Views:

Attack Surface Discovery discovers and assesses your internet-facing domains as part of your external attack surface.

Attack Surface Discovery identifies your internet-facing domains and hosts to be used as discovery seeds using your connected identity and access management (IAM) systems and TrendAI Vision One™ sign-on information. You can also add seed domains manually in Seed Management. Discovery seeds facilitate the discovery of associated internet-facing domains, subdomains, and IP addresses. Domains undergo a secondary verification process before appearing in Internet-Facing Assets. Information about your internet-facing domains is updated daily.
Important
Important
It may take up to seven days for added or removed domains to be reflected in the domains list.
The following table explains the usage of domain-related terms in Internet-Facing Assets.
Term
Description
Domain
  • Refers to a root domain
  • Serves as a group name for a set of subdomains or hosts
  • Example: example.com
Subdomain
  • Refers to the root domain plus a prefix
  • Separates content or services within a root domain for specific organizational and navigational purposes, including identifying devices
  • Example: ex.example.com
Host
  • Similar to a subdomain but refers specifically to an internet-connected device, often a web server
  • Serves as an identifier ("host name") that can be resolved by the domain name system (DNS) to one or more IP addresses
  • Example: ExampleDesktop.example.com
When Attack Surface Discovery assesses your domains, domain-related risks are identified based on the following factors:
Factor
Example of risk
Domain information
Domain expired
SSL/TLS information
SSL/TLS certificate using weak or deprecated protocols
HTTP response
Server information advertised in HTTP response
After assessment, domains receive a risk score based on risk indicators of both the domain and related IP addresses. Domains with no risk indicators may still receive a significant risk score if the related IP addresses have risk indicators after assessment. If there are no risk events detected for the domain, you can view the related IP addresses to understand the contributing risk.
The following table outlines the actions you can perform on the Domains tab:
Action
Description
View an overview of internet-facing root domains and hosts
The Internet-Facing Assets widget provides the following information:
  • Number of discovered root domains and hosts per month
  • Discovery trend from the last 12 months
View the list of verified internet-facing root domains and hosts related to each root domain
The list includes the following information:
  • Root domains: Automatically discovered and manually added root domains
  • Hosts: Risk score, number of related public IP addresses, and other key information
You can filter list entries based on criteria such as criticality and host provider.
Note
Note
Assets marked with the star icon are highly critical to your organization's operations. For more information, see Asset criticality .
Add seed root domains or hosts to the list
  1. Click Add to go to Seed Management.
  2. Click Add seeds and specify the domain or host you want to add.
    You can add a maximum of 20 domains at a time. To add more than 20 domains, contact your support provider.
    Attack Surface Discovery verifies the domains and discovers associated internet-facing domains. New domains may take up to seven days to appear on the domain list.
Remove root domains or subdomains/hosts from the list
  1. Select root domains, subdomains, or hosts you wish to remove.
    1. If the selected assets are root domains, click Remove root domains.
    2. If the selected assets are seed hosts, click Remove seeds.
    3. If the selected assets are non-seed domains or subdomains, click Add to exception list.
  2. Click Remove.
Note
Note
  • Removed root domains could be automatically rediscovered and re-added to the list if the root domain is related to existing seeds. To ensure a removed root domain is not rediscovered, remove the related seeds.
  • Removing seeds stops discovery of related internet-facing assets. After removal, assets discovered using the seed are removed in the next update.
  • Adding assets to the exception list removes the selected assets from the asset list and excludes the assets from organization cyber risk assessments, including Cyber Risk Index calculation.
  • Seed and non-seed assets cannot be removed together in a single batch action.
  • Root domains and hosts cannot be removed together in a single batch action.
View the asset details screen for each root domain and host
The asset details screen includes the following tabs:
  • Risk Assessment: Displays the risk score and list of risk indicators, including descriptions of risk events and recommended remediation actions
  • Related IPs: Lists the related public IP addresses with information such as location, host provider, and detected CVEs
  • Certificates: Displays SSL/TLS information about the domain certificate
  • Asset Profile: Displays criticality-related information, including the criticality level and list of profile tags
Note
Note
If Related IPs displays the IP address 0.0.0.0, TrendAI Vision One™ was unable to find any IP addresses related to the root domain. The 0.0.0.0 address is a placeholder to allow the root domain's subdomains to be classified.
Export information about root domains and hosts discovered in the last seven days
  1. Click Manage Reports.
  2. Select Internet-Facing Assets.
    The Report Management › Internet-Facing Assets Template screen appears.
  3. Configure the report settings.
    Note
    Note
    To view the list of data fields for each asset type, click View CSV Fields.
  4. Click Create.
Each CSV file contains a maximum of 100,000 records.
Scan selected domains for exposures
  1. Select up to five domains and click Scan for exposures.
  2. Select a Service Gateway deployed to a public cloud platform.
  3. Confirm the assets to be scanned.
  4. Click Scan for exposures.
For more information, see Internet-facing asset exposure scans.