Discovery and classification of enterprise assets via host characteristics

What is claimed is: 1. A computer-implemented method for managing a plurality of computing assets, the method comprising: identifying a plurality of computing assets of an enterprise network from a list of network addresses associated with each respective computing asset by probing each network address for digital certificate information presented by the respective computing asset in response to the probing; for at least a first computing asset of the one or more of the computing assets: identifying, by operation of at least one computer processor, one or more attributes associated with a digital certificate installed on the first computing asset, identifying one or more configuration attributes of the first computing asset, wherein the one or more configuration attributes include a plurality of network addresses configured on the first computing asset, an indication of whether the plurality of network addresses are reachable outside of the enterprise network, an indication of applications and operating systems installed on the first computing asset, and naming conventions associated with the first asset, and assigning a classification to the first computing asset based on the attributes of the identified digital certificate and based on the configuration attributes of the computing asset, wherein the classification is used to prioritize security incidents occurring on the plurality of computing assets; receiving one or more security incidents for a set of the one or more computing assets, wherein the set is restricted to a first assigned classification of the one or more computing assets, and wherein the one or more security incidents occurred over a specified time period; and prioritizing the one or more security incidents based on the first assigned classification and an underlying event associated with each of the one or more security incidents. 2. The computer-implemented method of claim 1 , wherein the configuration attributes include a network configuration of the computing asset. 3. The computer-implemented method of claim 1 , wherein the attributes associated with the digital certificate include at least one of a key size, a supported encryption algorithm, an issuing certificate authority, and use flags specified in the digital certificate. 4. The computer-implemented method of claim 1 , wherein the computing asset comprises a computing server hosting one or more applications. 5. The computer-implemented method of claim 1 , wherein the security incidents are recorded in an event database by one or more systems configured to monitor the plurality of computing assets. 6. A non-transitory computer-readable storage medium storing instructions, which, when executed on a processor, performs an operation for managing a plurality of computing assets, the operation comprising: identifying a plurality of computing assets of an enterprise network from a list of network addresses associated with each respective computing asset by probing each network address for digital certificate information presented by the respective computing asset in response to the probing; for at least a first computing asset of the one or more of the computing assets: identifying, by operation of at least one computer processor, one or more attributes associated with a digital certificate installed on the first computing asset, identifying one or more configuration attributes of the first computing asset, wherein the one or more configuration attributes include a plurality of network addresses configured on the first computing asset, an indication of whether the plurality of network addresses are reachable outside of the enterprise network, an indication of applications and operating systems installed on the first computing asset, and naming conventions associated with the first asset, and assigning a classification to the first computing asset based on the attributes of the identified digital certificate and based on the configuration attributes of the computing asset, wherein the classification is used to prioritize security incidents occurring on the plurality of computing assets; receiving one or more security incidents for a set of the one or more computing assets, wherein the set is restricted to a first assigned classification of the one or more computing assets, and wherein the one or more security incidents occurred over a specified time period; and prioritizing the one or more security incidents based on the first assigned classification and an underlying event associated with each of the one or more security incidents. 7. The non-transitory computer-readable storage medium of claim 6 , wherein the configuration attributes include a network configuration of the computing asset. 8. The non-transitory computer-readable storage medium of claim 6 , wherein the attributes associated with the digital certificate include at least one of a key size, a supported encryption algorithm, an issuing certificate authority, and use flags specified in the digital certificate. 9. The non-transitory computer-readable storage medium of claim 6 , wherein the computing asset comprises a computing server hosting one or more applications. 10. The non-transitory computer-readable storage medium of claim 6 , wherein the security incidents are recorded in an event database by one or more systems configured to monitor the plurality of computing assets. 11. A system, comprising: a processor; and a memory hosting an application, which, when executed on the processor, performs an operation for an operation for managing a plurality of computing assets, the operation comprising: identifying a plurality of computing assets of an enterprise network from a list of network addresses associated with each respective computing asset by probing each network address for digital certificate information presented by the respective computing asset in response to the probing, for at least a first computing asset of the one or more of the computing assets: identifying, by operation of at least one computer processor, one or more attributes associated with a digital certificate installed on the first computing asset, identifying one or more configuration attributes of the first computing asset, wherein the one or more configuration attributes include a plurality of network addresses configured on the first computing asset, an indication of whether the plurality of network addresses are reachable outside of the enterprise network, an indication of applications and operating systems installed on the first computing asset, and naming conventions associated with the first asset, and assigning a classification to the first computing asset based on the attributes of the identified digital certificate and based on the configuration attributes of the computing asset, wherein the classification is used to prioritize security incidents occurring on the plurality of computing assets, receiving one or more security incidents for a set of the one or more computing assets, wherein the set is restricted to a first assigned classification of the one or more computing assets, and wherein the one or more security incidents occurred over a specified time period, and prioritizing the one or more security incidents based on the first assigned classification and an underlying event associated with each of the one or more security incidents. 12. The system of claim 11 , wherein the configuration attributes include a network configuration of the computing asset. 13. The system of claim 11 , wherein the attributes associated with the digital certificate include at least one of a key size, a supported encryption algorithm, an i