New: Shared hosting report

There is a new report available in the report library that shows third party websites running on shared hosting where your websites are hosted too. These third party websites could be a security risk or damage your brand reputation, so you should have a look at them regularly.
You can also look up the shared hosting for your organization directly with this magic query:

$shared_hosting_report last_seen>-7d

If you find trouble, contact the hosting company and ask them to organize the shared hosting in such a way that the offending website is not sharing a host with your website anymore. Another option of course is using dedicated hosting.

Also, completely unrelated to shared hosting, with this weeks update everyone running a group account can now manage all users from the subaccounts in the groupaccount too.

New report options

There have been some additions to the data and query language that allow better searching, reports and alerts.

The first is that you can and a url, with wildcard, to all of the magic software queries. A magic query is one that starts with a $, and it is magic because it gathers data in a way that is not possible in the query language in ShadowTrackr. Here's an example:

$software_vulnerabilities_report last_seen>-7d url="*.com"

This will create a report of all vulnerable software found, with a list of assets with vulnerabilities that are found in the last week, but only for all your .com domains.

The second change is that you can use asset as a column in the assets and cves_assets indexes. Asset can be an ip address or a url/domain and it supports wildcards. Example:

index=cves_assets asset="*.nl"

This will list all vulnerabilities (one per line) found on your .nl domains. Note that this index contains older (patched) vulnerabilities too, so if you only want the recents ones do:

index=cves_assets last_seen>-7d asset="*.nl"

The third and last addition is the days column in the certificates index. It shows how long a certificate is valid in days. This allows you to make types of new reports, like this overview that groups certificates and issuers per how long the certificates are valid.

index=certificates last_seen>-7d by days | table days issuer

Better alert emails, improved group account

The email alerts should be more usable now. Before, you had to open the attachment to see the actuals results. Most results are just about a few assets and listing those in the email body itself would save a click. So that's what is done now. Some results are shown, up to a maximum of 10. If there are too many columns to show properly, the middle ones are cut out in the email body (but still all included in the attachment).

Another update is on group accounts. Some of you are responsible for multiple organisations that are not supposed to see each others data. This can be done with a groupaccount, where the subaccounts behave just like regular ShadowTrackr accounts but the groupaccount admins can see and search all data of all subaccounts.

As a groupaccount admin you can enter a subaccount and go back to the grouplevel, but it wasn't always very clear where exactly you were at a given moment. That is fixed now (it's shows in the bottom left, in bright yellow). Also some extra menu items are added to the groupadmin menu for better navigation.