Criminal IP‘s services are now available for integration with Logpresso, the famous Security Orchestration, Automation and Response (SOAR) platform. Attaching this API to your Logpresso dashboard enables access to Criminal IP’s Attack Surface Management (ASM) services dedicated to monitoring vulnerable IT assets on attack surfaces, and to check for presences of VPN, Tor and Proxy IP.
Platforms that support Criminal IP ASM:
- Logpresso Standard
- Logpresso Enterprise
- Logpresso Sonar
- Logpresso Maestro
How to Integrate Criminal IP to your Logpresso Dashboard
- Visit Criminal IP.
- Click the menu in the upper right corner to go to My Information and copy your personal API Key.
- After running the Criminal IP app in Logpresso, access Settings > Connect Profile to configure your API keys and account settings by clicking Add button. Refer to Criminal IP’s Filter List to set targets that are to be monitored at all times.
- Once setup is complete, you can monitor your attack surface in real-time according to the Asset Discovery query settings on your Logpresso Dashboard.
Statistical Data and Extended Commands Provided by Criminal IP Attack Surface Management
In addition to real-time monitoring, Criminal IP attack surface management provides significant statistics regarding all possible attack points—all while showing country status, ASN, services, products, port statistics, and information on detected IT assets. Setting each extension command as an asset search query in your connection profile sets permissions to monitor your attack surface with default values.
National Statistics – Displays the national statistics of the detected IT assets.
ASN Statistics – Displays the ASN statistics for detected IT assets.
Service Statistics – Displays the service statistics of the detected IT asset.
Product Statistics – Displays the product statistics of the detected IT asset.
Port Statistics – Displays port statistics for detected IT assets.
Assets – Displays a list of detected IT assets.
- criminal-ip-asset-search | limit 100
In addition, commands are provided to query Favicon statistics, IP summary information, VPN diagnostic history for specific IP addresses, VPN information for specified IPs, and service status information.
- Favicon statistics: criminal-ip-asset-favicon-stats
- IP Summary Information: criminal-ip-get-ip-summary
- VPN diagnostic history for a specific IP address: criminal-ip-get-vpn-reports
- VPN information for specified IP: criminal-ip-get-vpn-summary
- Service Status Information: criminal-ip-status
Why we need Criminal IP ASM
Vulnerabilities in IT software assets and remote services have been the most preferred attack routes of malicious hackers. In order to exercise proactive prevention, it is important to invest in Attack Surface Management (ASM), especially as cyber attacks can come at any time. Criminal IP collects all IP address information from around the world, classifying IT assets and company equipment in order to analyze and identify security issues.
Attack surfaces are becoming increasingly diversified, and difficult to manage manually due to limited costs, time and manpower. However, with Logpresso providing accessible and user-friendly dashboards with no installation requirements, integrating your Criminal IP account into a real-time, automated report for your attack surface.
For more information on why Attack Surface Management (ASM) is important, read our article on “Attack Surface Management: Monitoring Unknown Assets and Vulnerabilities“. Apply to the free demo to monitor your own attack surface using threat intelligence data from Criminal IP.
Related Article: https://blog.criminalip.io/2022/08/16/attack-surface-management/