Compatible fields when searching findings:
| Field | Description | Supported Risk Vectors |
|---|---|---|
| Application Name | The name of the mobile application. | Mobile Application Security |
| App Version | The version of the mobile application analyzed in this finding. | Mobile Application Security |
| Browser | The family of the browser detected. | Desktop Software |
| Browser Grade | Grade based on the support status of the detected browser version. | Desktop Software |
| Browser Support | Whether the detected browser is supported or unsupported. | Desktop Software |
| Browser Version | The version of the browser detected. | Desktop Software |
| Certificate Issuer | The certificate authority that issued this certificate. |
|
| Certificate Serial Number | The serial number of this certificate in decimal format. This can be used for internal investigation. |
|
| CVSS Score | The severity of the vulnerability, on a scale of 0.1 (better) to 10.0 (worst). | Mobile Application Security |
| Details | Information about the nature of the finding. | All risk vectors.
Compromised Systems, User Behavior, and Web App Header risk vectors are not yet searchable. Use the Infection Family and Category filters to get the most relevant information regarding the Compromised Systems and User Behavior risk vectors. |
| Detection Mechanism | This method was used to detect the infection. | Compromised Systems |
| Destination Port | The number of the destination port identified in the finding. In Compromised Systems, this is the port that the compromised device reached out to. In Open Ports, it is the port associated with the service observed. |
|
| Diffie-Hellman Prime Name | Named Diffie-Hellman primes are published values, sourced from software libraries or other publications, used during key exchange. | TLS/SSL Configurations |
| Domain | The domain of the organization that published the mobile application described in the finding. | Mobile Application Security |
| Email Subject | An email with this subject was sent from the company's network, indicating a compromised mail server or email account. | Compromised Systems |
| Estimation of Users | Estimated number of users with the Operating System and Browser. (User counts are estimated, based on visible web activity.) | Desktop Software |
| Final Location | URL where headers were observed. |
|
| Finding Identifier | The asset (e.g., IP, domain, host, application, port) and its status (e.g. online/offline, version, support status) that identifies the finding. |
All risk vectors. Refer to the Certificate Serial Number to identify TLS/SSL Certificate findings. |
| GeoIP Location | Country where the IP address involved in this event resides. | Compromised Systems |
| Grade | The finding grade. | Diligence risk vectors. |
| Malware Type | Basic information specific to the type of event. | Compromised System risk vectors. |
| Number of Scans | ||
| Observed IP | IP addresses where the certificate was seen, on the most recent day. |
|
| OS | The family of the detected operating system. | Desktop Software |
| OS Version | The version of the operating system detected. | Desktop Software |
| OS Grade | Grade based on the support status of the detected OS version. | Desktop Software |
| OS Support | Whether the detected operating system is supported or unsupported. | Desktop Software |
| Ports | ||
| Product | The product or service observed on this port. | Open Ports |
| Risk Vector | Name of the finding's Risk Vector. | All risk vectors. |
| Server Name | The domain name of the affected server. It is known to be a command and control server, sinkhole, or is hosting adware. | Compromised System risk vectors. |
| Server Type | The type of server software using this port. | Server Software |
| Server Version | The version of the server software detected. | Server Software |
| Spam Type | The method or tool used to send spam. | Spam Propagation |
| Source Port | A compromised device was observed sending traffic from this port. | Compromised System risk vectors. |
| Transport Method | The transport protocol (TCP or UDP) for this open port. | Open Ports |
| Trusted Proxy Address | Botnet communication can be captured from a Trusted traffic redirection Proxy, containing XFF details on the original source IP address. | Compromised System risk vectors. |
| User Agent | Malware can use the User Agent HTTP header to transmit information about itself or the compromised system to command and control servers. | Compromised System risk vectors. |
| Vulnerability | Name of the vulnerability. | Patching Cadence |
- May 29, 2024: Certificate Serial Number replaces Finding Identifier as the TLS/SSL Certificates finding identifier.
- October 2, 2023: Added new supported risk vectors to the Final Location field.
- May 16, 2023: Published.
Feedback
0 comments
Please sign in to leave a comment.