Report Terminology

primary and secondary assets hexiosec asm has a concept of assets either being classed as 'primary' or 'secondary' to describe their relationships back to seed domains and ip addresses for more information please view managing domains and ips docid\ bqvbkw1h6tebn9j5bywrj stale domains hexiosec asm may mark some domains as stale in the results of a scan domains will be marked as stale if they have been identified, but do not have a dns entry, i e they are not 'live' and have no associated ip address stale domains will not typically have risks associated with them, as they are not live they can still provide details of information found by hexiosec asm the following scenarios can result in stale domains historic domains for which there is historic data, but no references in current scan data public found in public open source data, such as certificate registration logs not public previously found in a scan, but have since been removed referenced referenced in live scan data, e g domains listed as alternate name in a certificate chained sub domains found as part of a live sub domain, e g the sub domain b c com would be stale if it is not live, but a b c com is live understanding vulnerabilities every day, new cyber threats emerge, targeting organisations and systems worldwide to manage these threats effectively, it’s crucial to understand the core concepts of cyber security and vulnerability identification systems our blog post ' vulnerability identification key concepts and terms explained ' provides a guide to key vulnerability identification systems in cyber security and explains how they interconnect to manage vulnerabilities it introduces the following terms, some of which you will see referenced in your scan results the common vulnerabilities and exposures (cve) system the national vulnerability database (nvd) the common vulnerability scoring system (cvss) the known exploited vulnerabilities (kev) catalogue the common platform enumeration (cpe) system