Discovery

This article explains the multiple dashboards available under the discovery tab of an attack surface exposure module.

Leaderboard widgets in the discovery tab show different entities that are exposed to external threats. The values shown in the leaderboard along with column graphs are dynamic in nature. Currently, we have these entities that are vulnerable to cyberattack: domains, certificates, brand exposure, IP addresses, and vulnerabilities. You can switch among these leaderboard widgets using a single click on each entity to drill down more details of the respective category under the discovery tab.

The column graphs within the leaderboard show the number of affected entities that are monitoring to prevent damage for a period of one month. The severity level of affected domains is marked in red, which is seen on the left-side of the first column in table widget.

The Domains leaderboard widget consists of associated domains, subdomains, and squatted domains that are monitored using Attack Surface Intelligence. The total number of domains that are monitored and the number of risks found for associated domains, associated sub-domains, and squatted domains are shown in the respective table widgets.

Viewing detailed information in a Table widget

Click on any domain link under the Asset Name column, a popup will appear where you can see the details, as shown in the following image.

Click on any link under the DNS records column, a popup appears where you can see the number of affected domains for each asset.

Managing Columns of a Table widget

Click three dots at the top of the table widget, where you can select or deselect the columns using Manage Columns to customize the table widget. Click Reset to get back to the default view of the table widget.

Searching a word in Table widget

Type any text or numeric and hit Enter to display the results in the table widget according to your search words, or if you don't know what to search for, just click on ? to see the search examples in the Search bar.

For example, to see all domains registered under GoDaddy, just enter GoDaddy in search bar and hit Enter. All domains that are registered with GoDaddy will be shown in the table. Click X next to your search word to get back to the default view of the table.

Filtering Table widget

Dashboard filters allow you to see the data of most interest. Filters make it easy for users to apply conditions that are available in the dashboard to view different facets of data.

For example, if you are interested to see only the domains that are expired recently, click  at the right side of table widget. A side menu bar opens, where you select Expired and click Apply.

Filters allow you to select one or more filters to display the data in table according to your filtering criteria.

For example, if you would like to view the data for hosting sites "Google LLC, and Orange Espange SA" and for top level domains - "com, and info". Select these filters in the Filter menu and click Apply. If you want to clear your selection, click Clear in the filter menu.

Changing Status of an asset in Table widget

Attack surface intelligence sometimes captures false positives due to the low confidence level of a signal generated from various assets through integrations. The support team gets inundated with multiple signals that are not mandatory to act against them. Suppose, if the security team does not want to monitor those false positive signals, then do the following:

• Select the asset(s) for which a signal generated in a table widget, Change Status, is enabled
• Click on the Change Status button at the top of the table widget. A popup appears on screen
• Select Action from the drop-down list (False Positive or Do Not Monitor)
• Enter Comments
• Click Next
• Click Confirm. Selected assets will be removed from monitoring status.