⚠️ This feature is only available on our Premium or Vanguard plans
The Attack Surface tab makes it easy to see exactly what's going on with your perimeter: showing you active and unresponsive targets; changes since the last scan; expiring certificates; and those ports, services and protocols you expect (but more importantly, don't expect) to be exposed to the internet.
What does it look like?
You can see a list of your targets with a filtering pane on the left to allow you to get the information you need.
For each target, you can also see a screenshot of what can be seen when a user navigates to that service on this target. This helps when trying to identify what is running on a specific port e.g. by examining the login screen.
You can also make this screenshot bigger by clicking on the thumbnail image (highlighted above). You can then scroll through the screenshots using the arrow in the bottom right:
On the far right, you can also see the date in which the service on each target was first observed and also when it was last observed. Below each target you can also see when the next Network scan will run.
How do I use it?
This page has a bunch of filters, allowing you to be as a high-level or as granular as you like.
For targets behind a Web Application Firewall, you have the option to further filter the list by types of firewall and detection results:
You can also organise the results, using this dropdown:
Can I export the results on this page?
Absolutely, click the Export all button:
Can I set up custom alerts for my attack surface?
You sure can! Once an alert is set up, we'll send you an email each time the alert is triggered. To set it up: click the yellow Alerts button the top right > complete the form and select Save alert:
How do I delete my alerts?
Click Alerts > Manage alerts:
Click the bin icon:
How do I edit my alert?
Click Alerts > Manage alerts:
Click the one you want to edit:
Make the changes and click Update alert:
How do I manage the email alerts?
Head to Settings > Email notifications > scroll down to Attack surface alert notifications and toggle on or off:
Why is some data missing from Attack surface?
If the target listed sits behind a CDN (such as Cloudflare or Cloudfront), we deliberately omit the network data because it actually references the CDN's infrastructure and not your own. If you'd like to know more, please have a read of this article.
Curious to see more?
If you're interested in what this all looks like in action, feel free to reach out to us via the chatbot and we'll connect you with the relevant team.