Views:

Attack Surface Discovery discovers and assesses your internet-facing domains as part of your external attack surface.

Attack Surface Discovery identifies your internet-facing domains, subdomains, and hosts using your connected identity and access management (IAM) systems and Trend Vision One sign-in information. You may also add domains manually either by choosing from a suggested list or by entering specific domains. Domains undergo a secondary verification process before appearing in Internet-Facing Assets. Data for internet-facing domains is updated daily.
Important
Important
It may take up to 10 days for added or removed domains to be reflected in the domains list.
The following table explains the usage of domain-related terms in Internet-Facing Assets.
Term
Description
Domain
  • Refers to the root domain
  • Serves as a group name for a set of hosts
  • Example: www.example.com
Subdomain
  • Root domain plus a prefix used to separate content for specific organizational and navigational purposes, including identifying devices
  • Example: ex.example.com
Host
  • Refers to an "internet device"
  • Assigned an identifier ("host name") that can be translated by the domain name system to one or more IP addresses
  • Example: ExampleDesktop.example.com
When Attack Surface Discovery assesses your domains, domain-related risks are identified based on the following factors:
Factor
Example of risk
Domain information
Domain expired
SSL/TLS information
SSL/TLS certificate using weak or deprecated protocols
HTTP response
Server information advertised in HTTP response
The following table outlines the actions you can perform on the Domains tab:
Action
Description
View an overview of internet-facing root domains and hosts
The Internet-Facing Assets widget provides the following information:
  • Number of discovered root domains and hosts per month
  • Discovery trend from the last 12 months
View the list of verified internet-facing root domains and hosts related to each root domain
The list includes the following information:
  • Root domains: Automatically discovered and manually added root domains
  • Hosts: Risk score, number of related public IP addresses, and other key information
You can filter list entries based on criteria such as criticality and host provider.
Note
Note
Assets marked with the star icon are highly critical to your organization's operations. For more information, see Asset criticality .
Add root domains or subdomains/hosts to the list
  1. Click Add.
  2. Perform one of the following actions:
    • Select from the list of recommended root domains.
    • Specify root domains and hosts that belong to your organization.
    You can add a maximum of 20 domains at a time. To add more than 20 domains, contact your support provider.
    Attack Surface Discovery verifies the domains and discovers associated internet-facing domains. New domains may take up to 10 days to appear on the domains list.
  3. View the verification status of manually added domains by clicking Review Status.
    Manually added domains that have finished the verification process are marked as approved and added to the domains list along with any associated subdomains.
Remove root domains or subdomains/hosts from the list
  1. Select one or more root domain or hosts you wish to remove.
  2. Click Remove.
View the asset details screen for each root domain and host
The asset details screen includes the following tabs:
  • Risk Assessment: Displays the risk score and list of risk indicators, including descriptions of risk events and recommended remediation actions
  • Related IPs: Lists the related public IP addresses with information such as location, host provider, and highly-exploitable CVEs
  • Certificates: Displays SSL/TLS information about the domain certificate
  • Asset Profile: Displays criticality-related information, including the criticality level and list of profile tags
Note
Note
If Related IPs displays the IP address 0.0.0.0, Trend Vision One was unable to find any IP addresses related to the root domain. The 0.0.0.0 address is a placeholder to allow the root domain's subdomains to be classified.
Export information about root domains and hosts discovered in the last 7 days
  1. Click Manage Reports.
  2. Select Internet-Facing Assets.
    The Report Management › Internet-Facing Assets Template screen appears.
  3. Configure the report settings.
    Note
    Note
    To view the list of data fields for each asset type, click View CSV Fields.
  4. Click Create.
Each CSV file contains a maximum of 100,000 records.