Criminal IP‘s services are now available for integration with Logpresso, the famous Security Orchestration, Automation and Response (SOAR) platform. Attaching this API to your Logpresso dashboard enables access to Criminal IP’s Attack Surface Management (ASM) services dedicated to monitoring vulnerable IT assets on attack surfaces, and to check for presences of VPN, Tor and Proxy IP.

Platforms that support Criminal IP ASM:

  • Logpresso Standard
  • Logpresso Enterprise
  • Logpresso Sonar
  • Logpresso Maestro


How to Integrate Criminal IP to your Logpresso Dashboard

  1. Visit Criminal IP.
  2. Click the menu in the upper right corner to go to My Information and copy your personal API Key.

    Copy your API Key from Criminal IP

    Copy your API Key from Criminal IP

  3. After running the Criminal IP app in Logpresso, access Settings > Connect Profile to configure your API keys and account settings by clicking Add button. Refer to Criminal IP’s Filter List to set targets that are to be monitored at all times.

    Access your Profile Page after running Criminal IP on Logpresso

    Access your Profile Page after running Criminal IP on Logpresso

  4. Once setup is complete, you can monitor your attack surface in real-time according to the Asset Discovery query settings on your Logpresso Dashboard.

    Dashboard with Criminal IP Attack Surface Management on Logpresso

    Dashboard with Criminal IP Attack Surface Management on Logpresso


Statistical Data and Extended Commands Provided by Criminal IP Attack Surface Management

In addition to real-time monitoring, Criminal IP attack surface management provides significant statistics regarding all possible attack points—all while showing country status, ASN, services, products, port statistics, and information on detected IT assets. Setting each extension command as an asset search query in your connection profile sets permissions to monitor your attack surface with default values.

National Statistics – Displays the national statistics of the detected IT assets.

  • criminal-ip-asset-country-stats

ASN Statistics – Displays the ASN statistics for detected IT assets.

  • criminal-ip-asset-asn-stats

Service Statistics – Displays the service statistics of the detected IT asset.

  • criminal-ip-asset-service-stats

Product Statistics – Displays the product statistics of the detected IT asset.

  • criminal-ip-asset-product-stats

Port Statistics – Displays port statistics for detected IT assets.

  • criminal-ip-asset-port-stats

Assets – Displays a list of detected IT assets.

  • criminal-ip-asset-search | limit 100

In addition, commands are provided to query Favicon statistics, IP summary information, VPN diagnostic history for specific IP addresses, VPN information for specified IPs, and service status information.

  • Favicon statistics: criminal-ip-asset-favicon-stats
  • IP Summary Information: criminal-ip-get-ip-summary
  • VPN diagnostic history for a specific IP address: criminal-ip-get-vpn-reports
  • VPN information for specified IP: criminal-ip-get-vpn-summary
  • Service Status Information: criminal-ip-status


Why we need Criminal IP ASM

Vulnerabilities in IT software assets and remote services have been the most preferred attack routes of malicious hackers. In order to exercise proactive prevention, it is important to invest in Attack Surface Management (ASM), especially as cyber attacks can come at any time. Criminal IP collects all IP address information from around the world, classifying IT assets and company equipment in order to analyze and identify security issues.

Attack surfaces are becoming increasingly diversified, and difficult to manage manually due to limited costs, time and manpower. However, with Logpresso providing accessible and user-friendly dashboards with no installation requirements, integrating your Criminal IP account into a real-time, automated report for your attack surface.

For more information on why Attack Surface Management (ASM) is important, read our article on Attack Surface Management: Monitoring Unknown Assets and Vulnerabilities“. Apply to the free demo to monitor your own attack surface using threat intelligence data from Criminal IP.

Related Article: