Simple steps to get Attack Surface Testing up and running.
To set up Attack Surface Testing for the first time, complete the following tasks:
Task 1: Verify that you have edit permission for Vulnerability Testing
To set up Attack Surface Testing, you must have a role that includes edit permission for Vulnerability Testing. To check your role-based permissions go to → → → , and select the role. Select the Components tab, and find Vulnerability Testing under .
Task 2: Accept the End-User Licensing Agreement (EULA)
The EULA gives Cortex XSIAM permission to conduct attack surface testing scans. You only need to accept the EULA once. After accepting the EULA the Vulnerability Testing Configuration page opens automatically so you can select the targets for testing.
You only need to accept the EULA once, before you enable attack surface testing for the first time.
Navigate to → → → .
On the Welcome to Vulnerability Testing page, click Next.
Read the End-User Licensing Agreement and click Accept Terms.
After accepting the terms of the EULA, the Vulnerability Testing Configuration page opens and you can select the set of services to be tested.
Task 3: Select targets for attack surface testing
Attack surface testing targets are directly-discovered services, which are definitively associated with an asset that belongs to your organization. You can choose to run attack surface tests on all your relevant directly-discovered services or you can specify a subset of services.
Specify the directly-discovered services upon which Cortex XSIAM will run attack surface tests. After the initial set-up, you can update this set of targets anytime.
Navigate to → → → .
To select specific targets, in the Target Testing section, make sure the toggle is set to Selected Targets, and click Edit Targets (or Add Targets if this is the first time you are selecting targets.)
To select all the targets, set the toggle to All Targets. This overrides your target selection.
Use the filter to define a set of targets from your list of services.
Click Save Targets.
Task 4: Configure the default enablement of new attack surface tests
When you first enable Attack Surface Testing, all existing attack surface tests with intrusiveness level 0 or level 1 are enabled by default. Moving forward, all new tests that are introduced, for all intrusiveness levels, are disabled by default. To configure Cortex XSIAM to automatically enable new attack surface tests and to specify the intrusiveness level of those default tests, perform the steps below. After the initial set-up, you can update this set of defaults anytime.
Navigate to → → → .
In the Default Attack Surface Test Enablement section, select the intrusiveness level for the new tests you want to be enabled by default moving forward.
The intrusiveness level you select will include the tests for the levels below it. For example, if you select Level 2, then new level 0, level 1, and level 2 tests will be enabled moving forward.
After you complete the initial set-up tasks, Cortex XSIAM begins daily attack surface testing scans using the default set of attack surface tests. The default set of tests consists of existing tests with level 0 and level 1 intrusiveness levels.
You can now view details about attack surface tests and enable or disable them and view issues that were triggered by positive attack surface testing scans.