External Surface attribution evidence - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM provides attribution information about each asset in your External Surface inventory, so you know at-a-glance why we believe an asset belongs to your organization.

Explains whether an asset was Discovered by Cortex XSIAM or Provided by your organization. This field is included on the Certificates, Domains, and External IP Address Ranges pages in your inventory.

Indicates whether an asset was attributed to your organization because it is Registered to You or Has Your Content. This field is included on the External IP Address Ranges page in your inventory.

To review more detailed attribution evidence for an asset, click on an asset in the External Surface inventory to display the asset details and find the Asset Attribution Evidence section.

For each asset, Cortex XSIAM provides the seed term that was used to attribute the asset to your organization and the specific piece of scan data that we matched to the seed term. A seed term is a text string that our research team generated and associated with your organization. For example, seed terms for Cortex Xpanse might include: Xpanse, Cortex, Cortex Xpanse, Palo Alto Networks, PANW, PAN, etc.  We use machine learning models as well as manual research to match the seed terms with our scan data to attribute assets to your organization.

Depending on the asset type and scan data, most assets will have one or more pieces of attribution evidence. Assets that don't have attribution evidence do not have a seed term match. The following are reasons we may not have a seed term match: 

If you have questions about a specific asset, reach out to Customer Success.