After user clicks Get Started, Internet-Facing Assets collects domains for discovery based on analyzing IAM logs (like AAD) and Trend Vision One log in information. It then performs a secondary verification check to ensure that the domains collected are indeed associated with your company. There will be delays performing secondary verification. This may cause inconsistency between domain list initially displayed in the beginning and the domain list actually discovered in the end. You may need to wait and check again.

Internet Facing Asset list displays domains with actual monitoring data. Review Status list contains all domains added manually via "Add Domain / Subdomain" function. If an added domain's status is "Processing", it means that it is still under review and will not present in Internet-Facing Assets list. Please wait until the review process is completed.
If you encounter an error message saying that the domain already exists while adding a domain to the internet-facing assets, kindly verify the domain's presence on the Review Status page.

The IP address 0.0.0.0 does not exist actually. It is a mockup data for root domain due to Trend Vision One not finding IP related to this root domain. In order to classify sub domains into root domain group, IP "0.0.0.0" is automatically created.

You could add 207.90.244.0/24 to your firewall allow list. Most of our scanners are in this IP CIDR.

Internet-facing asset data, including new or removed hosts and public IP addresses, is updated typically within a week — at most within 9 days. Scans occur on a weekly basis.

Risk index will not check these kinds of exceptions. If you do not want to see any risk events of this domain and do not want this domain to be included in the calculation of risk index, follow these steps:

1. Go to Attack Surface Discovery app.
2. Click Internet-Facing Assets.
3. Check the domain you want to exclude.
4. Click Remove.

This feature has not be implemented yet in the user interface, please contact Trend Micro Technical Support to perform this action from backend.

As our lifecycle management , it may take more than 48 hours to discover new domains, so please wait sometime to verify it again.

Internet-Facing Asset Discovery uses a third-party service to fetch data about domains and IP addresses. Any changes made to your domain, like changing the SSL Certificate can take upto 7 days to reflect to the 3rd party Service, making the UI take upto 10 days to update.

In Addition, Sometimes data from the 3rd Party Tool mismatches while other information is from other sources so Internet-Facing Asset Discovery discards them.

Resolution: Wait 10 days for third-party service to report updated data, else file a support case for further investigation if the 10 day waiting period is elapsed.

Internet-Facing Asset Discovery will only process domains which have a public IP address (IPv4 or IPv6) with at least 1 open port. Hence, it is required that the asset is scannable by the Internet.

The Reason that domains that do not belong to the customers are visible in the UI, is possible because the customer uses a CDN. CDNs and some hostings like Azure and AWS, use a shared IP address pool. During domain discovery which can lead to us receiving data about domains which do not belong to the customer.

Resolution: The customer can remove the domains which do not belong to them from the UI, which would make sure that the removed domains are not added to the UI even if data is received from the 3rd Party tool about the domain.

If the 3rd-party tool used is unable to discover a specific domain even after 7 days, Please Verify the asset firewall allows nmap scan from the IP range (207.90.244.0/24).

Resolution: Please file support Case for further investigation.

There are can be 3 reasons to make an asset score to be 0:

• They are safe. If an asset has no risk, the score will be 0.0, and it shows Services, Ports, Certificate information correctly
• They show CDN tag, which means they are hosted in CDN server. Internet-Facing Asset Discovery/Trust Engine donot calculate the assets with CDN tag
• Some data from our 3rd-party tool mismatches with information from other sources (like, WhoIS and/or Virus Total), Inconsistent data is discarded by Internet-Facing Asset Discovery, to maintain high reliability and accuracy.

On Demand Scan is the Internet-Facing Asset Discovery Functionality that used Drone (Trend Micro's inhouse scanner) to run scan for a specific domain. To Run an On Demand Scan, you need to setup a Service Gateway with Network Vulnerability Scanner module to be able to run an On Demand Scan

Internet-Facing Asset Discovery displays hostnames and IP addresses, with scanning data from a 3rd party tool, Due to internet conditions or some other limitations, some assets cannot be scanned and no data is received. If no data is received for the domain from the 3rd party tool in the past 24 Hours, the Domain is removed from the UI. Once the 3rd party tool sends the data about the domain, the domain will reappear on the UI.

Resolution: Wait for the 3rd-party tool to report data about the domain.

No, at this time the domain needs to be visible on the UI for the customer to be able to run an On-demand scan.

The risk score for a domain is a combination of the risk indicators for the domain and its related IP addresses. In cases where the domain itself doesn't have a risk indicator but its IP addresses do, the domain profile screen will show an elevated risk score with no risk indicators