Probable Infrastructure Evidence Ingrid The evidence in the Probable Infrastructure requests log provides supporting data and crucial context explaining why the asset is linked to the selected entity and why it is suggested as probable infrastructure. Use this to make informed decisions about asset ownership. The evidence data includes: Summarized Relationships Step-by-Step Relationship How to Interpret Evidence Use the summarized relationships to get a quick overview of how the asset is linked to your organization. Dive into the step-by-step relationships to verify the data and validate against your internal records. Pay attention to the last seen date to check the relevance and ensure the data is current. Consider the record type (e.g., DNS or certificate) to assess the data sources and understand the strength of the evidence. Summarized Relationships The Evidence field contains a series of summarized relationships between assets. Each summary indicates a potential connection, such as: Redirects DNS mappings Certificates Web page associations Examples: cpe.bu.edu to professional.bu.edu suggests a redirect observed between two assets. xmail.bu.edu to newmail.bu.edu indicates DNS mappings leading to asset association. Step-by-Step Relationship Relationships based on certificates or DNS mappings typically have stronger links than web page associations or redirects, which may require further internal investigation to confirm. This detailed explanation allows users to assess the evidence effectively, ensuring they can confidently validate suggestions and enhance their attack surface management. For each summary, detailed steps explain how the connection was inferred. These steps include the following information: From The starting asset or domain in the relationship. Relation The type of connection or linkage (e.g., redirects to, has canonical name, maps to). To The resulting asset or domain in the relationship. Record The observed data source for the relationship (e.g., DNS, certificate, redirect, web page). Last Seen The most recent date this relationship was observed, ensuring users can evaluate its relevance. Example Breakdown: Summary: cpe.bu.edu to professional.bu.edu Steps: From = cpe.bu.edu Relation = redirected from To = professional.bu.edu Record = REDIRECT Last Seen = 2024-09-13 This means that based on a recorded redirect, cpe.bu.edu was observed redirecting traffic to professional.bu.edu as of September 13, 2024. December 13, 2024: Published. Related articles Attack Surface: Probable Infrastructure Probable Infrastructure Request Statuses GET: Web Application Headers Finding Details Probable Infrastructure Request Errors Remediation Verification: DKIM Records Feedback 0 comments Please sign in to leave a comment.