Views:

Attack Surface Discovery discovers and assesses your internet-facing IP addresses as part of your external attack surface.

Attack Surface Discovery discovers your internet-facing IP addresses to be used as discovery seeds by checking A records for your domains, the pointer (PTR) records for the related IPs, and information from your domains' SSL certificates. You may also add IP addresses manually in Seed Management. Discovery seeds facilitate the discovery of associated internet-facing domains, subdomains, and IP addresses. Manually added IP addresses undergo a secondary verification process before appearing in Internet-Facing Assets. Data for internet-facing IP addresses is updated daily.
IP-related risks are identified based on the following factors:
Factor
Example of risk
Service
Unexpected service observed on the public network
Port
Unexpected port observed
CVE
Application vulnerability identified on internet-facing assets
The following table outlines the actions you can perform on the Public IPs tab:
Action
Description
View an overview of internet-facing IP addresses
The Internet-Facing Assets widget provides the following information:
  • Number of discovered IP addresses per month
  • Discovery trend over the last 12 months
  • Distribution by geographic location
View a list of discovered internet-facing IP addresses
The public IP list provides key information about your IPv4 and IPv6 addresses, including latest risk score, number of related hosts, location, host provider, and associated services and ports.
You can filter list entries based on criteria from the list.
Note
Note
  • Assets marked with the star icon are highly critical to your organization's operations. For more information, see Asset criticality .
  • If you see an IP address that you don't believe belongs to your organization, check the PTR record for the related domain.
Add public IP addresses to the list
  1. Click Add to go to Seed Management.
  2. Click Add seeds and specify one or more IPv4 or IPv6 addresses that belong to your organization.
    You can add a maximum of 5,000 IP addresses. IPv4 ranges are supported. Attack Surface Discovery verifies the IP addresses you add and discovers associated internet-facing assets. New IP addresses may take up to seven days to appear on the domain list.
Remove public IP addresses from the list
  1. Select one or more IP addresses from the list.
  2. Click Add to exception list.
Adding assets to the exception list removes the selected assets from the asset list and excludes the assets from organization cyber risk assessments, including Cyber Risk Index calculation.
View the asset details screen for each listed IP address
The asset details screen includes the following tabs:
  • Risk Assessment: Displays the risk score and list of risk indicators, including descriptions of risk events and recommended remediation actions
  • Related Hosts: Lists the related domains and subdomains with information such as host provider, services, and ports
  • Open Ports and Services: Lists internet-facing ports, the related services, and service status
  • Asset Profile: Displays criticality-related information, including the criticality level and list of profile tags
Export information about internet-facing IP addresses discovered in the last 7 days
  1. Click Manage Reports.
  2. Select Internet-Facing Assets.
    The Report Management › Internet-Facing Assets Template screen appears.
  3. Configure the report settings.
    Note
    Note
    To view the list of data fields for each asset type, click View CSV Fields.
  4. Click Create.
Each CSV file contains a maximum of 100,000 records.
Scan selected public IPv4 addresses for exposures
  1. Select up to five IPv4 addresses and click Scan for exposures.
  2. Select a Service Gateway deployed to a public cloud platform.
  3. Confirm the assets to be scanned.
  4. Click Scan for exposures.
For more information, see Internet-facing asset exposure scans.