New Features and Improvements - September 2023

Tim Cowell
2 October 2023
|
3 min Read
|
Tim Cowell
Create free account

Contents

Introduction

With many of the team coming back from summer holidays this month, we’ve been pushing forward with new features to improve your FractalScan Surface experience.

Discovery data from the public API - Domains

The FractalScan public API already provides you with the ability to create and manage scans, manage your organisation’s groups and obtain the details of action’s and their risks.

As a first update to start providing discovery data over the API, you can now use the public API to get in-scope Domains (and linked information) from a scan. This will allow you to extract discovery data from FractalScan Surface for integration with your own systems or 3rd party applications.

The data provided by the domains endpoints are similar (but broader) to the detail provided by the domains page in the application, and the data available in the CSV export.

There are two new endpoints in the API:

An endpoint for getting the count of domains.

domain count API screen

An endpoint for getting the domains and their details

domain detail API screen

The full details of the data provided by the domains endpoints can be found on our public API documentation page, but can be summarised as:

  • Domain name

  • DNS destinations: IP or alias domains

  • Hosted services and TLS certificates

  • Hosting: ASNs, cloud regions, entities

  • Other characteristics: seeds, name servers, created and updated date-times

The domains endpoint supports pagination, providing you with control over how you read and process the data. For more details on how to use pagination, see our paginating API requests user guide.

See ‘Coming Soon’ for details on other discovery endpoints we are working on.

Modification of your customer scan schedules

If you currently have access to third-party monitoring scans, these scans will run on an agreed schedule which is typically daily or weekly. To support our users who would like more control over the rate of third-party monitoring scans we have added additional scan schedule configuration.

If you have this feature enabled, when you now create a third-party monitoring scan you can choose the rate at which the scan is run, such as:

  • Daily

  • Weekly

  • Monthly

  • Quarterly

create scan scheduling

If your arrangement with a customer changes you can edit the schedule, and change the rate at which the scan runs. e.g. moving the scan from weekly to daily.

If you would are interested in being able to use this feature, please get in touch.

Contact us

Teasing functionality

Depending on which FractalScan Surface tier you are currently using, you may have noticed the addition of some feature hints within the application. We’ve added these hints to tease functionality you may be missing out on, but would benefit from.

You will see these hints on pages within the application and on more specific functionality, such as buttons.

in-app feature teasing functionality

If you are interested in gaining access to any additional functionality in the application, get in touch using the button below.

Contact us

Update to Risks and Actions Report

We’ve made an update to the Risks and Actions report to help users understand the impact of vulnerable components, by listing the source domains and IPs of those components.

On the ‘Risks’ tab of the XLSX report we have included a ‘Sources’ column which lists the one or more domains or IPs impacted by vulnerable components.

source column risk csv export

The is the same information you can obtain from the provenance view on the explore page for a component.

Coming soon

  • Following the domains endpoint (see above), more discovery data over the public API

    • IPs

    • Web Presence

    • Out-of-Scope Domains

  • Improved support for using the application from a mobile browser.

About Tim Cowell
Tim is an experienced software engineer, who has worked across the Defence, Government and Commercial sectors for the past 21 years. After leading a diverse range of projects Tim has a strong background in Cyber Security, software engineering, research and development practices.
Tim Cowell

REVIEWS

What our customers think

Haas Automation Logo

Ken Shannon

Haas Automation

"FractalScan Surface is an impressive tool that we use to monitor our external cyber risks and those of our dealers worldwide. We've even used it to perform due diligence security checks on third-party suppliers. I appreciate the easy-to-understand summary views, and my team likes that the daily scans automatically reflect their ongoing risk mitigation efforts. I'd really encourage other companies to use this tool and start tracking their cyber risks."

View The Space

Robin Craib

VTS

"FractalScan's capability to mark domains hosted on shared cloud services gives us the ability to remove risks associated with IP addresses which are not part of our infrastructure, allowing us to focus our resources. The consultancy we've had from the professional services team at Red Maple Technologies confirms the credibility and background of the team building FractalScan. I'm excited to see what's coming next for FractalScan."

Formula 1

CIO

Formula 1

"FractalScan Surface has been great for discovering our online-visible assets and exposures, allowing us to make some immediate improvements to reduce our cyber risk." Daily scanning enables us to keep on top of our external attack surface, which is particularly important to us since we have complex digital content output. FractalScan gives us the view on our data we didn't have."

Capterra Logo

Andy K.

Financial Services

"Simplicity - give it a domain and it will find out what it can about subdomains, related domains and any issues it identifies with them. We may not be privy to sites or subdomains other parts of the business may implement. FractalScan gives us a discovery tool to identify previously unknown public infrastructure, we can reduce our external attack surface by identifying and resolving issues and getting "old" public infrastructure decommissioned."

Capterra Logo

Tim N.

Information Technology and Services

"What I appreciate the most about FractalScan is the level of accuracy this platform provides while maintaining a passive approach to data collection. As someone who works in technical sales and consulting, I have a lot of clients working with products in this space. The common problem is the overwhelming amount of results and the operational overhead required to make those results actionable. FractalScan's unique solution provides results that are immediately accurate and actionable."

Capterra Logo

Jason C.

Financial Services

"FractalScan Surface provides a compact and concise overview of vulnerabilities that have been identified on our assets. It is important for teams to be able to understand the issue, prioritise remediation activities and focus on removing vulnerabilities from our estate....this tool enables all of this and has proven to find vulnerabilities that other tools do not."

Capterra Logo

Jack S.

Information Technology and Services

"FractalScan Surface delivers an exceptional experience, principally by enhancing our understanding of customers' digital assets. The platform's intuitive interface facilitates a user-friendly experience that our team appreciates. This, in turn, allows us to proactively identify vulnerabilities and address them before they escalate. We've found the platform to be markedly superior to its market counterparts in terms of capability and efficiency. Integration into our existing business processes was seamless, minimising any potential operational interruptions."