Service Details Page - User Guide - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Assess User Guide

Product
Cortex XPANSE
Version
1.0
Creation date
2022-08-25
Last date published
2024-03-26
End_of_Life
EoL
Category
User Guide
Abstract

The Service Details page is divided into a series of panels that provide more information and details about the Service and related organization assets.

The Service Details page is divided into a series of panels that provide more information and details about the Service and related organization assets.

  • Service Details Panel—Provides the following information about the Service itself:

    • Active vs Inactive—The current Active or Inactive status of the Service.

    • Port and IP—The most recent IP and port for the Service.

    • Observation dates—The date the service was first observed and most recently observed on the public internet.

    • Discovery Type—The method that Cortex Xpanse used to identify and attribute this service to your organization. For more information, see Discovery Methods.

    • Recent IPs, Domains, and Certificates—Tables of recent IPs the service was sighted on, domains that have recently resolved to the IP of the service, and any certificates that have been advertised at that IP address. Services hosted on cloud providers (any hosting services outside your organization’s On-prem IP space) that are attributed by certificate or domain name are most likely to have this information.

  • Service Classifications and Details—The next section in the Service Details page is the Service Classifications, which is a summary of all of the Service Classifications that Cortex Expanse has inferred about this Service. This will include information about software components or packages identified, common configuration problems, and security best-practices details on the Service. Some Classifications will have additional information in the Service Classification Details section. The information presented here will vary by the type of Service, but will often include information like version numbers and details of Service configuration parsed from scan data.

  • Associated Asset Panels—The final section of the Service Details page includes panels for each of the Assets associated with the Service. Each panel will show the tags, business units, and notes for that Asset. These assets can include an associated:

    • IP Range—If a Service is located in your organization's on-prem IP space, this panel shows the relevant range registration records for that IP number.

    • Domain—If a Service is associated with a domain known to belong to your organization, its registration records are displayed. Domains that happen to resolve to the Service’s current IP that are NOT a contributing reason why the Service is associated with your organization by Cortex Expanse are not displayed in this section.

    • Certificate—If a Service advertises a certificate known to belong to your organization it is displayed. Certificates are one of the ways that Cortex Expanse discovers and attributes assets to your organization in the cloud.