Configuration of your assets
When starting out with Patrowl, you will provide the information you have on your internet exposition. It can be technical assets or general information regarding your company (see lists below).
Technical assets supported by Patrowl are:
IPv4 address ;
IPv4 sub-network ;
DNS zone ;
Domain name ;
Sub-domain name ;
Every type of DNS recording (MX, SPF, DMARC, NS...) ;
Full domain name of host name (FQDN / hostname) ;
URL ;
Technologies.
General information supported by Patrowl are:
Company name ;
Brand name / entities / subsidiaries ;
Products name ;
Project names.
Also, you can manually configure your assets by API REST endpoints. API documentation is also available on https://developer.patrowl.io
It is also possible to import assets in bulk via CSV file:
Asset Discovery
This step aims to rediscover all your exposed assets online mainly in order to detect Shadow IT but also phishing websites, counterfeit site, ...
New discovered assets are prequalified to have a first level of trust regarding their origins. Patrowl also includes an External Attack Surface Management (EASM) module which informs you continuously on :
Open TCP/UDP ports ;
Exposed services ;
Certificates ; ...
Active detection or offensive surveillance
For every asset present in Patrowl, it is possible to enable "active" detection by selecting the asset then clicking on the button Not pentested.
Following this action, the asset will be pentested with continuous checks in order to detect :
Known vulnerabilities (CVE, CNNVD, etc.) ;
Unknown vulnerabilities (found through Patrowl's search engines) ;
Configuration errors ;
Authorization defaults.
This will allow you to benefit from a qualification of vulnerabilities or configuration error, ensuring zero false positive as well as a detailed remediation plan for each vulnerability.
You will also be able to follow your remediations and retests allowing you to confirm their correction by clicking on the vulnerability.