Discovery Methods - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Assess User Guide

Creation date
Last date published
User Guide

Services are marked with one of two kinds of discovery methods depending on the level of confidence Cortex Xpanse has in attributing it to your organization.

  • Directly Attributed—These Services are definitively associated with an Asset that Cortex Expanse believes belongs to your organization.

    Examples include:

    • It is hosted on one of your on prem IP ranges.

    • The Service advertises one of your organization's certificates.

    • It is on a managed cloud resource that is known to be yours.

  • Co-located with your Services—A co-located service itself does not present direct evidence that it is owned by your organization. Yet, these Services are running on the same IP as a different service that is directly attributed to your organization. In a multi-tenant hosting environment these co-located services may belong to other organizations but can sometimes pose adjacency risks to your services hosted on that IP. Because they have no definitive fingerprint of ownership, co-located services are excluded from the Services List view by default. You can review them by selecting the Co-located with your Services option from the Discovery Method filter drop-down. If your organization has “single-tenant environment only” policies with 3rd party hosting providers you can use this functionality to identify possible violations of that policy.