InfoRelay/ AssetGuard
Downloads · Contact
InfoRelay·AssetGuard

Tenable.sc operator's toolbox.
See, find, fix what the UI hides.BETA · v0.1

License-bloat audit. Scan-zone visibility. DHCP-churn detection. Diagnostics export. AssetGuard taps the Tenable.sc REST API and surfaces what the built-in dashboard can't — every page is a tool you'd otherwise rebuild yourself.

⬇ Download for Windows Why this exists
Read-only — no purge in v0.1, no risk of bad clicks Single 20 MB binary · no installer · UAC self-elevates Talks only to your operator-specified SC API-key auth · works air-gapped relative to internet
Why it exists

You're at 92% license utilization and you scan ~25% of what you own.

If that sounds familiar, you're hitting one of these. AssetGuard tells you which.

🔁 DHCP churn

  • One laptop changes IP daily on the corp wifi
  • Each new IP = one license slot for 90 days
  • One physical host can eat 30-60 slots in a quarter
  • AssetGuard's Churn page lists every hostname-on-multiple-IPs

🌐 Over-scoped discovery

  • Discovery scan set to 10.10.0.0/16
  • That includes a /20 of guest wifi you forgot existed
  • 500 throwaway phones now count against your license
  • AssetGuard's CIDR breakdown surfaces the over-represented ranges

🕒 Stale data

  • Decommissioned hosts hang on for 90 days post-last-scan
  • Acquired/merged repositories bring ghosts forward
  • Mass IP renumbering doubles your count for a quarter
  • AssetGuard's Stale page sorts every IP by days-since-last-seen

📊 Per-repo opacity

  • You have 8 repositories. Three of them are old.
  • Tenable shows you the total but not per-repo license share
  • AssetGuard's Repos overview has a bar chart — 30 seconds to spot the outlier
v0.1.2 surface

Three categories. Nine tools. One job: tell you the truth SC hides.

License & bloat

🪪

License details

SC version · licensed IP cap · actual usage · utilization % · module entitlements. Side-by-side gap analysis.

🏛

Repos

Per-repo IP counts (BOTH what SC reports AND analysis-actual — they often disagree). License-share bar from the truthful one.

🕒

Stale IPs

Configurable threshold. Sorted oldest-first. Severe-pill on anything 90+ days stale.

🔁

DHCP churn

Hostnames on >1 IP within the audit window. Tells you how many slots one physical asset is eating.

🌐

CIDR breakdown

Group every IP by /24, /16, or any mask. Find the subnet you didn't mean to scan.

Scan operations

🛰

Scan zones

Each zone's assigned scanners + CIDR ranges. THE answer to "where is this range coming from".

v0.3

Active scans

What's running, what's recently failed, what's pulling in more hosts than expected.

v0.3 🔑

Credentials

Defined cred sets (never the secrets — those aren't exposed by the API) + which scans use them.

Diagnostics

🩺

Diagnostics report

One-page snapshot: build · platform · SC probe · recent activity. Downloadable as .txt for emailing bug reports.

📜

Audit log

Append-only log of every API call AssetGuard made. Downloadable as .jsonl. Clearable from the UI.

v0.2 🧹

Purge planner

Dry-run-by-default, confirm-before-execute. Bulk-remove stale IPs. Operator always clicks final-confirm.

Get AssetGuard

v0.1 beta · single binary · 20 MB

No installer. Double-click → UAC self-elevates → native window opens on 127.0.0.1:9977. Configure your SC URL + API keys, click Repos, done.

🪟 Windows
10/11 x64 · UAC self-elevate · WebView2
assetguard-0.1-windows-x64.zip
🍎 macOS
Apple Silicon · 13+
assetguard-0.1-macos-arm64.zip
🐧 Linux
x86_64 · GTK + WebKit2
assetguard-0.1-linux-x86_64.zip

First-launch checklist

  1. Download the platform zip + extract.
  2. In your Tenable.sc UI: user icon → My Account → API Keys → Generate. Copy both Access Key + Secret Key (the Secret is shown only once).
  3. Double-click the binary. UAC prompts on Windows — click Yes.
  4. App opens on 127.0.0.1:9977. Go to ⚙ Settings, paste your SC URL + the two keys. Leave Verify TLS unchecked if your SC uses a corp-CA cert that isn't in your system trust store.
  5. Click Save & test connection — you'll see your SC version + the username AssetGuard is acting as.
  6. Click Repos → first surface is your per-repo license-share breakdown.
Beta feedback: licensing@inforelay.ai. Read-only in v0.1 — purge planner with dry-run + confirm lands in v0.2.

Pricing not yet published — beta access is free. Production tiering will follow the InfoRelay family pattern (Solo / Team / Site, annual per SC).

Operating posture

What AssetGuard does, and what it never does.

✓ Does

  • Talks only to the Tenable.sc URL you specify in Settings
  • Uses an API key you mint under your own SC user
  • Stores config + API keys at ~/.netguard/assetguard/sc.json (chmod 0600 on POSIX)
  • Logs every API call to an append-only file you can audit
  • Binds only to 127.0.0.1:9977

✗ Never does

  • No telemetry. No usage tracking. No phone-home.
  • No external API calls beyond your operator-specified SC
  • No installer, no service, no scheduled task created on install
  • No purge or modification of SC data in v0.1 (planner with confirm-execute in v0.2)
  • No external LLM. No SaaS dependency.