White shape | Hexiosec Logo

New ASM Features and Improvements | September 2024

Tim Cowell
14 October 2024
|
3 min Read
|
Tim Cowell

Introduction

The obvious big update from us this month is our rebrand, and the aligning of our product and service offerings under one brand, Hexiosec. But, that isn’t to say we haven’t been busy improving the application, now called Hexiosec ASM (Attack Surface Management).

Rebrand

Our CEO David has written a great blog on our rebrand, the reasons why and the tricky problem of trying to find a unique (and sensible) name. You can read his blog here.

If you are a Hexiosec ASM user, there is very little you need to do. Your user accounts and organisations remain unchanged and your scans are not impacted.

Image showing the new Hexiosec ASM branding

The new online location for the app is https://asm.hexiosec.com. If you use the old domain or follow an old link in your browser, you will simply be redirected to the new site and the same scans.

A couple of things you might want to check:

  • If you are an API user: the redirects will still work, but if you are using a tool, e.g. curl, you should check that it will follow redirects.
  • If you use a password manager: e.g. 1Password, you will need to update links:
    • app.fractalscan.com -> asm.hexiosec.com
    • auth.fractalscan.com -> auth.hexiosec.com

Other than that, carry on enjoying Hexiosec ASM.

Public API updates

Outside of the rebrand, we’ve added new public API data endpoints to the application, which provides you with access to risk data on the API, including the descriptions and remediations. And to compliment the risks endpoint, we’ve also updated the existing actions API endpoint.

Image of the API docs page with new risk and action endpoints

New Risk data on the API

In line with our existing API scan data endpoints, we now provide two additional endpoints for risks:

Like our existing scan data endpoints, the risks endpoint supports pagination and filters, e.g. the specific risk ID.

The risks endpoint includes all the data you may need to process and understand risks outside of the app, including:

  • descriptions and remediations
  • if the risks have a known exploit
  • the associated assets
  • details on the severity of the risk

Image showing the text schema for the new risks endpoint

Full details are available in our API documentation.

Updated Action data on the API

We regularly receive positive feedback on our action descriptions and remediations. They help all users understand the technology and reasoning behind specific actions, as well as common steps to help fix them. We now include these descriptions and remediations on the actions API.

Image showing the text schema for the updated actions endpoint

Due to the new risks endpoint above, we have deprecated the existing risk data available on the actions API endpoints, but… we’ve created a new endpoint to enable you to get all the risks associated with specific actions. This means that if you export our actions from the API, we’ve made it even easier to get the associated risks.

Image showing the text schema for the new risks by action endpoint

Coming soon

  • Updated IP address data handling and protocol risks
About Tim Cowell
Tim is an experienced software engineer, who has worked across the Defence, Government and Commercial sectors for the past 21 years. After leading a diverse range of projects Tim has a strong background in Cyber Security, software engineering, research and development practices.
Tim Cowell