How to use asset portfolios to segment your domains

Organizing your domains into portfolios can simplify management and help enforce access controls.

Written by Christian Kiely

As your list of assets in BreachSight expands, and more users from your organization join your UpGuard account, it can become essential to organise your domains into segments called portfolios.

These portfolios can be useful for easily filtering views and reports within BreachSight, and also ensuring users in your account have access to see only the domains and IPs (and associated risks) that concern them.

By default, we start you off with a single portfolio simply called Default. You can create new portfolios and rename the default one to suit your specific needs. For example, you may want to create portfolios for each department in your organization.

On this page, you can learn how to:

Adding domains to a portfolio

You can use the Domains screen to add or change the portfolios for domains.

By default, all your domains will be in your Default portfolio.

Select one or more domains, then click Edit portfolios in the action bar.

Now you can select the portfolio(s) you want these domains to belong to. You can also create a new portfolio using this screen.

In this case, I'm creating a new portfolio called Product and adding these domains to it.

In this step, you can also choose whether you want to apply the portfolio changes to just the domains you have selected, or optionally to all their children. If you select to apply it to all the domains' children, all currently known subdomains of the selected domains will also have the same changes applied.

Click Save changes when ready.

After saving, you can now see that the selected domains have been moved to the new portfolio.

Portfolios automatically assigned to new domains

When new primary domains are discovered for your organization, they will be assigned to the Default portfolio.

When new subdomains are discovered, they will inherit the portfolios of their nearest parent. For example, if a subdomain test3.dev.example.com were discovered, it would automatically inherit the portfolios of dev.example.com. If needed, you can edit the portfolio membership for the new subdomain.

Creating, renaming or deleting portfolios

Portfolios can be managed via the Domain/IP Management Settings screen, accessible by clicking Settings in the side navigation, then clicking the Domain/IP Management tab.

You can also find a shortcut to managing portfolios within the Switch Portfolio dropdown:

Once on the Domain/IP Management screen, click Edit in the Portfolios box to make changes.

From here, you can freely add, remove, or rename portfolios. The default portfolio can also be renamed.

When you're finished making changes, click Save changes.

Portfolios for IP addresses

IP addresses cannot be directly assigned to asset portfolios. Rather, they will inherit the portfolios of any of their associated domains. If there are multiple associated domains in multiple portfolios, the set of portfolios for an IP address will be the full set of all those portfolios.

IP ranges will inherit the full set of portfolios that have been inherited by IP addresses within the range.

Some IPs, such as Custom IPs or those in Owned Ranges, are not associated with any domains. These IP addresses and ranges will therefore not be associated with any portfolios. They will not appear in any portfolio-filtered views, or to any users with permissions for specific portfolios.

Using portfolios to filter views and reports

Once you've created some portfolios and added some domains to those portfolios, you can make full use of them by filtering BreachSight views and reports by portfolio.

We provide an easy way to switch the portfolio you're looking at in the header of any top-level BreachSight page, such as Executive Summary, Risk Profile, and Domains.

To do this, click the Current Portfolio dropdown in the page header. You'll see all portfolios in the account listed, with a count of domains in each portfolio.

Clicking on a portfolio will apply a filter to your entire BreachSight module, so you know you are only looking at data relating to the domains in the selected portfolio.

All Portfolios is a special option that encompasses all known domains in your account, across all portfolios.

While you are viewing a specific portfolio via this dropdown, any exports will also be filtered to domains in that portfolio.

You can also do more advanced filtering using portfolios by clicking the Filter button, which will open the filter panel. Portfolio filters can be applied in conjunction with any other filters available.

Setting up users and roles with access to specific portfolios

When editing a user's permissions or editing a custom role, you can elect to grant BreachSight permissions for specific portfolios only. To do this, on the permissions editor, click Specific Portfolios under the BreachSight section.

Then, for each portfolio set up on your account, you can choose whether to grant the user/role full access, restricted access, or no access.

Users with access to specific portfolios will only be able to see those portfolios, and any risks and IPs associated with domains in those portfolios.

Note regarding Risk Waivers and Remediation Requests

Risk Waivers and Remediation Requests can contain multiple domains over multiple portfolios, and as such, users with access to specific portfolios will only see a filtered set of those waivers or requests that pertain to domains they have access to.

If a user has read-only access, or no access, to any domain in a Risk Waiver or Remediation Request, then they will have read-only access to the waiver or request itself.

Creating custom notifications to trigger for specific portfolios

When creating custom notifications, you can now also set them to trigger only for domains in selected portfolios. To do this, select the Portfolios option when creating your custom notification, and define the portfolios you want to include.

See also: