Views:
  • Why does Internet-Facing Assets discover domains that do not belong to company domain after clicking "Get Started"?

    After user clicks Get Started, Internet-Facing Assets collects domains for discovery based on analyzing IAM logs (like AAD) and Trend Vision One log in information. It then performs a secondary verification check to ensure that the domains collected are indeed associated with your company. There will be delays performing secondary verification. This may cause inconsistency between domain list initially displayed in the beginning and the domain list actually discovered in the end. You may need to wait and check again.

  • What is the difference between domains under Internet-Facing Assets and the inside of Review Status?

    Internet Facing Asset list displays domains with actual monitoring data. Review Status list contains all domains added manually via "Add Domain / Subdomain" function. If an added domain's status is "Processing", it means that it is still under review and will not present in Internet-Facing Assets list. Please wait until the review process is completed.
    If you encounter an error message saying that the domain already exists while adding a domain to the internet-facing assets, kindly verify the domain's presence on the Review Status page.

  • Why does Domain public IP show "0.0.0.0" in Internet-Facing Assets?

    The IP address 0.0.0.0 does not exist actually. It is a mockup data for root domain due to Trend Vision One not finding IP related to this root domain. In order to classify sub domains into root domain group, IP "0.0.0.0" is automatically created.

  • How do you avoid Internet-Facing Assets scanner IP being blocked by firewall?

    You could add 207.90.244.0/24 to your firewall allow list. Most of our scanners are in this IP CIDR.

  • What is the frequency of Internet-Facing Assets data update? What is the scanning interval?

    Internet-facing asset data, including new or removed hosts and public IP addresses, is updated typically within a week — at most within 9 days. Scans occur on a weekly basis.

  • Will adding domains to exception list under Suspicious Object Management app reduce risk index?

    Risk index will not check these kinds of exceptions. If you do not want to see any risk events of this domain and do not want this domain to be included in the calculation of risk index, follow these steps:

    1. Go to Attack Surface Discovery app.
    2. Click Internet-Facing Assets.
    3. Check the domain you want to exclude.
    4. Click Remove.
  • How can you add domains in batches?

    This feature has not be implemented yet in the user interface, please contact Trend Micro Technical Support to perform this action from backend.

  • The customer added multiple domains to the Internet-Facing Assets, but some domains did not show after it was "Approved and added".

    As our lifecycle management , it may take more than 48 hours to discover new domains, so please wait sometime to verify it again.

  • Why isn't my Domain Visible on the UI?

    Internet-Facing Asset Discovery uses a third-party service to fetch data about domains and IP addresses. Any changes made to your domain, like changing the SSL Certificate can take upto 7 days to reflect to the 3rd party Service, making the UI take upto 10 days to update.

    In Addition, Sometimes data from the 3rd Party Tool mismatches while other information is from other sources so Internet-Facing Asset Discovery discards them.

    Resolution: Wait 10 days for third-party service to report updated data, else file a support case for further investigation if the 10 day waiting period is elapsed.

  • How should I configure my domain so it shows up on the UI?

    Internet-Facing Asset Discovery will only process domains which have a public IP address (IPv4 or IPv6) with at least 1 open port. Hence, it is required that the asset is scannable by the Internet.

  • Why Do I see domains that do not belong to me in the UI?

    The Reason that domains that do not belong to the customers are visible in the UI, is possible because the customer uses a CDN. CDNs and some hostings like Azure and AWS, use a shared IP address pool. During domain discovery which can lead to us receiving data about domains which do not belong to the customer.

    Resolution: The customer can remove the domains which do not belong to them from the UI, which would make sure that the removed domains are not added to the UI even if data is received from the 3rd Party tool about the domain.

  • My Domain is not visible on the UI even after 7 days window has passed. What can I do?

    If the 3rd-party tool used is unable to discover a specific domain even after 7 days, Please Verify the asset firewall allows nmap scan from the IP range (207.90.244.0/24).

    Resolution: Please file support Case for further investigation.

  • Why is the Risk Score for my Asset 0.0?

    There are can be 3 reasons to make an asset score to be 0:

    • They are safe. If an asset has no risk, the score will be 0.0, and it shows Services, Ports, Certificate information correctly
    • They show CDN tag, which means they are hosted in CDN server. Internet-Facing Asset Discovery/Trust Engine donot calculate the assets with CDN tag
    • Some data from our 3rd-party tool mismatches with information from other sources (like, WhoIS and/or Virus Total), Inconsistent data is discarded by Internet-Facing Asset Discovery, to maintain high reliability and accuracy.
  • What is Internet-Facing Asset Discovery On-demand Scan? How can I run an On-demand Scan for my Domain?

    On Demand Scan is the Internet-Facing Asset Discovery Functionality that used Drone (Trend Micro's inhouse scanner) to run scan for a specific domain. To Run an On Demand Scan, you need to setup a Service Gateway with Network Vulnerability Scanner module to be able to run an On Demand Scan

  • Why did my domain disappear from the UI?

    Internet-Facing Asset Discovery displays hostnames and IP addresses, with scanning data from a 3rd party tool, Due to internet conditions or some other limitations, some assets cannot be scanned and no data is received. If no data is received for the domain from the 3rd party tool in the past 24 Hours, the Domain is removed from the UI. Once the 3rd party tool sends the data about the domain, the domain will reappear on the UI.

    Resolution: Wait for the 3rd-party tool to report data about the domain.

  • Can I run an On Demand Scan on a domain that isn't visible on the UI?

    No, at this time the domain needs to be visible on the UI for the customer to be able to run an On-demand scan.

  • Domain has a risk score but shows "No data to display"

    The risk score for a domain is a combination of the risk indicators for the domain and its related IP addresses. In cases where the domain itself doesn't have a risk indicator but its IP addresses do, the domain profile screen will show an elevated risk score with no risk indicators