Glossary | Docs

2FA

Two Factor Authentication.

An extra layer of protection used to ensure the security of online accounts beyond just a username and password.

AEDA

Advanced Environment Drift Analysis

AI

Artificial Intelligence

AMP

Advanced Malware Protection

API

Application Programming Interface

Attack Surface Management Discovery Engine

Also referred to as “ASM Engine” or “Discovery Engine.” An internet scanner for data collection and vulnerability identification. The Discovery Engine contains the necessary code to perform its tasks in recursive fashion.

Attack Surface Management Module

Also referred to as “Hosted Service” or “Hosted Platform.” A service that schedules scans, provides a queue of scan jobs, and processes Attack Surface Management Discovery Engine results to aggregate and visualize data for customers.

BRT

Behavior Research Team

Updated to Validation Research Team (VRT), November 2023.

CDN

Content Delivery Network

CE

Customer Engineer, a member of the Customer Engagement Team, generally pre-sales.

Collection

A group of items.

In ASM, a Collection is the scope of asset discovery and ultimately the inventory of Entities, Issues, and Technologies.

All Entities, Issues, and Technologies live within only one Collection (and its corresponding Project).

CPE

Common Platform Enumeration, which is a structured naming scheme for information technology systems, software, and packages. It is used to identify vulnerable products in MATI Vulnerability records.

CSM

Customer Success Manager

CVE

Common Vulnerabilities and Exposures.

In ASM, CVEs are referred to as inferred vulnerabilities.

DLP

Data Loss Prevention Systems

DNS

Domain Name System

Duet AI

Duet AI in Google Cloud is a generative AI-powered collaboration product that provides assistance to all types of Google Cloud users.

Entity

Something that has separate and distinct existence.

In ASM, an Entity is an external asset belonging to the target organization.

In DTM, an entity is a substring that is automatically extracted from a document. There are over 40 different types of entities, and they can be used as filter conditions within DTM Monitors.

ESM

McAfee Enterprise Security Manager / Nitro

Event Time Adjustment

This definition applies to MSV and MA-SV only.

A field in MSV and MA-SV used by integrations. When entering values in this field, it adjusts the time of the events, in seconds, as they are pulled in. A negative value subtracts time from the event time while a positive value adds time to the event time.

FQDN

Fully Qualified Domain Name

FTP

File Transfer Protocol

Group

An assemblage of objects regarded as a unit.

In ASM, a Group is a Role Based Access Control (RBAC) that enables user segmentation and access to specific Projects and Collections.

ICMP

Internet Control Message Protocol

IDS

Intrusion Detection System

Inferred CVE

A CVE vulnerability that is found via version inference only.

Insights

A deep understanding of a person or thing.

In ASM, Insights is a reporting dashboard that displays reports upon the completion of each Collection scan.

IP

Internet Protocol (address)

IPS

Intrusion Prevention System

Issue

A topic or problem.

In ASM, an Issue is a finding on an external asset that warrants further investigation. An Issue can be a vulnerability, misconfiguration, data leak, or exposure.

Library

An organized collection or group of materials.

In ASM, the Library is a repository of definitions for Issues, Technologies, and Discovery Tasks.
https://asm.advantage.mandiant.com/library

In MSV and MA-SV, Library can refer to either the Content Library or the File Library, depending on the context. The Content Library is the collection of Actions, Evaluations, and Sequences that are available from the Library menu. The File Library is a collection of files that you can use to create custom security content (for example, file transfer-related Actions). These files can only be viewed from within the File Library, not downloaded.

Malicious File

A file that is designed to damage systems or have behaviors that can harm a system/network.

In MSV and MA-SV, a file that is not trusted or controlled by Security Validation analysts. Examples include malware, ransomware, trojans, and other file types that are used in a hostile manner. A malicious file can only be included in:

Protected Theater Actions
Email Theater Actions
Malicious File Transfer Actions
They can only be viewed in the File library, not downloaded.

MDC

Managed Defense Consultant

Named Entity Recognition

(NER) A data science technique used to extract named entities from natural language.

Non-Malicious File

A file that does not damage a system.

In MSV and MA-SV, a file for which the behavior is understood and/or controlled by Security Validation analysts. Examples include spreadsheets with PII info, Offensive Security Tools (OST) such as NMAP, SQLMap, Mimikatz (when compiled by Mandiant analysts), and others.

NTP

Network Time Protocol

PAN

Palo Alto Networks

PCI

Payment Card Industry

PII

Personally Identifiable Information

Project

A specific plan or design.

In ASM, a Project is a mechanism for customers to control how inventory is segmented, who has access, and how it’s used across the organization.

In Google Cloud, a cloud project forms the basis for creating, enabling, and using all Google Cloud services, including managing APIs, enabling billing, adding and removing collaborators, and managing permissions.

RPM

RedHat Package Manager

RST

Reset request

SDS

Signature Distribution Service

Seed

A source of development or growth.

In ASM, a Seed is an Entity used to start a data collection run. ASM takes each Seed as a starting point and recursively analyzes all other Entities that are related or touched upon by that Seed. Each Entity that is encountered is added to the Collection.

SEP

Symantec Endpoint Protection

SID

Signature ID

SIEM

Security Information and Event Management system

SIP

Security Instrumentation Platform

SNMP

Simple Network Management Protocol

SSH

Secure Shell

SSL

Secure Sockets Layer

TCP

Transmission Control Protocol

Technology

The application of scientific knowledge to achieve practical goals.

"Security Technology" is an umbrella term for the applications, tools, and services used to monitor and protect a company's network infrastructure.

In ASM, a Technology is an identified application or service fingerprinted during data collection.

TSC

Technical Security Consultant. Previously known as TAM, Technical Account Manager.

TTP

Tactics, techniques, and procedures. Describes a threat actor's behavior: Tactic is highest-level description. Technique is a more detailed description in the context of that tactic. Procedure is even more detailed description in the context of a technique. See https://csrc.nist.gov/glossary/term/tactics_techniques_and_procedures.

Typosquatting

Typosquatting is a form of social engineering in which cybercriminals register a purposefully misspelled domain that resembles a ligitimate URL. The goal is to trick users that mistype the legitimate URL into visiting and using the fraudulant website for a variety of malicious purposes.

UDP

User Datagram Protocol

UNC

Uncategorized Threat Group

USB

Universal Serial Bus

VID

Validation Identifier

VRT

Validation Research Team

Previously, the Behavior Research Team (BRT).