Views:

Discover your organizational assets that might be exposed to attack, including devices, internet-facing assets, accounts, applications, and cloud assets.

Attack Surface Discovery allows you to locate corporate assets that threat actors might be able to use to attack your organization. Each section of the Attack Surface Discovery app provides insights into an asset type within your organization.
Important
Important
You must allocate credits to Attack Surface Risk Management to fully access Attack Surface Discovery. Customers with XDR sensor entitlements that have not allocated credits to Attack Surface Risk Management have limited access to the asset profile screens related to their XDR sensors. For more information, see Credit requirements for Trend Vision One apps and services.
Note
Note
For customers that have updated to the Foundation Services release, the data available for a user to view and drill down depends on the asset visibility scope of the current user. For more information about the asset visibility scope, see Asset Visibility Management.
The following table describes the sections of the Attack Surface Discovery app.
Section
Description
Devices
Displays all the devices visible within your organization
  • Search for devices by name.
  • Click Filter to add a filter.
  • Click Export to generate a report for the devices currently displayed on the device list.
  • Click Exception List to see and remove devices on the exception list.
  • Click the customize columns icon (columndisplayicon.jpg) to customize the table columns and the order in which they are displayed.
    Note
    Note
    For customers that have updated to the Foundation Services release, data for mobile devices that are discovered by Trend Vision One - Mobile Security is only available for users with the Mobile devices asset visibility scope.
  • Click any device name to view details on the device profile screen.
  • Select devices and click Add to Exception List to add the devices to the exception list.
  • To manually modify the criticality of a highly critical asset, hover over the critical icon (highly-critical-icon.png) and click Modify Criticality.
  • Quickly identify devices with high-severity vulnerabilities that are directly exposed to the internet, which are highlighted with the direct internet exposure icon (direct-internet-expo.png).
Note
Note
  • For customers that have updated to the Foundation Services release, the Devices section only shows data for devices within the asset visibility scope of the current user, and drilling down from the Last user column is only available for users with the Accounts asset visibility scope.
  • Attack Surface Discovery cannot assess all discovered devices. Devices visible through third-party data sources might not provide enough data for thorough analysis.
Internet-Facing Assets
Displays all discovered IP and domain assets that are visible from external internet locations and allows you to view detailed IP profile risk assessments
  • Search for internet-facing assets by name.
  • Click Filter to add a search filter.
  • Add your organization's domains by clicking + Add and adding your domain. Trend Micro uses the provided domain to perform external asset searches for related exposed host names.
  • Click Export to generate a report for the internet-facing assets currently displayed on the list.
  • Click the customize columns icon (columndisplayicon.jpg) to customize the table columns and the order in which they are displayed.
  • Click any root domain or public IP to view details on the internet-facing asset profile screen.
  • To manually modify the criticality of a highly critical asset, hover over the highly critical icon (highly-critical-icon.png) and click Modify Criticality.
Note
Note
  • For customers that have updated to the Foundation Services release, the Internet-Facing Assets section is only available for users with the Internet-Facing Assets asset visibility scope.
  • Processing new corporate domain information takes a maximum of 10 days to complete.
Accounts
Displays all visible domain and service accounts, identifies highly-authorized accounts, and allows you to view detailed risk profiles
  • Search for accounts by name.
  • Click Filter to add a filter.
  • Click Export to generate a report for the accounts currently displayed on the list.
  • Click the customize columns icon (columndisplayicon.jpg) to customize the table columns and the order in which they are displayed.
  • Click any user name to view details on the account profile screen.
  • To manually modify the criticality of a highly critical asset, hover over the highly critical icon (highly-critical-icon.png) and click Modify Criticality.
  • To create a Security Awareness training campaign for a specific user, click the associated actions icon (options.png) and then click Create Training Campaign.
    Important
    Important
    This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.
Applications
Displays all apps accessed by your organization's users and devices
  • Search for apps by name.
  • Click Filter to add a filter.
  • Click Export to generate a report for the apps currently displayed on the list.
  • Click the customize columns icon (columndisplayicon.jpg) to customize the table columns and the order in which they are displayed.
  • Click any app name to view additional details on the app profile screen.
  • Change the sanctioned status of cloud apps.
  • Assign secure access rules to control users' access to cloud apps.
Note
Note
For customers that have updated to the Foundation Services release, the Applications section is only available for users with the Applications asset visibility scope.
Cloud Assets
Displays detected cloud workloads within your organization, enabling you to rapidly identify compliance and security best practice violations on your public cloud infrastructure and across your cloud service platforms
  • Search for cloud assets by name.
  • Click Filter to add a filter.
  • Depending on your region, you can click Graph View for a graphical representation of your organization's cloud assets.
  • Click Export to generate a report for the cloud assets currently displayed on the list.
  • Click the customize columns icon (columndisplayicon.jpg) to customize the table columns and the order in which they are displayed.
  • Click any category to display only assets of the selected category in the cloud asset list.
  • Click any cloud asset name to view additional details on the cloud asset profile screen.
Note
Note
For customers that have updated to the Foundation Services release:
  • The Cloud Assets section only shows individual data for assets within the asset visibility scope of the current user.
  • Users that have containers but no cloud accounts within asset visibility scope cannot view Graph View.
  • Users with no containers or cloud accounts within asset visibility scope cannot view the Cloud Assets section.
API Security
Displays REST and HTTP-based API collections detected in your AWS API gateways and assesses the vulnerability of individual API endpoints
  • Search for API collections by name.
  • Click Filter to add a filter.
  • Click Export to generate a report for the cloud assets currently displayed on the list.
  • Click the customize columns icon (columndisplayicon.jpg) to customize the table columns and the order in which they are displayed.
  • Click any API collection name to view additional details on the API collection profile screen.
  • Expand any API collection for an overview of the individual API endpoints contained in the collection.
Note
Note
For customers that have updated to the Foundation Services release, the API Security section only shows data for assets within the asset visibility scope of the current user.
Related information