The Attack Surface module has the ability to maintain any assets that have been configured within externally hosted scanners, identify the services that exist on these assets, as well as maintain the vulnerability and risks that exist on the assets.

The Attack Surface module has four tabs that provide different functionality and information, and the ability to drill-down into each asset or vulnerability is throughout the Attack Surface module.


The Attack Surface dashboard will provide information regarding all internet-facing assets, running services on those assets, and any vulnerabilities that have been identified on those services. The dashboard will provide high-level information (similar to the Dashboard page), as well as giving users the ability to drill into assets and observe any critical vulnerabilities that have been identified on assets within the last ten (10) days.


The vulnerabilities tab within the Attack Surface module will present a trend line of vulnerabilities that exist on internet-facing assets over time, as well as breakdown the categories of any vulnerabilities identified, and list all vulnerabilities in the external issues table.

Users can now export all of the vulnerabilities across their attack surface in the form of CSV files. To do this, click the Export button in the top right of the screen and proceed to click Download to receive the results.

To view the details for an individual vulnerability, you can click into the vulnerability name in the external issues table, and the details for the specific issue you drilled into will be surfaced.

This page will outline all of the details of the specific issue that was identified on the external asset. The information you will see for each vulnerability is the following:

  • Name
  • Description
  • Solution
  • References
  • Category
  • CVSS Base Score
  • CVEs
  • EPSS
  • EPSS Percentile
  • CISA Known Exploited
  • Ransomware Campaign Used

All assets that are affected with the vulnerability that is being viewed will show up within the Affected External Entities table.


The Assets tab gives a list view of all of the assets (Hostname, IP, Group, and Criticality) across an organization’s external network.

Users can drill into each asset to see the specific information regarding the host that was scanned, including the Hostname, IP Address, OS (if available), all services exposed externally, as well as the criticality and groups that the asset is a part of.


Remediation tracking within both the Attack Surface and Internal Network module is automated and the details for each remediated vulnerability are displayed in a table, and the aggregate values are tracked over time.

A vulnerability is considered remediated (or fixed) when an asset that exists within the Shield platform and initially has had a vulnerability identified, and that asset is scanned again and the vulnerability no longer exists.