Organization Details

Inside Organization Details, the following information is available:

  • Organization Name and Status

    Example: example → Status: Active.

    Includes the Expiration Date for the license (e.g., 2025-07-31).

  • Organization Domains

    Shows all domains linked to the organization, e.g.,

    • example.com

    • attackmetricx.com

  • Licenses Details

    • License Status: Active / Expired

    • License Type: e.g., Trial

  • Organization Features

    This section provides a comprehensive overview of the available solutions and their current activation status.

    It shows whether each feature is Enabled (licensed and active) or Disabled (not licensed or inactive).

    In other words, this panel helps you quickly understand which capabilities your organization can currently use, and which ones require activation or licensing.

    The list includes:

    • ASM → Indicates if the Attack Surface Management module is enabled or disabled.

    • Credits Left → Shows the remaining credits available for scans and actions (active only when licensed).

    • Compliance Mapping → Displays if the compliance mapping functionality is enabled or disabled.

    • Dark Web → Highlights whether dark web monitoring is available or not.

    • Identifiers → Indicates if identifiers tracking is enabled or disabled.

    • Brand Protection → Shows whether brand protection services are active or inactive.

    • Clearnet → Displays if clearnet (surface web) monitoring is enabled or disabled.

    • GitScan → Indicates if source code repository scanning is active or not.

    • API Integration → Shows whether API-based integration is enabled or disabled.

    Threat Feeds

    The Threat Feeds module provides direct access to curated, continuously updated intelligence streams that can be consumed by your security systems. This ensures your SOC, SIEM, or threat-hunting tools are always fed with the latest malicious indicators and hostile infrastructure data.

    What it shows

    • Expiration Date

      Indicates how long your threat feed subscription remains valid (e.g., 2026-06-02).

    • VPN / TOR / Proxies

      Flags whether feeds related to VPN exit nodes, TOR network relays, and known proxy servers are included. When enabled, these feeds give visibility into adversary infrastructure often used to mask attacks.

    • Request Quota

      Displays the number of queries or pull requests you can still make from the feed within your quota (e.g., 166 remaining).

    • Access Key

      A unique key assigned to your organization. It is used to securely authenticate and retrieve feeds without exposing raw credentials.

    • Customer ID

      Identifies your organization in the AttackMetricx feed service. This ensures data streams are tied to your tenant.

    • Link (Integration URL)

      A ready-to-use API endpoint that you can integrate into your SIEM, SOAR, firewall, or monitoring stack. By plugging this URL in, your defenses receive real-time IOCs (Indicators of Compromise), including malicious IPs, domains, and threat scores.

    Why this is powerful

    • Transforms AttackMetricx into a live intelligence source for your security ecosystem.

    • Ensures detections are not only local to the platform but can flow seamlessly into your own defenses.

    • With feeds for TOR, VPNs, and Proxies, your analysts gain immediate context about suspicious connections and attacker infrastructure.

    Rescan Scheduler

    The Rescan Scheduler ensures that your organization’s domains are automatically and consistently re-scanned through the ASM engine.

  • Value

    • Guarantees that your asset inventory and exposure data remain continuously updated.

    • Newly added subdomains, infrastructure changes, and emerging vulnerabilities are detected without requiring manual intervention.

    • Provides executives and SOC teams with real-time accuracy on the organization’s risk posture.

  • Purpose

    • Automates recurring ASM scans for each registered domain on the schedule you define (e.g., weekly at a specific time).

    • Each scheduled scan uses credits, since it performs a full, fresh discovery and security check across your attack surface.

Impersonating Rescan Scheduler

The Impersonating Rescan Scheduler is a specialized feature focused on brand protection and anti-impersonation monitoring.

  • Purpose

    • Continuously hunts for malicious or deceptive look-alike domains (e.g., typosquatting, brand variations, or fraudulent registrations) that attempt to impersonate your organization.

    • Runs on a recurring schedule, ensuring proactive monitoring without gaps.

  • Value

    • Enables early detection of phishing sites, fraudulent infrastructure, and impersonation campaigns.

    • Minimizes the time attackers can exploit brand misuse by giving your security team actionable intelligence as soon as suspicious domains are detected.

    • Reinforces customer trust and protects against credential theft, fraud, and brand damage.

PreviousOrganization OverviewNextOrganization Users

Last updated

Was this helpful?