The Ports page

Introduction

The ports page is the perfect place to get an understanding of the open ports on your attack surface. Being able to find outliers in this data is crucial for finding shadow IT or critical ports exposed that might give malicious hackers a way in to your organisation.


Each observation will have a state saying if that is still active on your attack surface or whether it is inactive. There will also be a date saying when it was first found and a disappeared timestamp if it is no longer active on the surface.


Grouping the table data

To allow you to look at this data on any level of detail, the table can be grouped on some key dimensions.



Group by None

This is the most detailed level of the port data. It shows each domain and each IP and the ports they have open as unique rows. The status shows whether that particular port is still open or whether that port is not open anymore. The dates show when the port was first found open on that domain/IP or when it disappeared (if applicable).



Group by Port

With this grouping, each row is a unique port that has been found open on your attack surface and the number of domains and IPs that it has been found open on is shown in the Assets and IP Addresses columns. Clicking that count will show you those domains and IPs. The status shows whether that particular port is currently open on your attack surface and the timestamps show when it was first found and when it disappeared (if applicable).