Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

What is the Attack Surface Mapper? 🤔

Identifying and analyzing different aspects of an organization's infrastructure that may be vulnerable to exploitation by malicious actors is critical. This includes scanning network hosts, analyzing web applications, enumerating subdomains, identifying open ports, and performing other reconnaissance tasks. This helps prioritize security efforts, focus on areas that require immediate attention, and mitigate potential risks.

Region

POD Number

IP’s

US

POD100

104.207.139.55 137.220.56.84 144.202.51.23 107.191.51.227

US

POD101 (Atlanta)

155.138.163.9
144.202.22.7
144.202.31.82
155.138.239.5

US

POD102 (LAX)

149.28.93.167 149.248.19.118 45.32.80.51 149.248.4.153

US

POD103 (Miami)

45.77.164.106 45.32.162.89 45.77.163.10 45.63.105.163

US

POD104 (LAX)

149.248.11.111 104.238.140.172 149.28.85.100 149.28.89.183

US

POD105 (Atlanta)

155.138.211.47
155.138.216.219
45.76.63.93
155.138.201.146

US

POD106 (Silicon)

144.202.103.41 45.32.131.33 45.63.84.112 45.77.188.72

CA

POD200 (Canada)

155.138.158.204
216.128.185.33
149.248.60.138
216.128.178.144

UK LONDON

POD300 (London)

192.248.150.43 95.179.196.101 95.179.230.189 45.77.88.130

EU POLAND

POD400 (Poland)

70.34.243.47
70.34.252.117
70.34.248.226
70.34.254.208

EU MADRID

POD401 (Madris)

65.20.100.219 65.20.103.194 65.20.98.64 65.20.105.37

AU SYDNEY

POD500 (Sydney)

149.28.188.232 45.32.189.250' 45.77.237.248 45.32.245.127

AF Johannesburg

POD600 (Johannesburg)

139.84.230.190
139.84.232.134
139.84.233.23
139.84.226.34


What data is captured by the Attack Surface Mapper scan? 🤔

Here is what you will see once you have completed the Attack Surface Mapper scan against a domain.

image-20240202-200328.png

Data Label

Description / Use Case

DNS Records

Displays the DNS (Domain Name System) records associated to the domain. Different types will include A, MX, NS, TXT, and SOA record types. These help in the translation of a human-readable domain to an actual IP address. (IE: Phonebook for the Internet)

image-20240202-200715.png

Emails

MX Records

Displays the MX (Mail Exchange) record for the domain. This help to route email to the correct email server(s).

image-20240202-200519.png

Open Ports

Displays the count of open ports with the protocol. Ports are used for communication between software applications and services running on a device. The IANA maintains the full listing found here: IANA Ports Guide

image-20240202-200650.png

RAW Headers

Displays the RAW Header information for the domain, which includes Cache Control, Connection, Content-length, Content Encoding, Content Type, Date, Etag, Keep-alive, Server, Set Cookie, Vary, X-host, and X-us-compatible information. This information is used for communication between web browsers and servers.

image-20240202-200539.png

S3 Buckets

Displays any S3 (Amazon Simple Storage Service) buckets/containers for the domain; these are used for storing and organizing data on the Amazon Web Services (AWS) platform.

image-20231228-213925.png

SPF Records

Displays the Sender Policy Framework (SPF), DNS record for the domain. This helps in preventing email spoofing and phishing by verifying that an email sent from an authorized server.

Subdomains

Displays the count of Subdomains found the main domain.

image-20240202-200435.png

Target IPs

Displays the public or target IP for the domain.

image-20240202-200402.png

Usernames

Vulnerabilities

Displays the count of Vulnerabilites; the CVE-ID, Severity, Description, EPSS Score, Base Score, Impact Score, and Exploitability Score will be included.

image-20231228-213531.png


Company Attack Surface Mapper - Table of Contents


Company Attack Surface Mapper - Overview

On this page, you can view a list of domains configured for scanning.

image-20240202-200846.png

Use the side navigation toolbar to add a ‘New Domain’ if no records are displayed.

image-20240202-200923.png

Company Attack Surface Mapper - Details

You will find the Name and Domain listed under the Domain Configuration section.

image-20240202-201010.png

Whenever you save a new configuration in Attack Surface Mapper, a scan will start immediately. To delay the scan, tick the "Scan Later" checkbox displayed above.

Column Label

Description / Use Case

Name

Displays the given name of the scanning profile.

Example: Ryans ASM Test for Google

Domain

Displays the domain of the scanning profile.

Do Not Include WWW in your setup.

Example: google.com


Company Attack Surface Mapper - Side Navigation Toolbar Overview

image-20240202-201225.png

  1. Add Domain - tap to add a new domain configuration to the ASM scanning.

  2. Edit Domain - select one record first, then tap to Edit the scan details.

  3. Remove Domain - select at least one record first, then tap to Remove the selected domain configuration.

  4. Scan Now - select at least one record first, then tap to initiate an ASM scan.

  5. Jobs - tap see historical ASM job history and details.

  6. Alerts - tap to see the system events in our timeline-style format.


Company Attack Surface Mapper - Side Navigation Toolbar Actions

Add Domain

Tap to create a new domain configuration for ASM scanning. You must include the Name and Domain and tap the save button to finish.

image-20240202-201323.png

NOTE: Tap the ‘Scan Later’ checkbox if you do not want to run the ASM scan right away.


Edit Domain

First, select one record from the left side checkbox, then tap the Edit Domain icon to make any changes.

image-20240202-201411.png

Tap Save once you are completed; otherwise, click Cancel to go back.


Remove Domain

Select at least one record, then tap the Remove Domain icon to delete the profile. You will be prompted with a confirmation message to click Yes to remove the domain.

image-20240202-201509.png

Click Yes; otherwise, click Cancel to back out and keep the domain.


Scan Now

You must select at least one record first, then tap the Scan Now icon to initiate an Attack Surface Mapper scan manually. This will show up under the Jobs section, where you can monitor the progress.

image-20240202-201605.png

Jobs

Tap the Jobs icon to see a history of the Jobs running for the company selected.

image-20240202-201634.png

Alerts

You can use the timeline style to view the changes and updates in the System Events.

image-20240202-201654.png

Need Support?

Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.

https://cybercns.freshdesk.com/en/support/login

image-20240206-144508.png
  • No labels