FractalScan Surface supports a number of notification options to help you manage your attack surface effectively. This guide will give you an overview of the options you have and some tips to help understand your results.
FractalScan Surface supports 3 types of email notifications:
There are changes in your scan results
A scan you have run has completed
A report you have generated is ready
Scan Changes notifications
Most people won’t have the time to study their attack surface scan results in great detail every day. FractalScan Surface allows you to set up notifications to be alerted to any changes to your scan that are important to you.
To help keep on top of your risks, you can set up notifications to receive an email when any new risks of a certain severity or above are detected. Similarly, if you’re actively trying to reduce your risks, you can use risk notifications to be alerted when risks of a given severity are no longer detected.
Particularly useful if you have a large attack surface that can be hard to keep on top of, you can also set up notifications to alert you to newly detected or no longer detected domains & IPs.
These settings for what types of changes you want to be alerted to are set in your organisation settings, meaning they are shared across all your scans.
In your user settings you can choose to opt out of change notifications altogether. Note, when Scan Change notifications are enabled, you will receive them for all scans you have access to in your organisation.
There are certain scenarios where FractalScan Surface may regularly raise change notifications against your attack surface. While these can cause repetitive notifications, there are valid reasons for this that should be investigated. Examples of what could be causing this are:
Use of CDNs or shared cloud hosting - If any of your infrastructure is hosted using cloud resources like CDNs, the cloud IP addresses and domains can regularly change and you may see this in the notified changes. You can use FractalScan Surface to hide risks associated with CDNs; see “Manage CDNs” in the sidebar.
Use of load balancers - load balancers can be used to spread the network and processing demands on your resources, and can mean that subsequent requests to access your websites are handled by different servers. If the servers behind the load balancers are not running the same versions of components, e.g. they are running different Apache web server versions, then FractalScan Surface may report different results from one scan to the next. You should ensure services are all updated to the same level in this situation.
Slow or unstable websites - if websites associated with the scanned domains are slow to respond, or using unstable resources, then the scan results may vary between scans. If a website responds quickly one day, but is unable to respond the next, then FractalScan Surface may not be able to find all the components previously found and highlight any changes in risks associated these components. This can often be the case with test or development domains which may not have enough resources allocated to them, or are hosting too many domains.
Scan Complete notifications
When you create a new scan, FractalScan Surface will start producing results that you can begin to explore straight away, and for most domains the scan will be complete in a few minutes. Some elements of your scan results, e.g. Actions, will only become available when your scan completes, so you can opt to receive email notifications when new scans you run are ready. This is particularly useful if you regularly run ad hoc scans.
These notifications are enabled by default, but if you’d prefer not to receive them, you can opt out in your user settings page. Note, when Scan Complete notifications are enabled, you only receive them for scans you create, not for other scans in your organisation created by someone else.
Report Ready notifications
When generating summary reports for a scan, they appear on screen for you to download within a few minutes. If you’d rather not wait, you can choose to receive an email when your report is ready.
This is a choice you can make each time you produce a new report. By default you’ll receive an email notification, but you can toggle it off when you generate a new report.