Contents x
    Q&A
    • 25 Jan 2023
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    Q&A

    • Updated on 25 Jan 2023
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    Here we summarize some of the most frequent questions coming from our clients. Make sure to check it out if you have any doubts!

    External Sentry

    • Does it accept multiple CIDR ranges? Yes
    • Can it scan a single IP address? Yes, just add "/32" at the end of the IP address
    • The asset inventory is missing some hosts: What can I do? Check CIDR ranges or, in case of a root domain, add the particular subdomains that were missing
    • The asset inventory has more assets than needed: What can I do? We can't remove autopopulated assets from the asset list, but in case it is needed you can mark the related exploits, if any, as false positives to avoid them to affect the Sentry score and report
    • How can I get more information about the source of the leaked credentials? Use the database name from the Dark Web Monitoring tab and google "{database-name} data breach"
    • Are there any proofs of concept of the exploits performed? Yes, check the "Responses" tab.
    • What if there's a CVE in the CVE list but not in the exploit list? Those are two independent processes, each one with a particular value added.

    Cloud Sentry

    • Instructions for creating the credentials are not good enough, do you have a walkthrough guide? Yes, check 360 documentation located on the side bar
    • Azure permissions are against my compliance framework, what can I do? We can test the Sentry with lower level permissions, but the scan scope will be reduced.
    • Some cloud vulnerabilities were fixed yet they keep popping up after the scan, what can I do? Check, CIS benchmarks documentation as there could be some missing steps to fully complete the setup
    • How are you handling the cloud data? Encrypted in a MySQL database hosted on AWS
    • Is this scanning our cloud hosted network infrastructure? No, this Sentry only scans high level configuration, to scan network infrastructure you can deploy an Internal Sentry in one of the VMs hosted on your Cloud provider

    Internal Sentry

    • Can I scan multiple CIDRs in the internal tool?  Yes
    • Do I need AD credentials to create an internal sentry? Not necessarily, you can start a scan only with the CIDR ranges but the Active Directory module won't run.
    • I followed the instructions and the sentry doesn't appear as a new service, what can I do? Make sure you ran CMD as administrator. If you did, check the troubleshooting pages in 360 documentation. If that's not enough, then create a new Zendesk ticket and we'll help you as soon as possible
    • AD related vulnerabilities keep appearing after being fixed, what can I do? Check CIS Benchmarks for AD, if you still need support please create a new Zendesk ticket

    Miscellaneous

    • How are you handling zero-days? We update our exploit database two to three days after the CVE ID is issued.
    • Can the exploit engine be disabled on a certain sentry? No.
    Was this article helpful?