Attack Surface Testing intrusivity - Attack surface tests are categorized by their intrusiveness, enabling you to choose more intrusive methods to confirm specific vulnerabilities. - Administrator Guide - Cortex XSIAM - Cortex

Attack Surface Testing intrusivity - Attack surface tests are categorized by their intrusiveness, enabling you to choose more intrusive methods to confirm specific vulnerabilities. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product

Cortex XSIAM

Creation date

2024-03-06

Last date published

2025-12-14

Category

Administrator Guide

Abstract

Attack surface tests are categorized by their intrusiveness, enabling you to choose more intrusive methods to confirm specific vulnerabilities.

Attack surface tests are classified by their level of intrusiveness. While most tests are benign, some vulnerabilities require more intrusive methods for confirmation. You can choose whether to enable these more intrusive tests, with the various levels of intrusiveness described in the table below.

Intrusivity level	Description	Examples
Level 0: Non-intrusive	No interaction with the target system beyond passive information gathering. The system remains completely unaffected by any tests.	Default credential login tests Basic HTTP GET / POST requests
Level 1: Minimal interaction	Basic interactions that involve standard requests without altering the system state or data. Any changes are confined to volatile memory and do not persist.	Dropping a small, benign file in a temporary directory, such as `/tmp`, that the system deletes on reboot.
Level 2: Temporary modification	Makes temporary and fully reversible changes to the system. Modifications do not impact normal operations and can be undone without lasting effects. Cleanup is not necessary, but can be done.	Dropping files with benign content in non-temporary directories and that can be removed afterward Modifying service configurations that revert after a restart Creating a temporary database user that is deleted upon restart
Level 3: Reversible changes	Introduces changes that persist but can be reversed with your actions. These changes may slightly impact normal operations, but are recoverable.	Dropping a file containing controlled code that is removed afterward Modifying application data (such as UI elements or database entries) that can be corrected Executing commands that alter system state but can be undone
Level 4: Significant impact	Makes significant changes that are not easily reversible. These actions may disrupt services or alter system data.	Injecting data into a database that cannot be fully removed Causing temporary service unavailability (for example, a brief Denial of Service lasting a few seconds) Creating users or projects within the application that cannot be deleted
Level 5: Full compromise	Actions that fully compromise the system, leading to irreversible damage, persistent backdoors, or extensive disruption.	Executing commands that install persistent backdoors or webshells that cannot be removed Modifying critical system files or settings leading to system instability Performing Denial of Service attacks that render services completely unavailable