# Ports

Ports are one of the single largest risks to your attack surface. Every piece of computing technology on your attack surface is exposed through a TCP or UDP port, and is the beginning of a potentially complex series of steps to attack your company. NetSPI discovers internet-facing ports by performing full TCP connect port scanning against all IP addresses discovered on your attack surface.

# Accessing the Ports page

Select (or hover over) EASM in the side navigation and then select Ports to display the Ports page.

# Filter ports and view CVEs

There are three ways to filter the ports table to bring focus to the details that matter most to you.

• Top row filter cards
• Fast filter in the side navigation
• Filter icon for custom filtering

# Filter cards

The top row of the Ports page displays ports cards for open, closed, domains, and IP addresses .

1. Select any one of the Findings filter cards to filter the Ports table to display data that matches the selected card.

   The Active Filters row displays at the top of the table when you select a filter card so that you can see which states are included/excluded in the filtered list.

   Hover over any metric card's graph to view a specific date statistics for that metric.

2. Select the Clear All link in the Active Filters field to remove all filter criteria.

# Fast filter

The fast filter functionality is located in the side navigation within the Ports page. It provides a quick way to filter on items that are likely to be the most important to you.

To apply the fast filter, select checkboxes for as many of the fast filter criteria as you need, scrolling down to view more items. As you select or clear checkboxes, the table dynamically changes to display port results matching your selections.

Use the image and text below for more details on the Ports page fast filter functions.

1. There are multiple fast filters for different aspects of the selected page (Port Number, Service Name, etc.).

   The Ports page's fast filter items include:

   • Port Number
   • Service Name
   • Tag
   • CVE
   • Management Ports
   • Domain

2. A sort button toggles from highest to lowest count and back for each fast filter option.

3. Checkboxes filter the table to the right, displaying all records that match the selected criteria.

4. A total count displays for each fast filter option.

# Custom filter

1. Select the Filter icon to narrow the Ports table results. If any port has a CVE (common vulnerabilities and exposures) associated with it, the name and instance count of that CVE vulnerability or exposure display as filter options.

   See the Search, Sort, and Filter tables section for customizing the table display and the Save applied filter as a preset to save your user-defined filters for reuse.

2. Select any Ports table row to display the port details page in the slide-out panel that includes a port screenshot (if available), information, all associated CVEs, and the discovery chain for the port display.

   

   The Port Details includes four tabs: Overview, Details, Discovery, and Comments.

   Note

   Select the eye icon to the far right on any row to display a full page view of the Port details.

   

# Screenshot gallery

The screenshot gallery displays images that have been collected for each port. It can be accessed by selecting EASM -> Ports and then selecting the Screenshot Gallery icon.

The screenshots display by port by default. Select the Group by perception button to display only unique screenshots, with a count of how many ports each is associated with. Select any image's number to navigate to a table with all its associated ports.

Perceptual groupings are achieved by using a perceptual hash algorithm, which assigns a distinct and comparable hash to each image collected by our website image scanner. You can learn more about this technology here.

The Group by Perception button toggles to display as Group by Port, and selecting it will return the screenshot gallery to those screenshots grouped by the selected port.

# Favicon Hash

If a port has a favicon (/favicon.ico), the HTTP Metadata scan will fetch an mmh3 hash of it.

# Create Policy

See the Policies section for details on creating alerts for this asset type.