Everything on Horizon begins with configuring a Target. A Target is the primary identifier for Horizon to initiate scans. A target can be any of the following -
IP address
Domain
Name
BIN
Keyword
Query
An Asset in Horizon refers to a digital entity or resource that is included in the scope of monitoring and assessment. An Asset is discovered when you run an attack surface scan on a given target, Horizon maps all associated domains, subdomains, hosts, IP addresses, and certificates. Each of these are referred to as an Asset.
An issue refers to a specific vulnerability identified within a system or network. It represents a potential security risk that could be exploited by attackers to compromise the integrity of the targeted asset. There could be several instances of the same issue inside the issues page. For example - several subdomains could have an issue named ‘Timestamp Disclosure - Unix’, therefore showing up more than one time in the issues page.
A scan refers to the process of systematically examining a system to identify potential vulnerabilities. There are three types of Scan Profiles inside Horizon. Refer Scan Profile to learn more
Atlas refers to a visual representation or mapping of the attack surface of an organization. An attack surface atlas provides a comprehensive view of the digital landscape, including domains, subdomains, IP addresses, hosts, and other relevant information.
Horizon allows you to organize and add business context to your assets by using Business Units, Environment and Custom tags. This concept improves collaboration among teams.
Tags enable users to easily filter and search for specific assets or groups of assets based on the tags assigned to them.
Illicit networks (also known as dark web or darknet) refer to online platforms or communities that facilitate illegal activities. Illicit networks can be categorized into different subcategories based on the types of criminal activities they specialize in, such as drugs, fraud, hacking, or other illegal services.
The Market subcategory within the context of illicit networks refers to underground markets or crypto-markets where various items are traded. These markets serve as platforms where actors put up listings for different illegal items they have for sale.
Infected devices, also known as "bots," refer to devices that have been infiltrated by malicious actors. These compromised devices could be personal computers or other connected devices.
Forums are online spaces where actors involved in illegal activities gather to communicate and collaborate. These forums function similarly to social media platforms on the clear web, with the difference that they offer anonymity to their users.
Profiles include pages collected on markets and forums that represent actor profiles. These profiles provide information about the actors, their activities, and occasionally their reputation within the community.
Chatrooms are online spaces where cybercriminals gather to engage in discussions and often advertise their illicit activities.
Refer to the pages collected from public websites of ransomware groups. Many of these groups publicly list their victims on their websites. As a means to establish their credibility, they often provide evidence of data access, such as a screenshot from the victim's Windows Explorer, and specify payment deadlines along with the cryptocurrency ransom address. Some websites even go as far as hosting auctions where the compromised data is put up for bid.
Leaked credentials refer to sensitive login credentials, such as usernames and passwords, that have been illegally disclosed to unauthorized individuals or entities. These credentials are typically obtained through data breaches or other security incidents where unauthorized access to user accounts or databases occurs.
Look-alike domains are fraudulent domain names that closely resemble legitimate domain names. These are designed to trick users into believing that they are interacting with a legitimate website when, in fact, they are accessing a malicious website.
