External Assets

External Scan - Wordpress(plugin versions), Jenkins etc. vulnerabilities detection

To increase the value of external asset vulnerability management or external scanning in general would be the ability to detect Wordpress plugins that are either outdated or have critical vulnerabilities. Same would go for Jenkins and other website components that threat actors can detect through scanning.

External Scan - Changes (Port Changes) Reporting / alerting between scans

External scans should report if there were any changes between scans. Example IP x.x.x.x had no ports open during a scan, then the next scan it shows port 443 open (or whatever port). This should be something we can be alerted on and see i a change report. This would help reduce (and also verify) external risks.

Add UDP inclusion for external scan

Insecure Open Ports indicator on Metrics Page

The Metrics page is misleading in that insecure, open ports are not listed as a vulnerability there so at a glance it appears there are no issues.

Previously created tag for external assets available for re-use

let the previous created tag for external assets appear here as an option in case the partner would like to re-use it for other configuration entries:

Alternating External Scan Profile Jobs

Add Ability to Rename External Assets

Define Secure Ports per External Asset

Add ability to depreciate external scans

Report scheduler with tags of external scan

Load More

→

Powered by Canny