The All External Services page presents the complete inventory of public internet-facing services attributed to your organization.
Note
Viewing All External Services requires the Attack Surface Management add-on.
The All External Services page presents the complete inventory of public internet-facing services attributed to your organization. An external service can be any internet-facing device or software that communicates on a domain:port or IP:port pair. The All External Services view enables your IT and security teams to assess your total internet attack surface in detail. Some use cases include the following:
Enabling you to proactively reduce your attack surface, by providing a comprehensive view of your attack surface along with details about vulnerable services.
Answering questions about what kinds of software and devices are being used.
Searching for specific software, technology, or configurations.
Discovering unused technology deployments or legacy software in need of updating.
To view the All External Services page, select → → .
By default, the All External Services page displays all external services according to the service name. To search for specific services, use the filters above the results table to narrow the results or query the data using the XQL search. Export the tables and respective service views to a tab-separated values (TSV) file. From the All External Services page, you can also manage the output of the external services using the right-click pivot menu.
When any row in the All External Services table is selected, a side panel to the right of the table displays details about the service.
The All External Services table includes the fields listed in the following table. Fields are listed in alphabetical order.
Field | Description |
---|---|
Active classifications | Facts that have been inferred about each of your services by examining a response for fingerprints. Classifications cover a variety of details including:
Some Classifications merely note that a fact is true or false, like Missing Cache Control Header. Other Classifications provide additional information, such as a version number for “nginx Server”. These details are viewable in the services table and on the details page for the service by clicking the name of the service in the All External Services table. |
Business units | A Business Unit is a designation to classify assets. Cortex XSIAM tracks business units as a means to identify owning organizations of these assets. Business units become extremely important when an organization has subsidiaries and groups established through M&A activities. |
Discovery type | Services are identified with one of the following two discovery types, depending on the level of confidence Cortex XSIAM has in attributing it to your organization.
|
Domain | The most recent domain on which the service is running. |
Externally detected providers | The provider of the asset is determined by an external assessment. |
Externally inferred CVEs | Externally Inferred CVEs are identified by comparing the product name and version of active service, if identifiable, with CVES for those products in the National Vulnerability Database. Additional investigation may be required to confirm if the CVE is present. Click on the service to view the service details, which include the complete list of all the externally inferred CVEs. |
Externally inferred vulnerability score | This score is based on the highest CVSSv3 score for Externally Inferred CVEs on this service. If there is no CVSSv3 score for the CVE, then the CVSSv2 score is used. This field applies only to services with Externally Inferred CVEs. |
First observed | When the asset was first observed via any of the sources. |
IP addresses | Array column specifying a list of IPs associated with this asset. |
Is active |
|
Last observed | When the asset was last observed via any of the sources. |
Port | The most recent port for the service. |
Protocol | The application-level protocol on the public internet over which Cortex XSIAM validated the service. |
Service name | The service type along with the specific domain:port or IP:port pair for the service. |
Service type | The type of server or software for the service. |