Report Terminology
FractalScan Surface uses 'in scope' and 'out of scope' to control how much of an attack surface to scan. Since everything on the internet is connected, we need to ensure the scope of a FractalScan Surface scan is appropriately focussed.
![Example of in scope node on the explore page of a scan. Example of in scope node on the explore page of a scan.](https://images.archbee.com/ADIhj5CoSURbyJI1tP0pN/7P_H5dA5l9-3ni9DxxiIt_screenshot-2023-08-02-at-112054.png?format=webp)
'In scope' nodes, be they Domains, IP addresses, Components, etc., are connected back to one of the seed nodes via a valid path. A subdomain (or child) of a seed domain will be in scope. However, the domain of a 3rd-party script used on the seed domain's website will be 'out of scope'.
Simply put, if it is 'in scope', then FractalScan Surface has determined that the risks associated with the asset are your responsibility. If it is out of scope, then FractalScan Surface can't be sure it is yours, and you will need to add it as a seed to get FractalScan Surface to inspect it further.
To view the 'out of scope' nodes, go to the 'Out of Scope' page on a scan, and you can add nodes to scope as seeds. Note, this will depend on permissions.
FractalScan Surface may mark some domains as stale in the results of a scan. Domains will be marked as stale if they have been identified, but do not have a DNS entry, i.e. they are not 'live' and have no associated IP address.
![Document image Document image](https://images.archbee.com/ADIhj5CoSURbyJI1tP0pN/Fvz0B0-H8chcNk5VhXbx4_screenshot-2023-06-22-at-120052.png?format=webp)
Stale domains will not typically have risks associated with them, as they are not live. They can still provide details of information found byFractalScan Surface.
The following scenarios can result in stale domains:
- Historic domains: For which there is historic data, but no references in current scan data:
- Public: Found in public open source data, such as certificate registration logs
- Not public: Previously found in a scan, but have since been removed
- Referenced: Referenced in live scan data, e.g. domains listed as alternate name in a certificate
- Chained sub-domains: Found as part of a live sub-domain, e.g:
- The sub-domain b.c.com would be stale if it is not live, but a.b.c.com is live
Every day, new cyber threats emerge, targeting organisations and systems worldwide. To manage these threats effectively, it’s crucial to understand the core concepts of cyber security and vulnerability identification systems.
Our blog post 'Vulnerability identification: key concepts and terms explained' provides a guide to key vulnerability identification systems in cyber security and explains how they interconnect to manage vulnerabilities. It introduces the following terms, some of which you will see referenced in your scan results:
- The Common Vulnerabilities and Exposures (CVE) system
- The National Vulnerability Database (NVD)
- The Common Vulnerability Scoring System (CVSS)
- The Known Exploited Vulnerabilities (KEV) catalogue
- The Common Platform Enumeration (CPE) system