Manage Your External Assets

Rapid7 External Attack Surface enables you to achieve better visibility of your externally accessible systems by scanning your complete connected attack surface.

How it works:

  • First, you provide 1 or more known Seed Assets, which are systems that you know are externally accessible, such as a public web site domain name.
  • After seed assets are entered, Rapid7’s External Asset Engine will use a combination of non-invasive methods to discover and spider the external surface of your organization and report discoveries and analysis.

If you're looking to add seeds, check out the Quick Start Guide.

Manage Discovered Assets

The Discovered Assets page describes all discoveries from the Rapid7 External Asset Engine. There are 4 types of potential discovery:

  • IP Address: an independent IPv4 or IPv6 address referring to a discovered method of reaching an asset (note that the same asset may be listed by multiple addresses if it is accessible via multiple addresses).
  • Domain: a top-level domain or subdomain that is accessible via DNS.
  • Certificate: an SSL certificate associated with a web service.
  • Service: an open port indicating a service responding at the given address.

The information available with each discovery includes its Type, Name, Severity and Status. The Name identifies the discovery based on the given type, and the Severity and Status help you take action on the discovery.

Access discovered assets

You can access the Discovered Assets by visiting Command Platform Home > External Assets > Discovered Assets.

No discovered assets?

If you have no discovered assets yet, you’ll see a preview of the results and a short description. If that’s the case, ensure you’ve added Seed assets, or if you have added Seed assets, wait a few minutes for discoveries to begin populating.

Once populated, you’ll see 2 important things on the Discovered Assets page: a set of filters and a table of the discovered assets.

Take action on your discovered assets

After your assets have been discovered, you'll need to review their severity and update their status.

Review the severity

The External Asset Engine assigns a Severity level based on the type of issue found: Critical, High, Medium, Low. Confirm the severity or change it.

Update the status

To help you organize and map your External Attack Surface, you may select a Status for the discoveries. There are 3 statuses:

  • Not Reviewed: the default status. Discoveries that are pending review.
  • Accepted: indicate that the asset or finding has been reviewed and determined to be owned by your organization and part of your attack surface.
  • Rejected: indicate that the asset has been reviewed and determined not to be owned by or relevant to your organization. This asset is not part of your attack surface.

You can use these statuses to maintain an accurate picture of your External Attack Surface, and use the filters above the list to view, for example, only your Accepted assets for further action.

Export Asset Data

The discoveries that you may make with this functionality may be surprising or previously unknown, and it’s important to take appropriate action. You may want to send filtered results to specific teams, or create tickets for further investigation or remediation. To make this easier, we’ve provided export functionality for both Seed and Discovered assets.

To export asset data:

On the top-right corner of the asset table, click Export, and select from CSV or JSON export formats. CSV can be easily imported into a spreadsheet tool for further filtering and analysis, while a JSON format can be more easily fed into automation tools or scripts.