3 CESNET SOC use-cases
3.1 Vulnerability scanning
Select Lens Vuln or Storage Vuln from the top-level menu (or corresponding API) to find
vulnerabilities with filter Vuln.severity not_in ["info", "low"].
- General vulnerability scan (nuclei)
- SSL/TLS scanning with testssl (experimental;
note.xtype testssl) - Source port scanning (experimental;
note.xtype sportmap)
3.2 Service version detection
Select Storage Versioninfo from the top-level menu (or corresponding API).
3.3 Host view
Analyze data for specific host in Storage Host view.
3.4 Hosts with extensive number of services
Analyze data in Storage Hosts view, sort table by number of services (cnt_s column).
3.5 Specific services or combinations
Search and analyze hosts with specific services or combination of services.
- webserver + database
- web servers don't typically expose internal database if properly configured
- hostname + database
- purpose of server/service can be inferred from hostname, high-profile targets should expose only minimal set of services, (eg. authentication service).
- debugging or management interfaces
- any service used for debuging (eg. JDWP, JMX) or remote management (iDrac, BMC) should not be exposed for public access
3.6 External linking
Storage host lookup route can be used for linking from external sites (NERD).