Set up Attack Surface Testing - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-05-22
Category
Administrator Guide

Note

You must have a role that includes edit permission for Vulnerability Testing to set up Attack Surface Testing. To check your role-based permissions go to SettingsConfigurationsAccess ManagementRoles, select the role, and find Vulnerability Testing on the Components tab under Incident ResponseDetections.

To set up Attack Surface Testing for the first time, complete the following tasks:

  1. Accept the End-User Licensing Agreement (EULA).

    The EULA gives Cortex XSIAM permission to conduct attack surface testing scans. You only need to accept the EULA once. After accepting the EULA the Vulnerability Testing Configuration page will open automatically so you can select the targets for testing.

  2. Select targets for attack surface testing.

    In this task, you'll select the directly-discovered services upon which Cortex XSIAM will run attack surface tests. After the initial set-up, you can update this set of targets anytime.

After you complete the set-up tasks, Cortex XSIAM will begin daily attack surface testing scans. You can perform the following post-setup tasks to access attack surface test results and change your attack surface testing configuration.

Accept the End-User Licensing Agreement (EULA)
  1. Navigate to Detection &Threat IntelAttack SurfaceAttack Surface Testing.

  2. On the Welcome to Vulnerability Testing page, click Next.

  3. Read the End-User Licensing Agreement and click Accept Terms.

After accepting the terms of the EULA, the Vulnerability Testing Configuration page will open where you can select the set of services to be tested.