Criminal IP Attack Surface Management (ASM) is integrated into the SOAR (Security Orchestration, Automation, and Response) platform Logpresso. Criminal IP ASM can be executed on the Logpresso dashboard through the API provided by Criminal IP. So, IT assets exposed to the attack surface can be automatically monitored, and the presence of VPN, Tor, and Proxy IPs can be checked.
Platforms that support Criminal IP ASM:
- Logpresso Standard
- Logpresso Enterprise
- Logpresso Sonar
- Logpresso Maestro
How to Integrate Criminal IP ASM Into Your Logpresso Dashboard
- Visit Criminal IP.
- Click the menu in the upper right corner to go to My Information and copy your personal API Key.
Copy your API Key from Criminal IP
- After running the Criminal IP app in Logpresso, access Settings > Connect Profile to configure your API keys and account settings by clicking Add button. Refer to Criminal IP’s Filter List to set targets that are to be monitored at all times.
Access your Profile Page after running Criminal IP on Logpresso
- Once setup is complete, you can monitor your attack surface in real-time according to the Asset Discovery query settings on your Logpresso Dashboard.
Dashboard with Criminal IP Attack Surface Management on Logpresso
Statistical Data and Extended Commands Provided by Criminal IP Attack Surface Management
In addition to real-time monitoring, Criminal IP attack surface management provides significant statistics regarding all possible attack points—all while showing country status, ASN, services, products, port statistics, and information on detected IT assets. Setting each extension command as an asset search query in your connection profile sets permissions to monitor your attack surface with default values.
National Statistics – Displays the national statistics of the detected IT assets.
- criminal-ip-asset-country-stats
ASN Statistics – Displays the ASN statistics for detected IT assets.
- criminal-ip-asset-asn-stats
Service Statistics – Displays the service statistics of the detected IT asset.
- criminal-ip-asset-service-stats
Product Statistics – Displays the product statistics of the detected IT asset.
- criminal-ip-asset-product-stats
Port Statistics – Displays port statistics for detected IT assets.
- criminal-ip-asset-port-stats
Assets – Displays a list of detected IT assets.
- criminal-ip-asset-search | limit 100
In addition, commands are provided to query Favicon statistics, IP summary information, VPN diagnostic history for specific IP addresses, VPN information for specified IPs, and service status information.
- Favicon statistics: criminal-ip-asset-favicon-stats
- IP Summary Information: criminal-ip-get-ip-summary
- VPN diagnostic history for a specific IP address: criminal-ip-get-vpn-reports
- VPN information for specified IP: criminal-ip-get-vpn-summary
- Service Status Information: criminal-ip-status
Why we need Criminal IP ASM
Vulnerabilities in IT software assets and remote services have been the most preferred attack routes of malicious hackers. In order to exercise proactive prevention, it is important to invest in Attack Surface Management (ASM), especially as cyber attacks can come at any time. Criminal IP collects all IP address information from around the world, classifying IT assets and company equipment in order to analyze and identify security issues.
An increasingly diverse and growing attack surface is difficult to manage manually with limited costs, time, and manpower. However, Logpresso’s highly accessible and user-friendly dashboard, which does not require the installation of any additional devices or software, will enable Criminal IP to provide automated attack surface management services effectively.
For more information on why Attack Surface Management (ASM) is important, read our article on “Attack Surface Management: Monitoring Unknown Assets and Vulnerabilities“. Apply to the free demo to monitor your own attack surface using threat intelligence data from Criminal IP.
Related Article: https://blog.criminalip.io/2022/08/16/attack-surface-management/
Leave a Reply