Target
Everything on Horizon begins with configuring a Target. A Target is the primary identifier for Horizon to initiate scans. A target can be any of the following -
IP address
Domain
Name
Email
BIN
Keyword
Query
Asset
An Asset in Horizon refers to a digital entity or resource that is included in the scope of monitoring and assessment. An Asset is discovered when you run an attack surface scan on a given target, Horizon maps all associated domains, subdomains, hosts, IP addresses, and certificates. Each of these are referred to as an Asset.
Issue
An issue refers to a specific vulnerability identified within a system or network. It represents a potential security risk that could be exploited by attackers to compromise the integrity of the targeted asset. There could be several instances of the same issue inside the issues page. For example - several subdomains could have an issue named ‘Timestamp Disclosure - Unix’, therefore showing up more than one time in the issues page.
What is a Scan?
A scan refers to the process of systematically examining a system to identify potential vulnerabilities. There are three types of Scan Profiles inside Horizon. Refer Scan Profile to learn more
Atlas
Atlas refers to a visual representation or mapping of the attack surface of an organization. An attack surface atlas provides a comprehensive view of the digital landscape, including domains, subdomains, IP addresses, hosts, and other relevant information.
Business Unit
Horizon allows you to organize and add business context to your assets by using Business Units, Environment and Custom tags. This concept improves collaboration among teams.
Tags
Tags enable users to easily filter and search for specific assets or groups of assets based on the tags assigned to them.
What are Illicit Networks?
Illicit networks (also known as dark web or darknet) refer to online platforms or communities that facilitate illegal activities. Illicit networks can be categorized into different subcategories based on the types of criminal activities they specialize in, such as drugs, fraud, hacking, or other illegal services.
What are Markets?
The Market subcategory within the context of illicit networks refers to underground markets or crypto-markets where various items are traded. These markets serve as platforms where actors put up listings for different illegal items they have for sale.
What are Infected Devices?
Infected devices, also known as "bots," refer to devices that have been infiltrated by malicious actors. These compromised devices could be personal computers or other connected devices.
What are Forum Posts?
Forums are online spaces where actors involved in illegal activities gather to communicate and collaborate. These forums function similarly to social media platforms on the clear web, with the difference that they offer anonymity to their users.
What are Profiles?
Profiles include pages collected on markets and forums that represent actor profiles. These profiles provide information about the actors, their activities, and occasionally their reputation within the community.
What are Chatrooms?
Chatrooms are online spaces where cybercriminals gather to engage in discussions and often advertise their illicit activities.
What are Ransom Leaks?
Refer to the pages collected from public websites of ransomware groups. Many of these groups publicly list their victims on their websites. As a means to establish their credibility, they often provide evidence of data access, such as a screenshot from the victim's Windows Explorer, and specify payment deadlines along with the cryptocurrency ransom address. Some websites even go as far as hosting auctions where the compromised data is put up for bid.
What are Leaked Credentials?
Leaked credentials refer to sensitive login credentials, such as usernames and passwords, that have been illegally disclosed to unauthorized individuals or entities. These credentials are typically obtained through data breaches or other security incidents where unauthorized access to user accounts or databases occurs.
What are Look-alike Domains?
Look-alike domains are fraudulent domain names that closely resemble legitimate domain names. These are designed to trick users into believing that they are interacting with a legitimate website when, in fact, they are accessing a malicious website.