Skip to content

Threat Discovery

Threat Feed

Access updates on potential threats relevant to your organization based on scheduled or user-initiated scans.

  1. Navigate to the "Threat Discovery" section.

  2. Click on "Threat Feed" to access updates on potential threats discovered during daily or user-initiated scans.

  3. Click on a threat to view detailed information, including description of threat, evidence, affected systems, and recommended actions.

  4. Use the self-service features to:

    • Assign threat statuses (e.g., New, Triaged, Remediated, or False Positive) to track progress.
    • Add triage notes and collaborate with your team on mitigation efforts.

Self-Service Abilities

The Threat Feed allows you to manage and address threats as they are discovered through scans:

  • Assign Statuses: When evaluating a threat, there is an edit button next to the tag where you can assign one of four statuses:

    • New: The threat has been identified and requires assessment.

    • Triaged: The threat has been evaluated, and remediation or next steps have been determined.

    • Remediated: The issue has been resolved, and no further action is needed.

    • False Positive: The identified threat has been deemed non-critical or invalid.

  • Triage Notes: Add documentation and analysis during the triage process, providing clarity on the status and severity of the issue for your team.

  • Scheduled or User-Initiated Scans: Updates occur based on the scan frequency set by the system or manually initiated scans, giving you control over when to monitor and address new threats.

Threat Report Export Wizard

The Threat Report Export Wizard allows you to generate customized reports of discovered threats, tailored to your specific needs. Follow the steps below to configure and export a report:

Select Date Range

  • Choose the start and end dates for the threats you want to include in the report. Only threats identified or updated within this date range will appear in the exported report.

Choose Asset Type

  • Domain: Includes any threats discovered on monitored domains.
  • IP Address: Covers threats associated with specific IP addresses.
  • Container Image: Focuses on threats related to container images.

Specify Asset

  • After selecting the asset type, choose the specific asset (e.g., example.com, 192.168.1.1, or example/image:latest) for which you want to generate the report.

Filter by Severity Levels

  • Critical (Crit)
  • High
  • Medium (Med)
  • Low
  • Informational (Info)

You can select one or more severity levels to refine the threats included in your report.

Select Threat Status

  • New: Recently discovered threats that have not yet been triaged.
  • Open: Threats currently under investigation or awaiting remediation.
  • Closed: Remediated threats or those marked as false positives.

Export Format

  • PDF: Generates a printable report ideal for executive summaries or formal documentation.
  • CSV: Creates a comma-separated values file for easy import and manipulation in spreadsheets or data analysis tools.

How to Use the Threat Report Export Wizard

  1. Open the Export Wizard: Navigate to the Threats section (or appropriate export feature in your platform) and click the "Export Report" button.
  2. Configure Your Report: Specify the date range, asset type, specific asset, severity levels, and statuses you want to include.
  3. Select Export Format: Choose whether you want to download the report as a PDF or CSV file.
  4. Generate Report: Click the "Export Report" button. The system will compile the selected threats into your chosen format.
  5. Download: Once the export is complete, the report will be automatically downloaded. Save the file to share with stakeholders or to keep for your records.

By customizing the date range, asset, severity, and status filters, you can create targeted threat reports that focus on the information most relevant to your security analysis and remediation efforts.

Threats

Finding Description

Provides a detailed description of the identified threat or vulnerability.

Evidence

Presents evidence or proof of the identified threat, such as logs, screenshots, or network traffic captures.

Request

Describes the request made by the attacker to exploit the vulnerability, if applicable.

Response

Details the response from the system or application to the attacker's request, highlighting any vulnerabilities or weaknesses.

Affected Assets

Specifies the assets or systems impacted by the threat, including servers, applications, or databases.

Reference

Provides references or links to additional resources for further investigation or mitigation of the threat.

Triage Notes

Contains notes from the initial triage process, including severity assessment and recommended actions.

Threat Activity

Describes the malicious activity associated with the threat, including attack patterns or techniques used by the attacker.

Threat Insights

Provides helpful finding Q&A created by our generative pentest AI, offering deeper analysis and frequently asked questions about the findings.

Threat Discussion

Facilitates discussion among team members regarding the identified threat, allowing for collaboration and knowledge sharing.

Dark Web Scan

View scans to detect any instances of your organization's data being traded or compromised on the dark web.

  1. Go to the "Threat Discovery" section.

  2. Click on "Dark Web Scan" to view the scans for your organization's data on the dark web.

  3. Review the scan results to identify any instances of your data being traded or compromised on the dark web.

Domain Squatting

Detect instances of domain squatting, where attackers register domains similar to your organization's to conduct phishing attacks or impersonate your brand.

  1. Navigate to the "Threat Discovery" section.

  2. Click on "Domain Squatting" to detect instances of domain squatting.

  3. Review the findings to identify any domains that are suspiciously similar to yours and take appropriate action to mitigate the risk.