Broad Scoping vs Non-broad scoping in ASM

This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.

Reject

Preferences

Google Cloud
Google Workspace
AppSheet
Looker & Looker Studio
Google Cloud Security

Google Cloud Security Home
Security Forums
Tips & Resources
Articles & Information
User Groups
Events

cancel

Turn on suggestions

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Showing results for

Search instead for

Did you mean:

Announcements

Check out the new Professional Security Operations Engineer certification beta!

Google Cloud Security
Security Forums
Attack Surface Management
Broad Scoping vs Non-broad scoping in ASM

Topic Options

Subscribe to RSS Feed
Mark Topic as New
Mark Topic as Read
Float this Topic for Current User
Bookmark
Subscribe
Mute
Printer Friendly Page

Solved

Broad Scoping vs Non-broad scoping in ASM

Posted on 06-20-2024 06:46 AM

Share this topic

Twitter

ionutm

Staff

Post Options

Mark as New
Bookmark
Subscribe
Mute
Subscribe to RSS Feed
Permalink
Print
Report Inappropriate Content

Reply posted on --/--/---- --:-- AM

Post Options

Mark as New
Bookmark
Subscribe
Mute
Subscribe to RSS Feed
Permalink
Print
Report Inappropriate Content

By default, Mandiant ASM (Attack Surface Management) has a focused approach to identifying assets for testing. This is great for minimizing false positives, but penetration testers who want a wider net can enable "broad scoping." While this feature helps uncover more potential targets, it might also lead to some inaccuracies in asset ownership identification due to the broader DNS entity scoping.

The above can be found here: https://docs.mandiant.com/home/asm-collections-overview

Enabling broad scoping: