- Why does Internet facing assets discover domains that do not belong to company domain after clicking "Get Started"?
After user clicks Get Started, Internet Facing Assets collects domains for discovery based on analyzing IAM logs (like AAD) and Trend Vision One log in information. It then performs a secondary verification check to ensure that the domains collected are indeed associated with your company. There will be delays performing secondary verification. This may cause inconsistency between domain list initially displayed in the beginning and the domain list actually discovered in the end. You may need to wait and check again.
- What is the difference between domains under Internet Facing Assets and the inside of Review Status?
Internet Facing Asset list displays domains with actual monitoring data. Review Status list contains all domains added manually via "Add Domain / Subdomain" function. If an added domain's status is "Processing", it means that it is still under review and will not present in Internet Facing Assets list. Please wait until the review process is completed.
If you encounter an error message saying that the domain already exists while adding a domain to the internet-facing assets, kindly verify the domain's presence on the Review Status page. - Why does Domain public IP show "0.0.0.0" in Internet Facing Assets?
The IP address 0.0.0.0 does not exist actually. It is a mockup data for root domain due to Trend Vision One not finding IP related to this root domain. In order to classify sub domains into root domain group, IP "0.0.0.0" is automatically created.
- How do you avoid Internet Facing Assets scanner IP being blocked by firewall?
You could add 207.90.244.0/24 to your firewall allow list. Most of our scanners are in this IP CIDR.
- What is the frequency of Internet Facing Assets data update? What is the scanning interval?
Internet-facing asset data, including new or removed hosts and public IP addresses, is updated typically within a week — at most within 9 days. Scans occur on a weekly basis.
- Will adding domains to exception list under Suspicious Object Management app reduce risk index?
Risk index will not check these kinds of exceptions. If you do not want to see any risk events of this domain and do not want this domain to be included in the calculation of risk index, follow these steps:
- Go to Attack Surface Discovery app.
- Click Internet-Facing Assets.
- Check the domain you want to exclude.
- Click remove.
- How can you add domains in batches?
This feature has not be implemented yet in the user interface, please contact Trend Micro Technical Support to perform this action from backend.
- The customer added multiple domains to the Internet Facing Assets, but some domains did not show after it was "Approved and added".
As our lifecycle management , it may take more than 48 hours to discover new domains, so please wait sometime to verify it again.