# Ports Ports are one of the single largest risks to your attack surface. Every piece of computing technology on your attack surface is exposed through a TCP or UDP port, and is the beginning of a potentially complex series of steps to attack your company. NetSPI discovers internet-facing ports by performing full TCP connect port scanning against all IP addresses discovered on your attack surface. ![Ports table](/static/easm/asm_ports.png "Ports table") ## Accessing the Ports page Select (or hover over) EASM in the side navigation and then select Ports to display the Ports page. ![Ports page](/static/easm/ports_page_example.png) ## Filter ports and view CVEs There are three ways to filter the ports table to bring focus to the details that matter most to you. - Top row filter cards - Fast filter in the side navigation - Filter icon for custom filtering ### Filter cards The top row of the Ports page displays ports cards for open, closed, domains, and IP addresses . ![Ports card filters](/static/easm/ports_card_filters.png) 1. Select any one of the Findings filter cards to filter the Ports table to display data that matches the selected card. The Active Filters row displays at the top of the table when you select a filter card so that you can see which states are included/excluded in the filtered list. !!! Hover over any metric card's graph to view a specific date statistics for that metric. !!! 2. Select the *Clear All* link in the Active Filters field to remove all filter criteria. ### Fast filter The fast filter functionality is located in the side navigation within the Ports page. It provides a quick way to filter on items that are likely to be the most important to you. ![Ports fast filter example](/static/easm/ports_page_fast_filter_example.png "Ports fast filter example") To apply the fast filter, select checkboxes for as many of the fast filter criteria as you need, scrolling down to view more items. As you select or clear checkboxes, the table dynamically changes to display port results matching your selections. Use the image and text below for more details on the Ports page fast filter functions. ![Ports page fast filter](/static/easm/ports_page_fast_filter_2.png "Port page fast filter") 1. There are multiple fast filters for different aspects of the selected page (Port Number, Service Name, etc.). The Ports page's fast filter items include: - Port Number - Service Name - Tag - CVE - Management Ports - Domain 2. A sort button toggles from highest to lowest count and back for each fast filter option. 3. Checkboxes filter the table to the right, displaying all records that match the selected criteria. 4. A total count displays for each fast filter option. ### Custom filter 1. Select the [Filter icon](/general-navigation/search-sort-and-filter-tables/#apply-a-new-filter) ![Filter icon](/static/filter_icon.png) to narrow the Ports table results. If any port has a CVE (common vulnerabilities and exposures) associated with it, the name and instance count of that CVE vulnerability or exposure display as filter options. !!! See the [Search, Sort, and Filter tables section](/general-navigation/search-sort-and-filter-tables/) for customizing the table display and the [Save applied filter as a preset](/general-navigation/search-sort-and-filter-tables/#save-applied-filters-as-a-preset) to save your user-defined filters for reuse. !!! 2. Select any Ports table row to display the port details page in the slide-out panel that includes a port screenshot (if available), information, all associated CVEs, and the discovery chain for the port display. ![Port details](/static/easm/port_details.png "Port details") The Port Details includes four tabs: Overview, Details, Discovery, and Comments. !!! Note Select the eye icon ![Eye icon](/static/easm/eye_icon.png) to the far right on any row to display a full page view of the Port details. ![Full page Port details](/static/easm/port_details_full.png "Full page Port details") !!! ## Screenshot gallery The screenshot gallery displays images that have been collected for each port. It can be accessed by selecting EASM -> Ports and then selecting the Screenshot Gallery ![Screenshot gallery icon](/static/easm/screenshot_gallery_icon.png) icon. ![EASM port screenshots](/static/easm/asm_screenshots.png) The screenshots display by port by default. Select the **Group by perception** button ![Group by perception](/static/easm/group_by_perception_button.png) to display only unique screenshots, with a count of how many ports each is associated with. Select any image's number to navigate to a table with all its associated ports. Perceptual groupings are achieved by using a perceptual hash algorithm, which assigns a distinct and comparable hash to each image collected by our website image scanner. You can learn more about this technology [here](https://www.hackerfactor.com/blog/?/archives/432-Looks-Like-It.html). The **Group by Perception** button toggles to display as **Group by Port**, and selecting it will return the screenshot gallery to those screenshots grouped by the selected port. ## Favicon Hash If a port has a favicon (/favicon.ico), the HTTP Metadata scan will fetch an [mmh3 hash](https://en.wikipedia.org/wiki/MurmurHash#MurmurHash3) of it. ## Create Policy See the [Policies section](/easm/assets/policy/) for details on creating alerts for this asset type.