Risk Category: Compromised Systems
- Compromised Systems Risk Category
- Compromised System Destination IP Disclosure Policy
- Botnet Infections Risk Vector
- Spam Propagation Risk Vector
- Malware Servers Risk Vector
- Unsolicited Communications Risk Vector
Risk Category: Diligence
- Diligence Risk Category
- SPF Domains Risk Vector
- DKIM Records Risk Vector
- TLS/SSL Certificates Risk Vector
- TLS/SSL Configurations Risk Vector
- Open Ports Risk Vector
Risk Category: User Behavior
Risk Category: Public Disclosures
Assets
Attribution Data
Classification Methods
- Risk Categories: Overview
- Finding Severity
- Vulnerability Classification
- Exposure Detection & Evidence Certainty
- Botnet Infections Finding Considerations
- Spam Propagation Finding Considerations
Collaboration & Connections
Control Insights Data
- Insights to Control Framework Mapping
- Insights to Control Framework Mapping: Browser Configurations
- Insights to Control Framework Mapping: Detected Services
- Insights to Control Framework Mapping: Device Management
- Insights to Control Framework Mapping: DNS Configurations
- Insights to Control Framework Mapping: Email Configurations
Delegated Security Controls
Findings
- What is a Finding?
- Finding Behavior
- Findings Search Fields
- Compromised System Findings
- Botnet Infection Findings
- Spam Propagation Findings
Finding Messages
- SPF Domains Finding Messages
- DKIM Records Finding Messages
- TLS/SSL Certificates Finding Messages
- TLS/SSL Configurations Finding Messages
- Open Port Finding Messages: Detected Services
- Open Port Finding Messages: Typical Services
Findings: Troubleshooting
- Do Parked Domains Generate DMARC Findings?
- How to Access OCR/HHS Breach Reports
- Lifetime and Offline Assets: Frequently Asked Questions
- Troubleshooting Insecure Systems Service: NetBios
- Why Do I Have a Bad DMARC Finding?
- Why Is My DKIM Grade a C When I Have No Findings?
Data Collection Methods
- Crawlers
- Requesting a New Vulnerability
- Compromised Systems Events Proven to be Originating from Testing Environments
- Threat Research Process
- Reporting a Public Disclosures Event
- Data Collection Methods Overview
Infrastructure Data
Network Map & Company Information
- Bitsight Inventory Status
- Company ID
- Company Mapping Scenarios
- Company Metadata
- Company Relationships
- Company Request Statuses
Rating Designations
Service Provider Details
- Fourth Party Business Functions
- Content Management System Products and Their Risks
- Customer Relationship Management Products and Their Risks
- Enterprise Products and Their Risks
- Finance Products and Their Risks
- Human Resources Products and Their Risks
Standards & Authorities
- Accepted Accounting Standards
- Certificate Authorities
- Cookie Assessment Exclusion
- Cross-Domain Subresource Integrity Exclusion
- Regional Internet Registries (RIR WHOIS)
- Supported Operating Systems
Vendor Risk Management & Trust Management Hub Data
- Artifacts
- Assessment Life Cycle Stages
- Data Residency
- Finding Criticality
- Instant Insights Data and Technologies
- Multi-Profiles
Vendor Information
Vulnerability Detection Data
Vulnerabilities & Infections
- Apache ActiveMQ Remote Code Execution [CVE-2023-46604]
- ArcaneDoor Vulnerabilities [CVE-2024-20353, CVE-2024-20359]
- Atlassian Confluence Data Center and Server Template Injection [CVE-2023-22527]
- Atlassian Confluence Data Center and Server [CVE-2023-22515]
- Barracuda Email Security Gateway [CVE-2023-2868]
- Cisco Adaptive Security Appliance (ASA) Software Brute Force [CVE-2023-20269]
Glossaries
- Diffie-Hellman Primes and Keys
- Forms of Attacks
- Glossary of Terms
- Glossary of Terms - File Sharing
- Glossary of Terms - Public Disclosures
- Glossary of Terms - Server Software