Prioritize and Triage Risks in Attack Surface Management
The Censys Attack Surface Management platform detects over 400 types of risk that can lead to security compromise.
The Risk page lists all instances of risks detected in your attack surface that your team should remediate.
The default view shows all active risk instances across your entire attack surface.
Risks are ordered by severity, with the most severe at the top.
The tabs help you to view risks that are accepted by a member of your team or are closed (no longer detected). View new risks with any status (active, accepted, or closed) by opening the left tab. Adjust the definition of new using the New since list above the table on the right.
Quick Filters provide both insight and filtering options to begin your investigative efforts. Most filters listed in the panel are sorted based on prevalence in your attack surface to help you set priorities.
Quick Filters include:
-
Severity: Tackle risks based on the potential impact to your organization.
-
Category: Triage based on category to target remediation of certain externally facing weaknesses.
-
Type: Triage based on specific risk types to group those with similar remediation recommendation.
-
Asset Type: Review based on the type of affected asset.
-
Environment Type: Triage based on infrastructure provisioning - cloud, shared, and other environments.
Click the linked asset in the Affected Asset column to open the Asset Details page and see more information about the risk.
Risk instances are shown on Host and Storage Bucket Details pages in the Risks tab. Click the tab to see the details and remediation recommendations for any risks detected on the asset.
Default sorting order is by detection date, with most recently detected risks on top. You can also sort by severity, with most severe on top.
Click View Scan Data to see the scan data related to the detected risk.
You can override the default risk setting using the edit option on each risk area. This is helpful if an individual instance of a risk requires a severity level other than the default. Perhaps a risk in your environment is more or less important because of its context, importance to the business, or other contextual factors.
If an individual instance of a risk is not considered a risk by your organization and you want to suppress its presence from risk lists, counts, report metrics, and the logbook, click the Accept this risk instance in the upper right of the risk area.
After accepting a risk, an option to view or hide accepted risks is shown at the top of the list. You can toggle this option to View to keep the stub of the accepted risk instance in the list, or select Hide to hide it entirely.
You can undo your acceptance by clearing the Acceptance checkbox.
-
To change the severity of a set of risk instances, use the check boxes on the Risk table to select the ones you want to work with.
-
In the area at the bottom of the page, click Edit Severity.
-
Select the desired severity and optionally provide a reason for the change.
See this article for a description of risk categories that the Censys Attack Surface Management platform identifies.
Comments
0 comments
Please sign in to leave a comment.