Skip to content

Threat Discovery

Threat Feed

Access updates on potential threats relevant to your organization based on scheduled or user-initiated scans.

  1. Navigate to the "Threat Discovery" section.

  2. Click on "Threat Feed" to access updates on potential threats discovered during daily or user-initiated scans.

  3. Click on a threat to view detailed information, including description of threat, evidence, affected systems, and recommended actions.

  4. Use the self-service features to:

    • Assign threat statuses (e.g., New, Triaged, Remediated, or False Positive) to track progress.
    • Add triage notes and collaborate with your team on mitigation efforts.

Self-Service Abilities

The Threat Feed allows you to manage and address threats as they are discovered through scans:

  • Assign Statuses: When evaluating a threat, there is an edit button next to the tag where you can assign one of four statuses:

    • New: The threat has been identified and requires assessment.

    • Triaged: The threat has been evaluated, and remediation or next steps have been determined.

    • Remediated: The issue has been resolved, and no further action is needed.

    • False Positive: The identified threat has been deemed non-critical or invalid.

  • Triage Notes: Add documentation and analysis during the triage process, providing clarity on the status and severity of the issue for your team.

  • Scheduled or User-Initiated Scans: Updates occur based on the scan frequency set by the system or manually initiated scans, giving you control over when to monitor and address new threats.

Threats

Finding Description

Provides a detailed description of the identified threat or vulnerability.

Evidence

Presents evidence or proof of the identified threat, such as logs, screenshots, or network traffic captures.

Request

Describes the request made by the attacker to exploit the vulnerability, if applicable.

Response

Details the response from the system or application to the attacker's request, highlighting any vulnerabilities or weaknesses.

Affected Assets

Specifies the assets or systems impacted by the threat, including servers, applications, or databases.

Reference

Provides references or links to additional resources for further investigation or mitigation of the threat.

Triage Notes

Contains notes from the initial triage process, including severity assessment and recommended actions.

Threat Activity

Describes the malicious activity associated with the threat, including attack patterns or techniques used by the attacker.

Threat Insights

Provides helpful finding Q&A created by our generative pentest AI, offering deeper analysis and frequently asked questions about the findings.

Threat Discussion

Facilitates discussion among team members regarding the identified threat, allowing for collaboration and knowledge sharing.

Dark Web Scan

View scans to detect any instances of your organization's data being traded or compromised on the dark web.

  1. Go to the "Threat Discovery" section.

  2. Click on "Dark Web Scan" to view the scans for your organization's data on the dark web.

  3. Review the scan results to identify any instances of your data being traded or compromised on the dark web.

Domain Squatting

Detect instances of domain squatting, where attackers register domains similar to your organization's to conduct phishing attacks or impersonate your brand.

  1. Navigate to the "Threat Discovery" section.

  2. Click on "Domain Squatting" to detect instances of domain squatting.

  3. Review the findings to identify any domains that are suspiciously similar to yours and take appropriate action to mitigate the risk.