Below is a list of terms used in scoutINSPECT.
Term | Explanation | Example |
Assets | Assets are IP addresses, domain names, security certificates, DNS records, network records, and port/port services belonging to an organization. | IPv4 addresses (192.67.21.01), IPv6 addresses (8a2:63cc:e469:aa6a), AAA records, etc. |
Inventory | Inventories are collection of assets. | A collection of discovered IP addresses and domain names, DNS records, software,etc. |
Exposures | Errors or flaws in software or misconfigured devices hackers can take advantage of to attack systems. | Vulnerabilities, data leakage, risky services. |
Software | Network ports use software (services) to carry out different functions. | Port 21, service: vsftpd 2.3.4; port 22, service: OpenSHH 4.1, etc. |
Risky-service | A port service that may be vulnerable to exploits. | vsftpd 2.3.4 is vulnerable to backdoor command execution; OpenSHH 4.1 is vulnerable to timing attacks, etc. |
Vulnerability | A weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. | CVE-2021-3059 (OS command injection); CVE-2022-21661 (Wordpress SQL injection); CVE-2021-27928 (MariaDB exploit), etc. |
Is there a term you're unfamiliar with when using scoutINSPECT? Ask us! Email your question to: [email protected].