Introduction
The obvious big update from us this month is our rebrand, and the aligning of our product and service offerings under one brand, Hexiosec. But, that isn’t to say we haven’t been busy improving the application, now called Hexiosec ASM (Attack Surface Management).
Rebrand
Our CEO David has written a great blog on our rebrand, the reasons why and the tricky problem of trying to find a unique (and sensible) name. You can read his blog here.
If you are a Hexiosec ASM user, there is very little you need to do. Your user accounts and organisations remain unchanged and your scans are not impacted.
The new online location for the app is https://asm.hexiosec.com. If you use the old domain or follow an old link in your browser, you will simply be redirected to the new site and the same scans.
A couple of things you might want to check:
- If you are an API user: the redirects will still work, but if you are using a tool, e.g. curl, you should check that it will follow redirects.
- If you use a password manager: e.g. 1Password, you will need to update links:
- app.fractalscan.com -> asm.hexiosec.com
- auth.fractalscan.com -> auth.hexiosec.com
Other than that, carry on enjoying Hexiosec ASM.
Public API updates
Outside of the rebrand, we’ve added new public API data endpoints to the application, which provides you with access to risk data on the API, including the descriptions and remediations. And to compliment the risks endpoint, we’ve also updated the existing actions API endpoint.
New Risk data on the API
In line with our existing API scan data endpoints, we now provide two additional endpoints for risks:
- Get a count of risks for a scan: https://asm.hexiosec.com/api/ui#get-/v1/scan_data/-scan_id-/risks/count
- Get the risks for a scan: https://asm.hexiosec.com/api/ui#get-/v1/scan_data/-scan_id-/risks
Like our existing scan data endpoints, the risks endpoint supports pagination and filters, e.g. the specific risk ID.
The risks endpoint includes all the data you may need to process and understand risks outside of the app, including:
- descriptions and remediations
- if the risks have a known exploit
- the associated assets
- details on the severity of the risk
Full details are available in our API documentation.
Updated Action data on the API
We regularly receive positive feedback on our action descriptions and remediations. They help all users understand the technology and reasoning behind specific actions, as well as common steps to help fix them. We now include these descriptions and remediations on the actions API.
Due to the new risks endpoint above, we have deprecated the existing risk data available on the actions API endpoints, but… we’ve created a new endpoint to enable you to get all the risks associated with specific actions. This means that if you export our actions from the API, we’ve made it even easier to get the associated risks.
- Get the open risks for an action https://asm.hexiosec.com/api/ui#get-/v1/actions/-id-/risks
Coming soon
- Updated IP address data handling and protocol risks