
  • Issues - generated when a rule flags the item.
  • Hosts - a physical or virtualized computing system, such as a server, workstation, or virtual machine, that serves as the operating environment for applications and container images.
  • Apps - a software program or service running on a host.
  • Container images - a packaged software component that was scanned, containing an application’s filesystem and configuration.
  • Sessions - the date, time, and data source(s) for a specific item that was ingested or detected, providing a detailed breakdown of its Last scanned history.

To access a JSON object containing all secrets metadata, scroll to the bottom of the panel and select View full secret.