Service¶
The Service asset type in the OWASP Open Asset Model (OAM) represents a network-accessible service discovered during external intelligence collection. This typically includes any server process that responded to a connection attempt on a known port—such as web servers, SSH daemons, mail servers, database listeners, and more.
-
Definition: A
Serviceasset captures metadata about a responding network service, including its type (e.g.,http,ssh,ftp), the raw output from its initial response, and optionally a set of key-valueattributessuch as HTTP headers or protocol banners. -
Purpose: The
Serviceasset allows the model to anchor discovery events at the protocol layer, enabling linkage between hosts (e.g., IP addresses or FQDNs), ports, and deeper contextual assets likeTLSCertificateorProduct. This supports questions like: “What is responding on port 443?”, “Which certificates are served from this endpoint?”, or “What headers are exposed by this HTTP server?” -
Design Choice: By treating services as first-class assets, OAM avoids overloading lower-level host or transport layers with application-layer metadata. This cleanly separates service-level observations and makes it easy to enrich, correlate, or reason over what’s actually deployed on a given interface.
The Service asset type anchors application-layer discovery to observable ports on internet-facing hosts, enabling technology fingerprinting, encryption analysis, and vulnerability enrichment across the OAM graph.
Service Attributes¶
| Attributes | Type | Required | Description |
|---|---|---|---|
unique_id |
string | Unique identifier for the service | |
service_type |
string | Protocol or service label (e.g., http, ssh, smtp) |
|
output |
string | Raw response received from the service (e.g., HTTP banner, SSH version) | |
output_length |
integer | Length of the captured output string |
|
attributes |
object | Key-value pairs extracted from the service response (e.g., headers, options) |
Service Properties¶
| Property Type | Property Name | Description |
|---|---|---|
SimpleProperty |
last_monitored |
Tracks when a data source was last queried regarding this Service |
SourceProperty |
Source Plugin Name | Indicates that the specified data source discovered this Service |
Service Outgoing Relations¶
graph TD
service["Service"]
org["Organization"]
provider@{ shape: braces, label: "provider" }
service --o provider
provider --> org
cert["TLSCertificate"]
certificate@{ shape: braces, label: "certificate" }
service --o certificate
certificate --> cert
file["File"]
url["URL"]
tos@{ shape: braces, label: "terms_of_service" }
service --o tos
tos --> file
tos --> url
prod["Product"]
prodrel["ProductRelease"]
used@{ shape: braces, label: "product_used" }
service --o used
used --> prod
used --> prodrel| Relation Type | Relation Label | Target Assets | Description |
|---|---|---|---|
SimpleRelation |
provider |
Organization |
Links the service with the Organization hosting the server |
SimpleRelation |
certificate |
TLSCertificate |
Links the service with an associated TLS certificate |
SimpleRelation |
terms_of_service |
File, URL |
Links the service with terms of service information |
SimpleRelation |
product_used |
Product, ProductRelease |
Links the service to Product and versioning details |
© 2025 Jeff Foley — Licensed under Apache 2.0.