CYFIRMA Attack Surface

Solution: Cyfirma Attack Surface

Cyfirma Attack Surface Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	CYFIRMA
Support Tier	Partner
Support Link	https://www.cyfirma.com/contact-us/
Categories	domains
Version	3.0.0
Author	Microsoft
First Published	2025-03-27
Solution Folder	Cyfirma Attack Surface
Marketplace	Azure Marketplace · Popularity: ⚪ Very Low (9%)

The CYFIRMA Attack Surface solution provides ability to gain continuous visibility into their external digital footprint directly within Microsoft Sentinel. This integration enhances your security posture by identifying exposed assets, misconfigurations, and vulnerabilities across internet-facing infrastructure—enabling faster response to potential threats and reducing the attack surface before adversaries can exploit it. By ingesting enriched attack surface intelligence—covering open ports, vulnerable IPs, cloud misconfigurations, certificate issues, and more—into Microsoft Sentinel, security teams can correlate findings with other threat indicators, automate incident response, and drive proactive defense measures.

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 1 data connector(s):

CYFIRMA Attack Surface

Tables Used

This solution uses 6 table(s):

Table	Used By Connectors	Used By Content
`CyfirmaASCertificatesAlerts_CL`	CYFIRMA Attack Surface	Analytics
`CyfirmaASCloudWeaknessAlerts_CL`	CYFIRMA Attack Surface	Analytics
`CyfirmaASConfigurationAlerts_CL`	CYFIRMA Attack Surface	Analytics
`CyfirmaASDomainIPReputationAlerts_CL`	CYFIRMA Attack Surface	Analytics
`CyfirmaASDomainIPVulnerabilityAlerts_CL`	CYFIRMA Attack Surface	Analytics
`CyfirmaASOpenPortsAlerts_CL`	CYFIRMA Attack Surface	Analytics

Content Items

This solution includes 12 content item(s):

Content Type	Count
Analytic Rules	12

Analytic Rules

Name	Severity	Tactics	Tables Used
CYFIRMA - Attack Surface - Cloud Weakness High Rule	High	InitialAccess, Collection, Discovery, Exfiltration	`CyfirmaASCloudWeaknessAlerts_CL`
CYFIRMA - Attack Surface - Cloud Weakness Medium Rule	Medium	InitialAccess, Collection, Discovery, Exfiltration	`CyfirmaASCloudWeaknessAlerts_CL`
CYFIRMA - Attack Surface - Configuration High Rule	High	InitialAccess, Discovery, Persistence, Execution, DefenseEvasion, CredentialAccess, Collection, Reconnaissance	`CyfirmaASConfigurationAlerts_CL`
CYFIRMA - Attack Surface - Configuration Medium Rule	Medium	InitialAccess, Discovery, Persistence, Execution, DefenseEvasion, CredentialAccess, Collection, Reconnaissance	`CyfirmaASConfigurationAlerts_CL`
CYFIRMA - Attack Surface - Domain/IP Vulnerability Exposure High Rule	High	InitialAccess, Discovery, DefenseEvasion, Persistence, Execution, Impact, PrivilegeEscalation	`CyfirmaASDomainIPVulnerabilityAlerts_CL`
CYFIRMA - Attack Surface - Domain/IP Vulnerability Exposure Medium Rule	Medium	InitialAccess, Discovery, DefenseEvasion, Persistence, Execution, Impact, PrivilegeEscalation	`CyfirmaASDomainIPVulnerabilityAlerts_CL`
CYFIRMA - Attack Surface - Malicious Domain/IP Reputation High Rule	High	InitialAccess, CommandAndControl, Reconnaissance, Impact, DefenseEvasion, Exfiltration	`CyfirmaASDomainIPReputationAlerts_CL`
CYFIRMA - Attack Surface - Malicious Domain/IP Reputation Medium Rule	Medium	InitialAccess, CommandAndControl, Reconnaissance, Impact, DefenseEvasion, Exfiltration	`CyfirmaASDomainIPReputationAlerts_CL`
CYFIRMA - Attack Surface - Open Ports High Rule	High	InitialAccess, CommandAndControl, Discovery, DefenseEvasion, Persistence	`CyfirmaASOpenPortsAlerts_CL`
CYFIRMA - Attack Surface - Open Ports Medium Rule	Medium	InitialAccess, CommandAndControl, Discovery, DefenseEvasion, Persistence	`CyfirmaASOpenPortsAlerts_CL`
CYFIRMA - Attack Surface - Weak Certificate Exposure - High Rule	High	DefenseEvasion, ResourceDevelopment, Reconnaissance, InitialAccess, CredentialAccess	`CyfirmaASCertificatesAlerts_CL`
CYFIRMA - Attack Surface - Weak Certificate Exposure - Medium Rule	Medium	DefenseEvasion, ResourceDevelopment, Reconnaissance, InitialAccess, CredentialAccess	`CyfirmaASCertificatesAlerts_CL`

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.3	04-09-2025	Bugs fixes to CCF Data Connector.
3.0.2	24-07-2025	Minor changes and New analytics rules added to CCF Data Connector.
3.0.1	17-06-2025	Minor changes to CCF Data Connector.
3.0.0	14-04-2025	Initial Solution Release.