<Anomali ThreatStream 사용자가 ASA 리포트로 알 수 있는 정보>
- Internet facing hosts : will give customer reachable hosts.
[IP, Risk score, Hostname, Summary (# of ports open, # of domains associated), Last seen]
- Unreachable assets : will give customer Unreachable hosts which are in customer’s DNS records.
[IP address, Risk score, Hostname, Summary (# of ports open, # of domains associated), Last seen]
- SSH services : will give customer hosts which runs SSH service (port 22, 2222)
- Open ports : will give customer which port number(s) are open. [port number, known service name, count]
- CVEs : will show which CVE number(s) are seen. [CVE number, CVSS, Severity, IP, host name]
- Exploitable CVEs : will show CVEs which exploitable software is open public. This is more critical CVEs.
- Invalid or expired certificates : will show invalid or expired cert.
- End of life software : will show software which is open and EOL. Software is mainly free software such as openssl.
<Anomali XDR(Match Cloud) 사용자가 추가적으로 알 수 있는 정보>
- Highly Targeted Assets: number of assets blocked or allowed
- Actor Targeted Assets : number of attacks by known cyber attackers
- Threat Bulletin Targeted Assets : number of known cyber threat alerts
- TTP Targeted Assets : Types of Mitre & ATTCK Known Attack Techniques and Number of Cases Affected
ASA 리포트 데이터 시트를 첨부하였으니 참조하시기 바랍니다.