Domains
The "Domains" page is the primary place to learn about the domains on your attack surface that are monitored with Surface Monitoring. It's at the top under the "Insight" section in the menu, designed to collect all the output and insights our product has generated.
The main feature of the "Domains" page is a table displaying each row as a new domain, along with details about that domain. Filters and search options are available so that you can find the domains you're interested in or that match your specific query. You can also examine aspects such as the exposure degree of a domain, which explains the level of exposure that particular domain has.
Further information available on this page that describes the domain's exposure includes open ports, technologies, vulnerabilities, IPs, countries, and providers, as well as when the domain was first seen and when it disappeared (if applicable).
Selecting any domain will take you to the details page, which shows open ports, DNS records, technologies fingerprinted on that specific domain (e.g., blog.detectifydemo.com), the IP addresses this domain points to, and the list of vulnerabilities found. The details page summarizes all aspects of that domain, giving you a complete picture and highlighting any necessary actions.
IP Addresses
The IP Addresses page collects all the different IPs that are on your attack surface. You can slice and dice the data at various levels, including the IP address, if it's active, how many assets each of the IPs has, and the provider.
Exploring other "Group By" options gives different perspectives with the same data type. Grouping by provider, for example, shows all the different providers and their current usage. You can also see in which countries these IPs are located.
Ports
We detail any ports we've found exposed on the IPs you use.
The first page you'll see is grouped by port, where each row represents a unique open port, along with columns describing the number of assets and IPs on which this port has been found open.
Like the IP addresses and technologies pages, it follows a similar structure, with a status column indicating whether this port is active (open) or not (closed) on your attack surface. We also include "first scanned" and "disappeared" data to track when we first discovered it and if it has vanished.
Technologies
The technologies page lists all fingerprinted software found anywhere on your attack surface.
It uses a "Group By" structure, allowing you to choose the level of detail you want to see. Starting with the most zoomed-out version, "group by technology," each row represents a unique technology, disregarding versions. For instance, if multiple versions of jQuery are found, it will be listed once, and we will count how many times that technology, in various versions, has been detected across different assets.