The filter operators for technologies
There are five different filter operators to choose from when filtering on technologies. These are:
- contain any of (A ⋂ B != ∅)
- This one adds an or between each value added to the list of values. This means that, if a domain has any of the technologies listed it will match. Think of this as a disallowlist and it will match anything that is using any of these disallowed technologies.
- do not contain any of (A ⋂ B = ∅)
- This filter also adds ors between each value but it will match if any of those technologies are not found on a domain.
- contain all of (⊇)
- For this filter, an and is added between each value, such that it matches only if all technologies listed are found on a particular domain.
- do not contain all of (⊅)
- This filter still uses the and between values but it matches only if not all technologies listed are found on a specific domain.
- do not only contain (⊄)
- This one is a little special. It matches if a technology is found that is not listed in the values. You can think of this as an allowlist. It will match all domains that are using a technology not listed in the values.
Examples of policies on technologies
If there are certain technologies that you don't want to have on your attack surface you can monitor those using the contain any of filter operator. This will allow you to look for deprecated technologies, maybe you are moving away from PHP and WordPress and you want to monitor all places where those technologies are used. Maybe there is a new vulnerability being exploited in a particular technology, use this new filter to find where it is used.
If you expect all domains to use either Cloudflare or Azure CDN, and you are unsure if every domain is covered, you can find that using the do not contain any of filter operator.
If you expect all domains to have both HSTS running and Cloudflare for security reasons. Then you can monitor any deviations from that using the do not contain all of filter operator.
