What are xTags?

xTag defines a contextual execution property of an App on an Asset. xTag can answer questions like:

  • #admin_usage - does an App runs with a high privilege user? 
  • #netowrk_usage - which of my Assets are communicating with the DMZ and by Which Apps? 
  • #high_usage - Which Apps are actually being used?
  • #attack_surface - Which Apps contain unknown vulnerabilities?
  • #known_vulnerability - Which Apps are vulnerable to known CVE's?
  • #new_vulnerability_published - Which Apps vulnerable to new CVE's (last two months)?
  • #has_exploit - Which Apps are vulnerable known exploits?
  • #easy_to_expoit - Which Apps vulnerabilities' are easy to exploit?
  • #has_patch - Which Apps are patchable?
  • #high_impact_patch - Which Apps are patchable in a significant ratio?
  • #monitored_by_topia - Which Apps are monitored by Topia against supported exploits?
  • #protected_by_topia - Which Apps are protected by Topia against supported exploits?
  • #tweeted_cves - Which CVE's are popular over Twitter?
  • #availability_impact_if_exploited -  If exploited will it result in a high impact to the availability of the affected app?
  • #confidentiality_impact_if_exploited -  if exploited will result in a high confidentiality impact to your information in some of your Apps?
  • #integrity_impact_if_exploited -  if exploited will it result in a high integrity impact to your information in some of your apps?
  • #exposed_to_DOS_Attack - If exploited will it expose the asset to a DOS attack?
  • #exposed_to_RCE_attack - If exploited will it expose the asset to remote attacks?
  • #user_interaction_required_for_exploiting - Is user interaction required for a successful exploitation?
  • #admin_privileges_required_for_exploiting - are admin privileges required in order to execute the exploit successfully?
  • #critical_vulnerability - Is the vulnerability critical?
  • #exposed_to_credentials_stealing -  If exploited will it expose the asset to credentials stealing attacks?
  • #exposed_to_sensitive_information_disclosure - If exploited will it allow retrieving sensitive information from the assets?

if you have in mind a new xTag we still didn’t think of, you can contact us through the Trouble Ticket form on the Customer Portal.