SecurityTrails Blog · Mar 14 · by Esteban Borges

Introducing Attack Surface Intelligence: Risk Rules

Reading time: 2 minutes
Listen to this article

Today we're thrilled to announce a long-awaited feature for our Attack Surface Intelligence platform: Risk Rules.

New ASI Risk Rules will take risk and vulnerability prioritization to the next level, so any organization can easily identify the biggest weaknesses within their attack surface, in mere seconds.

Enter Risk Rules

These rules are designed to alert organizations to specific types of risk in a way that creates minimal noise while clearly communicating the level of action to take.

Enter Risk Rules

The new Risk Rules module is located inside your current ASI project, where you'll find two sub-tabs: Issues and Hosts.

Issues: As you can see in the following screenshot, this is where you'll find which exact CVEs and critical misconfigurations are affecting your hosts, along with a general description of the issue. The risk rules are visually broken out by severity (red for high, yellow for moderate, gray for informational) to help you identify how immediate action should be taken.

Which exact CVEs and critical misconfigurations are affecting your hosts

On this same interface, you'll also be able to see which exact hosts are affected by the reported CVE. Displayed are a list of hosts, along with CVE details, and a risk priority score:

Which exact hosts are affected by the reported CVE

Some vulnerabilities are publicly accessible, and our Risk Rules take advantage of that, by showing you a screenshot of them. For example, if an open RDP access has been found, you'll also see its screenshot:

Some vulnerabilities are publicly accessible

Hosts: This tab will allow you to visualize a severity table ordered by High, Moderate, and Informational scores. This is especially useful for seeing the whole picture of your digital assets, and knowing which ones are impacted by High and Moderate risks.

Visualize a severity table

How can I use it?

Risk Rules (beta) are available to all enterprise ASI customers—contact your Account executive today to get started.


With this new ASI release, your organization will have greater control over your entire attack surface by having the ability to immediately detect any vulnerabilities, misconfigurations, and critical risks across all of your IT assets. This is especially important when taking into account the government's new Shields Up campaign.

Identify all of your risks—and take action on them today!

Esteban Borges Blog Author

Esteban is a seasoned cybersecurity specialist, and marketing manager with nearly 20 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.

Subscribe to the SecurityTrails newsletter
Sign up for our newsletter today!

Get the best cybersec research, news, tools,
and interviews with industry leaders