How great are filters? They allow us to enjoy grain free coffee, breathe cleaner air, and provide our cars with refined fuel. They also allow us to sift through copious amount of data about targets and present specifically what we need. Therefore, this and the next issue will be focusing on filters. Starting with the Asset Management screen in this newsletter and then Vectors in the next one.
In this newsletter we are going to explore some of the things you can do with the Asset Management screen filters which includes three types of filters:
Toggles offer the most general type of filter. Meaning that only using the toggles we cannot really get too deep and specific into the data. To do that we would need to combine several filter types and filters within the filter types, we will talk about that later in this newsletter. For now, let's focus on general filtering. For example, we can display all the new (added in the last 10 days) and vulnerable (have vectors attached to them) assets using just two toggles.
The filters listed above function as separate entities, we can mix and match several filters to create a new, custom filter which can be saved to be used later. This allows us to achieve granular control over the data presented by the platform.
SSL certificates are used in every web application, it is crucial to an organization’s security posture to have all their certificates use strong encryption ciphers, be up to date and signed by a well-known certificate authority. Using the 'Enrichment Type' filter we can create a new filter that will display any SSL issues your assets may have.
There are cases where we want the platform to display certain information and not display other information. For instance, let’s say we want to display all the web servers under the target, one way to do that is to scroll down to the ‘Technology Category' filter and select ‘Web Servers'. Another option, if we want to be more specific with it, we can go to the 'Technology Type’ filter and select which web server types we want to display or not to display.
In the example below, we wanted to display only Apache Web Servers, so we first filtered out all the Web Servers and then got more specific by selecting only Apache web servers and not regular HTTP server or Nginx servers.
While being very powerful, there are some vectors which are difficult to detect using conventional methods, that the platform can’t detect yet. This does not mean however that it cannot provide some indication wether or not there are assets that are susceptible to such attacks.
The platform can detect which technologies are used on assets; we can use that data to provide insights into the preparedness of our assets to face such attacks.
By filtering using these technologies, whether they are present or not, we know which assets are protected from these attacks and which are not and can take appropriate action.