September 2022 ASM Releases

API Functionality and Documentation Updates - September 15, 2022

The expanded ASM V1 API delivers more control over Projects, Collections, and Seeds. Take advantage of the new functionality; visit the API Documentation for more information. 

Projects:

• Add, view, and delete 

Collections:

• Add, refresh, and delete
• View associated integrations and history 
• Archive and unarchive 

Seeds:

• Add, view, and remove 

Issues:

• Set status 

Integrations: 

• Add integrations 
• Associate integrations to Collections

Searching for Answers - Where's the Tech? - September 8, 2022

Use the search function on the Entities page to answer questions about the breadth of technology used across the attack surface. 

1. Which entities rely on plugins, servers and frameworks?

   Use the Technology Label to identify categories of technology identified around the ecosystem. Examples:

   • Web Servers - copy & paste technology_labels:web_server
   • Web Frameworks - copy & paste technology_labels:web_framework
   • Websites - copy & paste technology_labels:website
   • Cache - copy & paste technology_labels:cache
   • Wordpress Plugins - copy & paste technology_labels:wordpress_plugin
   • Login Panels - copy & paste technology_labels:login_panel
2. What is the impact of _________ application or service?

   Use the technology:vendor query in the Entities search bar to identify the entities with a specific application or service. Examples:

   • Apache - copy & paste technology:apache 
   • Nginx - copy & paste technology:nginx
   • Cloudflare - copy & paste technology:cloudflare
   • Heroku - copy & paste technology:heroku
   • Drupal - copy & paste technology:drupal

Visit the Technology Library for the full list of vendors, labels, and more. 

Searching for Answers - Meta Pixel Edition - September 1, 2022

A fingerprint for the Meta Pixel has been added to the Technologies Library to help customers identify if and where the pixel is used to track website visitor behavior or collect data. The fingerprint allows Attack Surface Management to determine when website pages have the pixel statically embedded. Currently, only the top-level URL or landing page is tested for the existence of this technology. 

The default setup for the Meta Pixel collects user IP addresses, referring URLs, page views, button clicks, field names on forms, and more. Enabling Advanced Match or altering the default settings expands the data collection scope, increasing the risk of inadvertently sharing PII or PHI, in the case of healthcare organizations, with Meta. 

Recommendation: Identify where the Meta Pixel is embedded, assess the classification of data collected, and restrict the pixel deployment to must-have website pages. 

Use the search function on the Entities and Technologies pages to identify where a Meta Pixel is used around the attack surface. Currently, no Issue will be created. 

Which Entities have the Meta Pixel?

• Check out which Entities have the Meta Pixel.  Or, 
• Copy & paste technology:Meta in the Entities search bar. 

Does our organization use the Meta Pixel anywhere?

• Find the pixel on the Technologies page.  Or,
• Copy & paste vendor:Meta in the Technologies search bar.