Attack Surface Testing runs benign exploits (with your approval) against your externally facing assets to confirm the presence of vulnerabilities.
Cortex XSIAM Attack Surface Testing confirms the presence of a vulnerability on your external attack surface, enabling you to quickly and confidently prioritize risks. With your approval, Cortex XSIAM runs benign exploits against externally facing assets to confirm the presence of vulnerabilities. Rather than manually verifying inferred CVEs yourself, Cortex XSIAM Attack Surface Testing runs daily scans based on your preferences.
When you set up Attack Surface Testing, you select the targets for the testing, either all of a subset of your directly-discovered services (directly-discovered services are services for which Cortex XSIAM has a registration record tying your organization to the the service). Once you've selected targets, Cortex XSIAM runs attack surface scans daily. Attack surface test results are displayed on the Services tab in the Inventory, so you can review the data as part of your existing attack surface management (ASM) workflow. All attack surface tests are enabled by default, but you can view information about the tests and disable tests if needed from the Attack Surface Tests page.
Cortex XSIAM attack surface tests
Cortex XSIAM has an extensive set of attack surface tests for the CVEs and other known risks that affect externally-facing services and can be confirmed using benign testing. Our vulnerability testing is layered on top of our existing ASM global scanning infrastructure, which distributes requests across a broad time range to minimize the impact to scanned and tested services. We perform external scans only, which means we only test directly-discovered services accessible from the public internet. Cortex XSIAM does not perform authenticated scanning or allow scans to change the state on a tested service. To further decrease test load and the possibility of impacting a service, we map attack surface tests to service classifications, enabling us to run tests only on the relevant services in your approved set of targets. For example, we only run Apache attack surface tests against your Apache services.
New attack surface tests are added at the discretion of the Cortex XSIAM Security Research Team when new vulnerabilities are announced.
Source IP addresses for Attack Surface Testing scans
To find the IP address range Cortex XSIAM uses for vulnerability tests, navigate to → → and refer to the Source IP Addresses section.