Attack Surface Testing - Attack surface testing runs benign exploits against your externally facing assets to confirm the presence of vulnerabilities. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

While Cortex XSIAM global ASM scans identify inferred CVEs that potentially impact an asset, attack surface testing confirms the presence of vulnerabilities on your external attack surface. With your explicit approval, Cortex XSIAM runs controlled exploits against your public internet-facing assets to confirm the presence or absence of vulnerabilities, enabling you to quickly and confidently prioritize and remediate risks.

When setting up attack surface testing, you select the targets for the testing, either all or a subset of your directly discovered services (which are services that are definitively associated with an asset that belongs to your organization). After you've selected targets, Cortex XSIAM runs attack surface scans daily. Attack surface test results are displayed on the Services tab in the inventory, so you can review the data as part of your existing ASM workflow. All attack surface tests are enabled by default, but you can view information about the tests and disable tests if needed from the Attack Surface Tests page.