Attack Surface Discovery discovers and assesses your internet-facing IP addresses as part of your external attack surface.

Attack Surface Discovery discovers your internet-facing IP addresses by checking A records for your domains, the pointer (PTR) records for the related IPs, and information from your domains' SSL certificates. You may also add IP addresses manually. Manually added IP addresses undergo a secondary verification process before appearing in Internet-Facing Assets. Data for internet-facing IP addresses is updated daily.
IP-related risks are identified based on the following factors:
Example of risk
Unexpected service observed on the public network
Unexpected port observed
Application vulnerability identified on internet-facing assets
The following table outlines the actions you can perform on the Public IPs tab:
View an overview of internet-facing IP addresses
The Internet-Facing Assets widget provides the following information:
  • Number of discovered IP addresses per month
  • Discovery trend over the last 12 months
  • Distribution by geographic location
View a list of discovered internet-facing IP addresses
The public IP list provides key information about discovered IP addresses, including latest risk score, number of related hosts, and number of highly-exploitable CVEs detected.
You can filter list entries based on criteria such as criticality and host provider.
  • Assets marked with the star icon are highly critical to your organization's operations. For more information, see Asset criticality .
  • If you see an IP address that you don't believe belongs to your organization, check the PTR record for the related domain.
Add public IP addresses to the list
  1. Click Add.
  2. Follow the instructions in the Add IP Addresses dialog to add IP addresses or IP ranges that belong to your organization.
    You can add a maximum of 1,000 IP addresses.
  3. Click Add.
  4. View the information about the IP addresses that you have added by clicking View Manually Added IP Addresses.
    Processing the new IP addresses might take up to 10 days. Attack Surface Risk Management displays the public IP addresses that have been verified on the Public IP List.
This action is not available if you have an active trial for Attack Surface Risk Management or if you are using a third-party solution as the data source for internet-facing assets.
Remove public IP addresses from the list
  1. Select one or more IP addresses from the list.
  2. Click Remove.
View the asset details screen for each listed IP address
The asset details screen includes the following tabs:
  • Risk Assessment: Displays the risk score and list of risk indicators, including descriptions of risk events and recommended remediation actions
  • Related Hosts: Lists the related domains and subdomains with information such as host provider, services, and ports
  • Open Services and Ports: Lists internet-facing ports, the related services, and service status
  • Asset Profile: Displays criticality-related information, including the criticality level and list of profile tags
Export information about internet-facing IP addresses discovered in the last 7 days
  1. Click Manage Reports.
  2. Select Internet-Facing Assets.
    The Report Management › Internet-Facing Assets Template screen appears.
  3. Configure the report settings.
    To view the list of data fields for each asset type, click View CSV Fields.
  4. Click Create.
Each CSV file contains a maximum of 100,000 records.