Domain Vulnerability Insights

The Domain Vulnerability Insights Dashboard offers a comprehensive overview of vulnerabilities across domains managed in DDI+ Platform. It provides insights into the total number of domains scanned for vulnerabilities, offering a detailed perspective on vulnerabilities within domains and their associated DNS records. This dashboard serves as a centralized tool for gaining valuable insights into the security posture of the managed domains.
The following reports are available under the Domain Vulnerability Insights tab:
  • Total Domains: Total Domain Scanned provides the metrics of the total number of domains that are scanned from the domains.
  • Total Domains Scanned: This metric displays the total number of domains scanned for the vulnerabilities.
  • Malicious Domains: Provides a list of subdomains with CNAMEs redirecting to questionable websites. It specifically identifies instances where the content of the application in the CNAME includes malicious keywords.
  • Total Vulnerabilities Found: This metric displays the total number of vulnerabilities found in the inventory.
  • Top 10 Domain with Highest Vulnerabilities: This metric displays the top 10 domain with highest vulnerabilities in the inventory.
  • Domain Vulnerability by Types: This bar chart illustrates vulnerabilities within domains and subdomains, categorized by various vulnerability scan types.

    The following vulnerability scans type:

    • HTTPS/HTTP Scan: This scan checks if the HTTP/HTTPS status is down for domains and associated subdomains.
    • CNAME scan: This vulnerability scan assesses vulnerabilities in CNAMEs associated with the domain. The scan includes checks for HTTP/HTTPS status, potential malicious content, and examines CNAMEs for standard response fingerprints susceptible to hijacking.
    • MX Record Scan: This scan involves checking domains for the presence of MXrecords. If the domains have MX records, the scan verifies whether the servers mentioned in the MX records are unreachable. If any servers are found to be unreachable, they are highlighted as vulnerable.
    • SPF Record Scan: The SPF Record Scan involves multiple checks:
      • Syntax Check:The scan performs a syntax check on the SPF records.
      • Reachability Check: Verifies that all hosts mentioned in the SPF records are reachable.
      • Invalid Directive: Checks for invalid directives, such as instances where a domain is specified, but the MX record or the A record specified for that domain is invalid.
      • Obsolete Include Directive: Identifies and flags obsolete include directives, particularly when an invalid SPF for the domain specified in the existing record is detected.
    • DMARC Scan: The scan verifies if the DMARC policy for the domain is set to "none." which potentially is a security concern.
    • NS Scan: This involves verifying the reachability of the Name Servers (NS) associated with the domain through a ping test. The scan assesses the responsiveness of the NS servers, identifying any instances where they may be unreachable.
    • SOA Record Scan: This scan aims to ensure that the SOA record adheres to specific criteria for optimal DNS configuration. Following are the criteria.
      • Ensures that the primary Name Server (NS) record specified in the SOA record is reachable.
      • Verifies that the refresh interval in the SOA record is set to a value greater than 3600 seconds.
      • Checks that the retry interval in the SOA record is set to a value greater than 900 seconds.
      • Ensures that the expiration time in the SOA record is set to a value greater than 604800 seconds.
      • Verifies that the Time-to-Live (TTL) value in the SOA record is set to a value greater than 300 seconds.
Note: You can click on the corresponding metric to view the detailed information.