Skip to main content

Attack surface

From the Attack surface page, view the domains we identified for your organization and determine whether any require your attention. For example, if you find domains used for development, verify they follow internal security standards or guidelines and then update them if necessary.

Domains table

The Domains table includes the domains we identified for your organization, how many active IPv4 and IPv6 addresses are associated with each, and how many descendants there are for each.

info

A descendant is a domain that is a child, grandchild, great-grandchild, etc., of a root domain or subdomain. For example, if the root abc.com has two subdomain children, shop.abc.com and blog.abc.com, and one grandchild subdomain cart.shop.abc.com, it has three descendants and shop.abc.com has one descendant. For more information about descendants, see Domain structure.

Use the information to determine whether any domains are likely meant to be private. For example, a domain that includes dev might require an update to ensure it's only accessible through a virtual private network (VPN).

For information about table options, see Tables.

Columns and filters

  • To add or remove information in the table, select Columns and choose the columns to view.

  • To view and manage domains that meet specific criteria, such as only those that resolve to more than one IP address, select Filters and then select how to narrow the data. The filters you select automatically apply to the Domains graph.

    info

    By default, the table and graph include all the domains and subdomains in your networks. However, if the number exceeds 20,000, the graph doesn't show data until you filter the table.

NameDescription
DepthNumber of subdomains in a domain name plus the root domain. For example, my.example.com has a depth of two since there is one subdomain my. for the root example.com.
DomainDomain name for one or more IP addresses in your networks.
IP address countNumber of active IPv4 and IPv6 addresses that the domain name can resolve to.
Descendant countNumber of domains that are children, grandchildren, great-grandchildren, etc., of the root domain or subdomain. For details, see Domain structure.
Domain tagsReasons the domain is potentially vulnerable. For details, see Tags.
IP addressFilter for finding domains based on their associated IP addresses or IP address ranges.

Find domain names for an IP address

To view the domain names identified for an IP address through FDNS lookup, filter the Domains table.

  1. From the Attack surface page, select Filter in the Domains table.

  2. Under Columns, select IP address.

  3. Under Operator, select equals.

  4. Under Value, enter the IP address.

    Domains for IP address

    The table automatically filters the results to show the domain names.

Domains graph

Under Domains graph, view a visual representation of how the domains for your organization connect.

By default, the graph nodes show which domains are associated with Common Vulnerabilities and Exposure (CVE) numbers by severity level color. The node outline color indicates the highest CVE level found out of all domain descendants. The color of the line linking the node to another node indicates the CVE level of the domain’s direct child. For more information about descendants, see Domain structure.

Domains graph on the Attack surface page

Graph options

  • To view the IP addresses associated with a domain, double click on its name or node in the graph.

  • To highlight areas of the attack surface by CVE severity rating, root domain, or a combination of the two, select the Group by field, and then select how to highlight them. For example, to view all the root domains with critical CVEs detected, select Root by CVE severity.

  • To change the visual representation of your domains, select Layout, and then select a layout option.

    • Organic: Shows your domains in a circular arrangement, with your root organization in the center and connected domains distanced apart so that domain groups, such as those with different root domains, are clear.

    • Standard: Shows connected domains, such as example.com, and my.example.com distributed evenly across the graph.

    • Structural: Shows groups of linked domains in fans.

    • Radial: Shows domains in concentric circles around the root organization in a radial tree. Each domain is a new circle that extends outward showing its connection to the root.

    • Lens: Shows, in a circular shape, highly-connected domains in the center and less connected domains towards the edge of the graph.

    • Sequential: Shows the parent-child relationships between domain levels.

  • To export the graph, select Export and then select a file format from the Type field. Next, select whether to:

    • Export entire chart: Exports a file with all of the domains for your organization. If you used the table filter options, the file only includes the filtered domains.

    • Export current view: Exports a file with only the domains in the current view of the graph.

    • Export all: Exports two files: one with the entire chart and the other with the current view.

    When the export is ready, a notification appears in your browser.

View vulnerabiities for a domain

  1. From the Domains graph on the Attack surface page, double click a domain name with a CVE severity color.

    Domains graph

  2. From the IP addresses page that opens, select one of the IP addresses in the the IP addresses table.

    IP addresses for domain

  3. On the IP address details page, select the Vulnerabilities tab to view the vulnerabilities.

    IP addresses for domain