Enabling External Exposure Analysis
Last updated
Was this helpful?
Last updated
Was this helpful?
External Exposure refers to an organization’s internet-facing systems, services, or assets that are vulnerable to potential threats. Open ports, weak APIs, DNS misconfigurations, and outdated applications expand the attack surface, making them attractive targets for external threats. Continuous monitoring, regular vulnerability assessments, and proper configurations are essential to mitigate these risks effectively. CyberCyte provides a continuous analysis solution for external exposure.
The module has two separeted component. First one is "Scanner Component" and second one is "CyberCyte Intel". The "Scanner Component" should be installed on the customer's environment if they are using CyberCyte portal with on-premise deployment. The "CyberCyte Intel" is designed for cloud-based deployments.
This section is designed for after steps of the scanner component deployment. The CyberCyte IT team will deploy the scanner on the customer side and after that these steps should be applied one by one:
First of all, please contact with the CyberCyte IT support. The module will configure with customer requirements.
Login to the CyberCyte portal.
Navigate to "Rules & Policies" -> "Policy Management" -> Search for "External Asset Discovery Default Policy" with search bar. Click on the policy or click on the three dots on the right side of the policy and click on "Edit".
In the policy:
The default scan interval is 24 hours, but it can be changed.
Users need to provide the domain address to the policy.
"Execute Vulnerability Scan" option should be enabled.
Click on the "Save" button and make sure to provide domain addresses to CyberCyte IT support.
Next steps for CyberCyte portal admins, normal users cannot be acces to the "MSSP" organization.
After configuration of the policy, please change organization to "MSSP".
Please navigate to "Asset Mgmt. & Threat Intel" -> "External Exposure Scanner Settings".
Click on the three dots at the right side of the grid and click on "Edit" button.
On the "Assigned Organizations" section, please select the organization(s).
Please make sure "Tenable Nessus Address", "Tenable Nessus Access Key" and "Tenable Nessus Secret Key" is provided.
Click on the "Save" button and wait for the results. The data should be appear in a day.
Please switch back to users organization and navigate to "Most Used" -> "External Exposure Overview". The data's will be displayed on this page, click on the entries that displayed on the grid. This action take user to specific analysis grid.
This section is designed for cloud-based deployments, but cloud-based deployment can also use the "Scanner Component" because it is already integrated with CyberCyte's cloud portal. Please let the CyberCyte IT team for external exposure analysis, CyberCyte IT team will take care of the assignments. The data will be collected in a day and users can be observe the results under the "Most Used" -> "External Exposure Overview" dashboard.
Next steps for CyberCyte portal admins, normal users cannot be access to the CyberCyte Intel.
Please login to CyberCyte Intel and navigate to "SUPERORG Management" -> "External Exposure" -> "Queries".
Click on the "+ Query" button to create a query. The "Query" section should be a domain name provided by customer. Also, please enable the "Enabled" option and click on the "Save" button.
The results can be observe from customer's organization and also on the CyberCyte Intel. On the "SUPERORG Management" -> "External Exposure" page, click on "All Data", "Cybersquatting" or one of the available sections. These sections will show all of the query results under one grid.
