Discovery Methods - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Assess User Guide

Product
Cortex XPANSE
Version
1.0
Creation date
2022-08-25
Last date published
2022-12-01
Category
User Guide

Services are marked with one of two kinds of discovery methods depending on the level of confidence Cortex Xpanse has in attributing it to your organization.

  • Directly Attributed—These Services are definitively associated with an Asset that Cortex Expanse believes belongs to your organization.

    Examples include:

    • It is hosted on one of your on prem IP ranges.

    • The Service advertises one of your organization's certificates.

    • It is on a managed cloud resource that is known to be yours.

  • Co-located with your Services—A co-located service itself does not present direct evidence that it is owned by your organization. Yet, these Services are running on the same IP as a different service that is directly attributed to your organization. In a multi-tenant hosting environment these co-located services may belong to other organizations but can sometimes pose adjacency risks to your services hosted on that IP. Because they have no definitive fingerprint of ownership, co-located services are excluded from the Services List view by default. You can review them by selecting the Co-located with your Services option from the Discovery Method filter drop-down. If your organization has “single-tenant environment only” policies with 3rd party hosting providers you can use this functionality to identify possible violations of that policy.