Cortex Xpanse provides a complete inventory of all of the public internet-facing services attributed to your organization.
Cortex Xpanse provides a complete inventory of all of the public internet-facing services attributed to your organization. An external service can be any internet-facing device or software that communicates on a domain:port
or IP:port
pair.
Services include classifications which are fingerprint-based identifiers of software, technologies, and behaviors observed on the service. Classifications can be either active or inactive based on the most recent observations of a service. In addition to classifications, services will also include banner, response, and header information from Cortex Xpanse data collection.
Navigate to Cortex Xpanse. The fields are described in the table below.
→ to view the complete list of services discovered byField | Description |
---|---|
Active Classifications | Facts that have been inferred a service by examining a response for fingerprints. Classifications cover a variety of details including:
Some Classifications merely note that a fact is true or false, like Missing Cache Control Header. Other Classifications provide additional information, such as a version number for “nginx Server”. |
Discovery Type | Services are identified with one of the following two discovery types, depending on the level of confidence Cortex Xpanse has in attributing it to your organization.
|
Domain | The most recent domain on which the service is running. |
Externally Detected Providers | The provider of the asset is determined by an external assessment. |
Externally Inferred CVEs | Externally Inferred CVEs are identified by comparing the product name and version of active service, if identifiable, with CVES for those products in the National Vulnerability Database. Additional investigation may be required to confirm if the CVE is present. Click on the service to view the service details, which include the complete list of all the externally inferred CVEs. |
Externally Inferred Vulnerability Score | This score is based on the highest CVSSv3 score for Externally Inferred CVEs on this service. If there is no CVSSv3 score for the CVE, then the CVSSv2 score is used. |
First Observed | When the asset was first observed via any of the sources. |
Inactive Classifications | Previously observed classifications that are no longer observed. See Active Classifications for a description of classifications. |
Is Active | Yes— indicates the service is active, which means that the service has been observed recently. No— indicates the service is inactive, which means Cortex Xpanse no longer sees it on the internet |
IPv4 Addresses | Array column listing the IPv4 addresses associated with this asset. |
IPv6 Addresses | Array column listing the IPv6 addresses associated with this asset. |
Last Observed | When the asset was last observed via any of the sources. |
Port | The most recent port for the service. |
Protocol | The application-level protocol on the public internet over which Cortex Xpanse validated the service. |
Service ID | Unique ID associated with the service. |
Service Name | The service type along with the specific domain:port or IP:port pair for the service. |
Service Type | The type of server or software for the service. |
Tags | The following types of tags can be applied to assets:
|
Services vs. Alerts
Both Services and the Alerts enable you to review items that are attributed to your organization and that are exposed to the public internet.
Alerts identify specific security problems and violations of your organization’s policies and help you track progress on efforts to remediate those problems.
Services provides you with a complete inventory of all services that Cortex Xpansehas observed without security judgments. You can use the Services page to search for items for which there are not currently Attack Surface Rules or to conduct technology usage audits.
Cortex Xpanse can convert any service classifications that are relevant to your organization’s security policies into Attack Surface Rules that will automatically flag new instances that appear on your network as alerts. We are also continuously developing new service classifications to support inventory and security use cases. Contact your Customer Success representative to discuss your needs or ideas.