Attribution Confidence Score
CyberSecurity Asset Management (CSAM) provides the "Attribution Confidence" score for assets discovered through an EASM discovery. With this score, you can understand which assets belong to your organization or domain because you get a clear distinction between the true and false positives encountered in some situations of EASM discoveries.
Go through the following sections to learn more about the "Attribution Confidence" Score:
- Attribution Confidence Score Overview
- Tags Associated with Confidence Score and Reporting
- Formula for Attribution Confidence Score Calculation
Attribution Confidence Score Overview
The "Attribution Confidence" score indicates confidence in the asset’s attribution to your organization. It is based on the correlation of multiple data facets retrieved from the different sources queried during EASM discovery. The possible values are High, Medium, and Low.
When the "Attribution Confidence" score is high, the asset belongs to your organization or domain, but when it's Low, it's not straightforward to infer if the asset belongs to your organization or domain.
- You can use the "Attribution Confidence" search criteria to find the assets based on high, medium, and low "Attribution Confidence".
- You can group the EASM assets using Group Assets by > External Attack Surface > Attribution Confidence.
You can see the "Attribution Confidence" score from the External Attack Surface tab on the Asset details page.
Tags Associated with Confidence Score and Reporting
During the "Attribution Confidence" calculation or scoring process, the "EASM Confidence Low", "EASM Confidence Medium", and "EASM Confidence High" tags are created and assigned to the assets. Upon the subsequent EASM scans, the tag assignment changes accordingly if the "Attribution Confidence" changes.
When the report is downloaded from the Inventory > Assets page, the tags column includes these tags. The same applies to the EASM reports.
Formula for Attribution Confidence Score Calculation
The "Attribution Confidence" score is calculated based on a formula. The formula is based on various rules. Based on these rules, the "Attribution Confidence" score is calculated as High, Low, or Medium.
Refer to the following table to learn about the attributes on which the rule is built, the rule description, and the "Attribution Score" assigned to the EASM-discovered assets.
|
Attributes |
Rule Description |
Attribution Confidence Score |
|
Domain Name, ASN, Domain Name from the Customer Email, and Domain name from the Certificate Issued to |
If all the attributes associated with the EASM-discovered assets match the attributes from the catalog, then the asset belongs to the respective customer. |
High |
|
Hostname/Subdomain |
The Hostname or Subdomain for the EASM discovered asset is compared with the catalog Hostname or Subdomain identified for the respective customer. If both the Hostnames or subdomains match, the asset belongs to the respective customer. Such assets are classified as CDN, Third-Party, Cloud, and On-Prem. |
High |
|
Netblock/IP address |
If the EASM profile is created using only the Netblock or the IP address, then the Domain Name is obtained from the customer's email ID. In the IP WHOIS Data field, if any of the Emails or Domain Names matches the Domain Name obtained earlier, the asset belongs to the respective customer. |
High |
|
Domain Name, ASN, Domain Name from the Customer Email, Domain name from the Certificate Issued to, and Organization name |
From all the mentioned attributes, if only the Organization Name associated with the EASM-discovered assets matches the Organization Name attributes from the catalog, then the asset belongs to the respective customer. |
Medium |
|
Domain Name, ASN, Domain Name from the Customer Email, Domain name from the Certificate Issued to, and Organization name |
If none of the attributes associated with the EASM-discovered assets match the attributes from the catalog, then the assets don't belong to the respective customer. |
Low |