Domains - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Product
Cortex XPANSE
Version
2
Creation date
2024-08-29
Last date published
2024-10-11
Category
User Guide
Solution
Cloud
Abstract

Cortex Xpanse gets its domains and DNS data from a combination of active and passive global collection techniques.

The Domains tab displays a list view of all domains that Cortex Xpanse has attributed to your organization and whether each domain has a recent resolution. If you have configured cloud accounts (such as AWS or Google Cloud Platform), this tab will show you which domains have associated managed cloud resources.

Cortex Xpanse displays root domains and subdomains as separate entries in the Inventory. However, if an organization owns a wildcard DNS entry, we group all subdomains of that wildcard that resolve to the same IP under that one wildcard domain asset entry. We also collapse subdomains under the parent domain if we observe more than 1,000 subdomains.

Cortex Xpanse gets its domains and DNS data from a combination of active and passive global collection techniques. For DNS scanning, Cortex Xpanse sends a BIND version query as the payload. This approach still identifies DNS servers that are not BIND compliant as their response informs Cortex Xpanse of a DNS server’s existence.

Navigate to Asset InventoryDomains to see the domains list view. Domains are also included in the All Assets list view.

Select a row in the Domains or All Assets list view pages to open the details pane for that domain.

The table below lists the fields in the Domains list view that are unique to Domains. The other fields are described in the Unified Inventory section.

Field

Description

Date Added

Date the asset was first added to the inventory.

Domain Registrar

Name of the domain registrar for the domain.

Resolves

Indicates whether the domain has a DNS resolution.

If you don't see all your domains in your Inventory, reach out to Customer Success. It could be a subdomain that was collapsed under a domain or the domain could be considered out of scope.