Attack Surface Data

Attack Surface Data Collection

The Attack Surface engine relies on a very large graph representing internet-facing assets and their known connections.

Assets are added as nodes into the graph and is continuously running scans to analyze these nodes for correlations, like enumerate subdomains, brute-force iterations, resolve the IP addresses of different record types, collect Whois data, extract BGP AS numbers, or crawl web apps.

The collected data create of elaborate nodes and edges that help find links and correlations between assets.

Attack Surface Data Updates

To ensure the collected data collected is accurate, up-to-date, and complete, Ostorlab implements bucket-ization of assets into generations. Each generation represents a set of properties to detect changes.

This approach allows for efficient accurate and timely detection of asset change.