At LookingGlass Cyber we want to make sure you get answers to important product questions so you can use scoutINSPECT as efficiently and effectively as possible.
Below are frequently asked questions from customers about scoutINSPECT features and functionalities. We hope that this information can help you accomplish your security goals and mission.
Feel free to also submit your questions at, [email protected].
Q. What does scoutINSPECT do?
A. scoutINSPECT is a powerful attack surface management platform that discovers your digital footprint on the Internet by tracking and inventorying all of your online assets - IP addresses, domain names, DNS Records, cloud storage, network records, security certificates, and more - then identifies their potential security issues, vulnerabilities, outdated software, data leakages, and risky port services.
Using scoutINSPECT helps enforce good cyber hygiene practices that ensure an organization's data and digital assets across the Internet are not at risk or vulnerable.
Q. What does scoutINSPECT scan for?
A. scoutINSPECT scans the Internet for an organization's digital assets that may or may not be accounted for. These unattended or unaccounted assets could be vulnerable to exposures (e.g., brute force attacks, exploits, etc.).
Types of digital assets scoutINSPECT scans for and discovers:
IP addresses (v4 and v6)
Domains, including subdomains.
DNS Records (e.g., MX, TXT, CNAME records, etc.)
Cloud storage (e.g., AWS S3 buckets)
Software used by applications and networks
Network port services
Q. What is meant by "Inventories"?
A. Inventories are made up of digital assets (e.g., IP addresses, domains, DNS records, etc.) that have been discovered during a scoutINSPECT scan.
Scans return digital assets and arrange them into groups. The screen capture below shows the Inventories section of the platform and how inventory assets may be classified.
Just below the graphs, on the same page, you'll see the Inventories table listing each of the assets discovered as well as its type.
Depending on the asset type, clicking on an item on the table will load a page that provides details such as its DNS record, the software that it's running, network services, etc.
Q. What is meant by "Exposures"?
A. Exposures are vulnerabilities that impact inventoried assets. scoutINSPECT provides exposure details for every asset discovered. These details can include that an asset is running software and port services that are vulnerable to exploits, brute force attacks, etc.
On the Exposures dashboard, impacted or vulnerable assets are grouped into different types of graphs so that you can easily view the ones most at risk, which ones need cyber hygiene, and ultimately the assets that you need to mitigate or respond to.
Just below the graphs, on the same page, you'll see the Exposures table listing each of the assets that are impacted by a vulnerability.
Clicking on an item on the table will load a page that provides exposure details, as well as recommendations for mitigation. Here, you can also Respond to an exposure. For more details on how to respond to an exposure, click here.
Q. What types of metadata do I get back?
A. During enumeration of digital assets, scoutINSPECT will return different types of metadata depending on the asset type.
For example, for a DNS record, you'll receive the following details:
The name of the domain
The IP address associated with the DNS record
The record type (CNAME, A, MX, TXT, etc.)
The source of the DNS record
Under Related Inventory, the type of metadata can include:
The Common Platform Enumeration (CPE) for the software the server uses
The network services' port number
The type of OS the server is running
The transport layer type
Any vendor details (name, version, etc.)
Q. What are some common workflows?
A. One of the most common workflows is how to respond to an asset exposure. You can get step-by-step instructions on how to do this by clicking here.
Q. How does AWS integration work?
A. When you integrate AWS, scoutINSPECT collects the assets in your cloud inventory and scans them for cloud-specific exposures such as data leakages.
To integrate AWS, follow the steps on this page.
Q. Can I export and share data?
A. Yes, you can export and share data easily with scoutINSPECT.
To export your inventory assets and those impacted by exposures as a CSV file, select the items you want from the table, then click Export.
Next, select or deselect the items you'd like to export, choose "CSV" for the File Type, and finally, click Export.
Sharing Exposure Details
There are two ways that you can share exposure details with others when you are responding to an incident.
1. When you're doing incident response, scoutINSPECT will generate a link that you can share with others with the details of the asset exposure. Note: Only those with the link can access the information.
2. The platform has a feature that let's you email exposure details and mitigation strategies to those inside and outside of your team and organization. To learn more about this follow the steps on this page.
Q. Can I create reports?
A. Yes, you can create executive-level reports that you can use or share with others in your organization.
scoutINSPECT can generate PDF reports for various time ranges, including 30-day, 90-day, and 180-day lapses. The information includes, details about your inventories and exposures, graphs, and items on your tables.
To learn more about creating reports, click here.
Q. How often do collections of data occur?
A. Collections of data are based on the product license your organization has subscribed to. The frequency can be daily, weekly, bi-weekly, and monthly. Click here to learn more.
Q. What do the different dashboard graphs mean?
A. There are two dashboards that offer different types of data for your Inventories and Exposures. Click here to learn more about what the graphs in the Inventories dashboard. And, click here for information on the graphs in the Exposures dashboard.
Q. How do I respond to an attack?
A. For a full workflow on how to respond to an attack or exposure, click here.