External Assets

External Scan Endpoints API Integration

External Scan - Changes (Port Changes) Reporting / alerting between scans

External scans should report if there were any changes between scans. Example IP x.x.x.x had no ports open during a scan, then the next scan it shows port 443 open (or whatever port). This should be something we can be alerted on and see i a change report. This would help reduce (and also verify) external risks.

External Scan - Wordpress(plugin versions), Jenkins etc. vulnerabilities detection

To increase the value of external asset vulnerability management or external scanning in general would be the ability to detect Wordpress plugins that are either outdated or have critical vulnerabilities. Same would go for Jenkins and other website components that threat actors can detect through scanning.

Insecure Open Ports indicator on Metrics Page

The Metrics page is misleading in that insecure, open ports are not listed as a vulnerability there so at a glance it appears there are no issues.

Powered by Canny