Attribution identifies findings and assets, and then the names and/or the email addresses in the record are matched with and assigned to a legal entity.
Presentation
Attribution Method
Various data sources (e.g., regional internet registries, WHOIS records, etc.) are used to create an entity map to attribute assets to the organization. This is done and maintained using the following processes:
- Collection: Custom tooling is used to search and identify email addresses in RIR databases that match domains curated for the organization.
- Curation: Human curators validate the collected assets. Curation is critical to assure accurate attribution of assets.
- Automation: After the initial mapping, automation tools continuously analyze asset evidence. Assets are automatically added to and removed from organizations based on definitive evidence. If the evidence gathered during collection is removed from an RIR record, the CIDR block is end-dated from the organization’s assets and new findings will no longer be associated with the organization.
Attribution Examples
Domain
Policy: A domain implies that the organization is responsible for all subdomains and hostnames.
Application: The acme.com
domain is responsible for the following subdomains:
photo.acme.com
online.acme.com
mail.acme.com
CIDR Block Attribution Example
Policy: A CIDR block indicates responsibility for the IP addresses contained in the CIDR block.
Application: The 203.0.113.0/23
IP block is attributed to Bitsight Technologies that could potentially be visible today, but only a subset of the 512 potential IP addresses from that block might appear as assets tomorrow due to daily recalculations.
- December 12, 2024: Published.
Feedback
0 comments
Please sign in to leave a comment.