Skip to main content
Attack surface view
Naomi Purvis avatar
Written by Naomi Purvis
Updated over a week ago

Attack surface view makes it easy to see exactly what's going on with your perimeter: showing you active and unresponsive targets; changes since the last scan; expiring certificates; and those ports, services and protocols you expect (but more importantly, don't expect) to be exposed to the internet.

What does it look like?

You can see a list of your targets with a filtering pane on the left to allow you to get the information you need.

For each target, you can also see a screenshot of what can be seen when a user navigates to that service on this target. This helps when trying to identify what is running on a specific port e.g. by examining the login screen.

You can also make this screenshot bigger by clicking on the thumbnail image (highlighted above). You can then scroll through the screenshots using the arrow in the bottom right:

On the far right, you can also see the date in which the service on each target was first observed and also when it was last observed. Below each target you can also see when the next Network scan will run.
<insert screenshot when ready>

How do I use it?

This page has a bunch of filters, allowing you to be as a high-level or as granular as you like.

You can also organise the results, using this dropdown:

Can I export the results on this page?

Absolutely, click the yellow Export button in the top right corner.

Why is some data missing from Attack surface?

If the target listed sits behind a CDN (such as Cloudflare or Cloudfront), we deliberately omit the network data because it actually references the CDN's infrastructure and not your own. If you'd like to know more, please have a read of this article.

Curious to see more?

If you're interested in what this all looks like in action, feel free to reach out to us via the chatbot and we'll connect you with the relevant team.

Did this answer your question?