AttackMetricx & Security Glossary

ASM (Attack Surface Management): Continuous practice of discovering, monitoring and managing all Internet-facing assets that attackers could target

CTEM (Continuous Threat Exposure Management): A continuous lifecycle (Scoping → Discovery → Prioritization → Validation → Mobilization) that identifies, validates, prioritizes and remediates real exposures rather than just listing theoretical issues.

ATSS (Actively Targeted Security Scoring): A prioritization model that elevates findings most likely to be actively targeted by attackers

Threat Exposure: The exposures from ASM, Dark Web, Brand Protection.

Passive Scanning: Collects surface data without interacting with targets (DNS records, certificates, cert transparency).

Active Scanning: Probes systems directly to detect misconfigurations, live services and exploitable vulnerabilities.

Vulnerability Scanning Engine: AttackMetricx’s proprietary engine used for active validation and exploitation-style checks (not generic scanners).

Confirmed Validation: Exposure actively validated by the engine (proof via tests like SQLi/XSS/RCE or live TLS handshake).

Potential Validation: suspected issue needing analyst review (e.g., dormant subdomain).

SPF (Sender Policy Framework): Authorizes mail senders for a domain.

DKIM (DomainKeys Identified Mail): Cryptographic signature validating message authenticity.

DMARC (Domain‑based Message Authentication, Reporting, and Conformance): Policy to enforce SPF/DKIM alignment and reporting.

CVE (Common Vulnerabilities and Exposures): Standard public identifier for a specific vulnerability.

CWE (Common Weakness Enumeration): Catalog of software weakness types.

CVSS (Common Vulnerability Scoring System): Standard scoring (v3.1, v2.0, v4.0) that measures technical severity (attack vector, complexity, privileges, impact).

EPSS (Exploit Prediction Scoring System) — Predictive score estimating probability a CVE will be exploited in the near term (used to prioritize patching).

KVE / Known Vulnerability Exploits: Curated list of vulnerabilities that are observed being exploited in the wild (platform refers to KVE and CISA KEV).

KEV (CISA Known Exploited Vulnerabilities): Government‑curated list of actively exploited CVEs.

CPR (Cyber Prioritization Rating): Business-context score that helps rank CVEs by real-world impact for your assets (platform field)

CPE (Common Platform Enumeration): Formal naming of affected product/version to map which assets are vulnerable.

Trending Vulnerabilities: Issues with rising exploitation likelihood.

SLA / Due Date: Target time for remediation based on severity/compliance.

RCE (Remote Code Execution): Attacker runs code on target systems.

Privilege Escalation: Gaining higher permissions than intended.

SQL Injection (SQLi): Injecting SQL to manipulate back‑end databases.

Cross‑Site Scripting (XSS): Injecting scripts into web pages to run in users’ browsers.

Server‑Side Request Forgery (SSRF): Forcing the server to make malicious requests.

Cross‑Site Request Forgery (CSRF): Tricking users into unwanted actions via their session.

IDOR (Insecure Direct Object Reference): Accessing objects by guessing identifiers.

Directory Listing / Open Directory: Unprotected file listings that leak data.

Sensitive File Exposure: Leaking .env, backups, Git folders, or config files.

Default/Weak Credentials: Accounts protected by trivial or factory passwords.

Known Exploited: Vulnerabilities or misconfigurations actively exploited in the wild (highest priority).

Vulnerability: Software or configuration flaw (often mapped to a CVE).

Misconfiguration: Improper settings (e.g., weak TLS, missing security headers) that increase attackability.

Risky Ports / Exposed Ports: Publicly reachable network ports which may run vulnerable services (e.g., FTP, Telnet, RDP).

Inactive Subdomain: A subdomain that no longer hosts active content or services but still points to an existing DNS record.

Takeover Risk: A security exposure that occurs when a subdomain, DNS entry, or external service points to a decommissioned or unclaimed resource. Attackers can register or claim that resource to host malicious content, impersonate the organization, or conduct phishing attacks.

Dark Web: Dark Web: Non‑indexed or hidden services used by threat actors (e.g., onion sites).

Dark Web Monitoring: Continuous scanning of underground sites, marketplaces, Telegram and forums for leaked credentials, tokens and data.

Mention: References to brand/domains/assets across dark markets and forums.

Threat Actor: Individual/group conducting malicious activity.

Credit Card Monitoring: Detection of stolen payment card data in underground markets.

VIP Monitoring: Focused tracking for executives or key staff.

Breach: Dataset leak exposing credentials or sensitive information.

Botnets: Networks of compromised devices tied to malicious activity.

Botnet Logs: Stolen data from infected devices (credentials, browser data, files).

Ransomware: A type of malicious software that encrypts a victim’s files or systems and demands payment (a ransom) in exchange for the decryption key.

Brand Impersonation: A fraudulent activity where attackers create fake websites, social media profiles, or emails that mimic an organization’s legitimate brand identity.

Typosquatting: A deceptive technique where attackers register domain names similar to a legitimate brand’s domain often with minor spelling errors or character changes (e.g., “gooogle.com” instead of “google.com”).

Homograph Attack: A sophisticated form of domain spoofing that uses visually similar characters from different character sets (such as Cyrillic or Greek letters) to create a fake domain that appears identical to the legitimate one.

Phishing Website: A cloned or malicious site aiming to steal credentials.

Takedown: Action to remove malicious/impersonating content.

Fraudulent App / Fake Social Account: Malicious apps or accounts impersonating your brand to defraud users.

PoC (Proof of Concept): Technical evidence or an exploit snippet proving a vulnerability is exploitable.

IoC (Indicator of Compromise) / Collection Indicators: Forensic traces or markers collected during validation that support threat hunting.

Scoping: Defining monitored assets (domains, subdomains, cloud services, IPs) to ensure accurate coverage.

Discovery: Continuous inventory and detection of exposures across the scoped surface.

Prioritization: Ranking findings using threat intel, EPSS, ATSS and business context to act on what matters most.

Validation: Active or manual verification to reduce false positives and confirm exploitability.

Mobilization: Assigning, tracking and coordinating remediation efforts across teams until closure.

Compliance Mapping: Linking exposures and controls to frameworks (e.g., ISO 27001, NIST CSF, SOC 2, PCI DSS, GDPR).

Control: Safeguard or countermeasure implemented to reduce risk.

MTTR (Mean Time to Remediate): Average time required to fix exposures.

KPI (Key Performance Indicator): Quantitative measures tracking security posture and process health.