Introduction
May has been another busy month for the Hexiosec ASM team, with lots of new features and improvements being delivered.
This includes a new report type with more detail on your actions, risks and assets, and “Checks” showing you details of what Hexiosec ASM is checking for.
See what Hexiosec ASM is checking for
One of the reasons companies invest in attack surface management tools is to have peace of mind that their company is being monitored for vulnerabilities.
Hexiosec ASM’s new Checks widget gives you visibility of all the checks that are being carried out against your online assets each time a scan is run.
Against each check, any remediation actions your need to take are listed, helping to highlight the key areas of security you need to improve to reduce your risks. Related checks are grouped together, and the groups can be expanded to list all the checks included.
The expanded view of the checks has also been included in the summary report. This is particularly useful if you’re running scans on behalf of others (e.g. Managed Service Providers), as you can easily provide evidence of what the scan has checked for when sharing the results.
Risks and Actions report
Hexiosec ASM has a new Risks & Actions report type.
The report includes details of all the risks identified in your scan, and the actions that need to be taken to remediate these risks. In addition, it includes lists of all the domains & IP addresses identified by Hexiosec ASM, and the number of Critical, High, Medium and Low risks identified against each one.
This report comes in the form of an Excel spreadsheet, meaning you can format and filter the data in a way that suits you.
The risks & actions report is available to Premium plan users and above.
Manage the users in your organisation
You can now invite new users to your organisation and remove old users’ access, allowing you to get the most out of the user allocation in your Hexiosec plan.
Invitations can be sent to new users via the “invites” option in your organisation actions menu.
Simply enter the email addresses for the user(s) you wish to invite, and they will be sent an email inviting them to create a Hexiosec account and join your organisation.
Invites are valid for 7 days, but if your team member doesn’t accept the invite in this period you can simply send them a new invite.
If you create an invite by mistake, you can delete a pending invite.
You can also view your user allocation usage to see how many more user accounts you can create.
Once the user has accepted the invite, you will need to add them into the scan groups you wish for them to access.
If an individual has left your business and you want to revoke their access, you can do this using the “x” next to the user in the users menu.
Organisation members with admin or owner roles can create invites and remove users.
Delete seed domains/IPs from a scan
There are a few reasons you may wish to remove a seed domain or IP from a scan, for example:
- You made a typo or spelling mistake.
- You want to split up a scan to separate results for different business areas.
- You accidentally added a domain to the wrong scan.
- The company being scanned has changed the domain they operate under.
On the Scan Scope widget on the scan overview page, you can remove a seed from a scan. This will remove all data from the scan that relates back to that seed, and its history.
Note if you remove a seed, the given domain or IP could still be found by the scan if it relates back to a seed that is still present.
When a seed is deleted, all other history for the remaining scan scope will be retained.
Other improvements
- We’ve made it clearer what the DKIM checks are checking for and when DKIM risks might not be valid on a scan.
- When you choose to exclude IP risks from your results or mark a domain as a CDN, Hexiosec will no longer exclude any associated countries from your results.
- When you create a new scan group, you can now go directly to add users to it, making the process simpler and faster.
Coming soon
- Creating scans via the Hexiosec public API.
- Improved services and third-party component detection.