Axonius Documentation

    Google Threat Intelligence Attack Surface Management (ASM)

    Google Threat Intelligence ASM is an attack surface management platform that provides continuous discovery, external asset monitoring, exposure analysis, and threat intelligence context for internet-facing environments.

    Use Cases the Adapter Solves

    • Monitor External Attack Surface: Gain visibility into all internet-facing assets discovered by Google Threat Intelligence ASM, including domains, URIs, IP addresses, network services, and cloud storage buckets to identify potential exposure points.
    • Identify Security Exposures: Detect vulnerabilities and security issues associated with external assets, including CVEs, SSL certificate problems, and open network services that may pose security risks.

    Asset Types Fetched

    • Domains & URLs, SaaS Applications, Networks, Network Services, Object Storages, Certificates, Users, Secrets, Aggregated Security Findings

    Data Retrieved through the Adapter

    URLs - Fields such as Domain, Base URL, Tags, First Seen

    Networks - Fields such as Name, ASN, Network Name, DNS Resolutions

    Network Services - Fields such as Name, Tags, GTI Entity Type

    Object Storages - Fields such as Name, Tags, Collection, GTI Entity UUID

    Certificates - Fields such as Name, Expires On, Issuer Organization

    Users - Fields such as Username, Mail, Tags, GTI Entity UUID

    Secrets - Fields such as Name, Tags, Collection

    Aggregated Security Findings - Fields such as CVE ID, CVE Description, CVE Severity

    Before You Begin

    Required Ports

    • TCP port 443 (HTTPS)

    Authentication Methods

    API Key Authentication

    APIs

    Axonius uses the Google Threat Intelligence ASM API v3. The following endpoints are called:

    • GET /api/v3/asm/projects - Retrieves ASM project information
    • GET /api/v3/asm/search/entities/type:Domain - Searches for domain entities
    • GET /api/v3/asm/search/entities/type:Uri - Searches for URI entities
    • GET /api/v3/asm/search/entities/type:ApiEndpoint - Searches for API endpoint entities
    • GET /api/v3/asm/search/entities/type:Nameserver - Searches for nameserver entities
    • GET /api/v3/asm/search/entities/type:IpAddress - Searches for IP address entities
    • GET /api/v3/asm/search/entities/type:DnsRecord - Searches for DNS record entities
    • GET /api/v3/asm/search/entities/type:NetBlock - Searches for network block entities
    • GET /api/v3/asm/search/entities/type:NetworkService - Searches for network service entities
    • GET /api/v3/asm/search/entities/type:AwsS3Bucket - Searches for AWS S3 bucket entities
    • GET /api/v3/asm/search/entities/type:SslCertificate - Searches for SSL certificate entities
    • GET /api/v3/asm/search/entities/type:EmailAddress - Searches for email address entities
    • GET /api/v3/asm/search/entities/type:UniqueToken - Searches for unique token entities
    • GET /api/v3/asm/search/issues/entity_type:IpAddress - Searches for security issues associated with IP addresses

    Required Permissions

    The API key must have permissions to:

    • Project Member on every ASM Project to be ingested
    • Collection Viewer on every Collection within those Projects
    • Query security issues and vulnerabilities

    Note: The exact permission names should be confirmed with your Google Threat Intelligence administrator or Google support, as the API documentation is not publicly available.

    Supported From Version

    Supported from Axonius version 9.0.1

    Connecting the Adapter in Axonius

    Navigate to the Adapters page, search for Google Threat Intelligence Attack Surface Management (ASM), and click on the adapter tile.

    Click Add Connection.

    To connect the adapter in Axonius, provide the following parameters:

    Required Parameters

    1. Host Name or IP Address - Base domain for the API, should contain a prefix of http:// or https://. Do not add any specific endpoints after the domain. Example: https://www.virustotal.com
    2. API Key - The API key generated from Google Threat Intelligence with permissions to access ASM data.
    Google Threat Intelligence Attack Surface Management (ASM)

    Optional Parameters

    1. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
    2. HTTPS Proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.
    3. HTTPS Proxy User Name - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
    4. HTTPS Proxy Password - The password to use when connecting to the server using the HTTPS Proxy.

    To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.