Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Probable Infrastructure Evidence

Ingrid

The evidence in the Probable Infrastructure requests log provides supporting data and crucial context explaining why the asset is linked to the selected entity and why it is suggested as probable infrastructure. Use this to make informed decisions about asset ownership.

The evidence data includes:

How to Interpret Evidence

  1. Use the summarized relationships to get a quick overview of how the asset is linked to your organization.
  2. Dive into the step-by-step relationships to verify the data and validate against your internal records.
    • Pay attention to the last seen date to check the relevance and ensure the data is current.
    • Consider the record type (e.g., DNS or certificate) to assess the data sources and understand the strength of the evidence.

Summarized Relationships

The Evidence field contains a series of summarized relationships between assets. Each summary indicates a potential connection, such as:

  • Redirects
  • DNS mappings
  • Certificates
  • Web page associations

Examples:

  • cpe.bu.edu to professional.bu.edu suggests a redirect observed between two assets.
  • xmail.bu.edu to newmail.bu.edu indicates DNS mappings leading to asset association.

Step-by-Step Relationship

Relationships based on certificates or DNS mappings typically have stronger links than web page associations or redirects, which may require further internal investigation to confirm. This detailed explanation allows users to assess the evidence effectively, ensuring they can confidently validate suggestions and enhance their attack surface management.

For each summary, detailed steps explain how the connection was inferred. These steps include the following information:

From
The starting asset or domain in the relationship.
Relation
The type of connection or linkage (e.g., redirects to, has canonical name, maps to).
To
The resulting asset or domain in the relationship.
Record
The observed data source for the relationship (e.g., DNS, certificate, redirect, web page).
Last Seen
The most recent date this relationship was observed, ensuring users can evaluate its relevance.

Example Breakdown:

Summary: cpe.bu.edu to professional.bu.edu

Steps:

  • From = cpe.bu.edu
  • Relation = redirected from
  • To = professional.bu.edu
  • Record = REDIRECT
  • Last Seen = 2024-09-13

This means that based on a recorded redirect, cpe.bu.edu was observed redirecting traffic to professional.bu.edu as of September 13, 2024.

  • December 13, 2024: Published.
Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Feedback

0 comments

Please sign in to leave a comment.