Below is a list of terms used in scoutINSPECT.
Assets are IP addresses, domain names, security certificates, DNS records, network records, and port/port services belonging to an organization.
IPv4 addresses (192.67.21.01), IPv6 addresses (8a2:63cc:e469:aa6a), AAA records, etc.
Inventories are collection of assets.
A collection of discovered IP addresses and domain names, DNS records, software,etc.
Errors or flaws in software or misconfigured devices hackers can take advantage of to attack systems.
Vulnerabilities, data leakage, risky services.
Network ports use software (services) to carry out different functions.
Port 21, service: vsftpd 2.3.4; port 22, service: OpenSHH 4.1, etc.
A port service that may be vulnerable to exploits.
vsftpd 2.3.4 is vulnerable to backdoor command execution; OpenSHH 4.1 is vulnerable to timing attacks, etc.
A weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
CVE-2021-3059 (OS command injection); CVE-2022-21661 (Wordpress SQL injection); CVE-2021-27928 (MariaDB exploit), etc.
Is there a term you're unfamiliar with when using scoutINSPECT? Ask us! Email your question to: [email protected].