πAsset information
Describes the features provided by the Monitoring Menu > Information area on the right.
1. Domain Assets
Root Domain
Indicates the domain that is located at the top of the domain property of the OK Intelligence service.
If you enter a domain asset as the root domain, you can automatically search for the subdomains below, select the subdomains that you searched for, register them as assets, and manage them in combination with the root domain.
If you select the root domain asset, you can further check the validity of the domain and the status of the subdomain.
Sub Domain
Indicates the domain below the root domain, which is the parent domain in the domain property of the OK Intelligence service.
Subdomains retrieved from the root domain can be easily registered and grouped with the root domain to be managed together, but only subdomains can be entered separately when entering the main asset.
When the root domain is entered, the subdomains can be grouped together on the basis of the root domain at any time.
1) Domain Valid
When selecting a subdomain, the 'Domain Validity' status will not be displayed. This status can be checked when choosing the 'Root Domain'.
When a root domain is registered, selecting the root domain displays the 'Domain Validity' status. The validity is checked by comparing the purchase date with the expiry date, and the result is shown as the remaining days.
Click the [i] button to view a guide on the inspection criteria.
[The criteria for validating the domain]
Domain validity checks display statuses according to the following criteria.
Valid: This means that there are more than 90 days left. Graph colors are shown in blue.
Coution: This means that there are 30 to 89 days left. Graph colors are shown in orange.
Expiring Soon: This means that there are 7 to 29 days left. Graph colors are shown in orange.
Urgent: This means that you have less than 7 days left. Graph colors are shown in red.
Expired : From the expiration date, it is marked as 'Expiration', and the number of days past is marked as -. Graph colors are grayed out.
2) SSL Valid
When you select Domain Assets from the sidebar, the SSL validity status is displayed. The SSL validity of the domain is checked by calculating the period from the issue date to the expiration date of the certificate, and the result is shown as the number of days remaining.
Click the [i] button to view the guidance window on inspection criteria.
[SSL Validity Check Criteria]
Valid: Indicates a period of 90 days or more remaining. Graph colors are shown in blue.
Caution: Indicates a period of 30 to 89 days remaining. Graph colors are shown in orange.
Expiring Soon: Indicates a period of 7 to 29 days remaining. Graph colors are shown in orange.
Urgent: Indicates a period of less than 7 days remaining. Graph colors are shown in red.
Expired: Displayed as 'Expired' from the expiration date, with elapsed days shown as '-'. Graph colors are grayed out.
3) Certificate Inspection
Select domain assets from the sidebar to view the certificate inspection status. The result of the domain's certificate check is displayed as a score. Click the [i] button to see a guide on the inspection criteria.
If there is no certificate for the domain, it does not meet the inspection criteria.
[Certificate Review Criteria]
Host Name Matching (30 points): This checks if the host name matches. If it matches, it earns 30 points; if it doesn't, it receives 0 points.
Certificate Trustworthiness (35 points): This evaluates whether the certificate is a recognized public certificate. A recognized certificate earns 35 points, whereas a non-trustworthy certificate earns 0 points.
Certificate Expiry Date (35 points): This checks the status of the certificate's expiry date. If it is more than 90 days until expiry, it earns 35 points; if less than 90 days, it earns 15 points; if expired, it gains 0 points.
Scores from each category are totaled to calculate a final score. The total score is out of 100 points, and each score range is labeled as follows:
90 to 100 points: It means safety, and the graph color is shown in green.
50 to 89 points: Indicates a warning, and the graph color is shown in orange.
0 to 49 points: This indicates vulnerability, and the graph color is shown in red.
4) Sub Domain
When selecting a 'subdomain,' the 'subdomain' status will not be displayed. This status can be checked when selecting the 'root domain.'
If you have registered a root domain, the status of the 'subdomain' will be displayed when selecting the root domain. [i] Click the button: You can find detailed information about the status of the sub-domain. For new, the graph color is shown in blue, and for registration, the graph color is shown in green.
All : Displays the entire subdomains numerically. This represents the sum of the newly discovered subdomains and the current asset-registered subdomains, and clicking on the numerical value displays the full subdomains window where you can see the newly discovered and registered subdomains.
New : This refers to a newly discovered number of subdomains in the search. In the newly discovered list of subdomains, the asset-registered subdomains are counted by changing to the asset-registered number rather than the asset-registered number.
1. After clicking the full number, click 'New Discovery Subdomain Tab' to display a list of newly discovered subdomains and select the subdomains to register as assets from the list to register as assets at once. 2. Displays the date and time when the new subdomain list was updated. You can manually update the list by clicking the Refresh button in the upper right corner. 3. Check the sub-domain to be registered and managed as an asset, and click the Register button to change that sub-domain to the registration domain and add it to the sidebar as an asset card.
Once registration is complete, the subdomain you selected under the top-level domain will be added as an asset card.
Registration : If you have selected and registered a sub-domain to be registered in the New Sub-Domain Discovery window, that sub-domain will be changed to the 'Registration' value. You can see the registered sub-domains by clicking 'Registered SubDomain Tab' in the full sub-domain window displayed when you click on the full number.
5) Sub Page
You can check the status of the registered sub-page based on one minute by adding a sub-page to the registered domain property. [i] Click the button: You can find detailed information about the status of the sub-page. If normal, the graph color will be blue, and for errors, the graph color will be green.
The numbers displayed in the status indicate.
All : means the total of registered sub-pages. If no first registered sub-pages are present, it will be shown as 0, and if you click Full, you will see a full sub-page window where you can list the sub-pages you have registered or add new sub-pages.
Normal : It means the number of pages that are currently in a normal state as a result of checking the registered sub-page. Check the status of the sub-page and check 'Normal' for all codes except error codes.
Error : This indicates the number of pages that are currently in error status as a result of the registered sub-page check. Check the status of the sub-page and if it is a client error and a server error code, check it as 'Error'.
- When you click on the full figure, the full sub-page window is displayed. You can view the details of the sub-page and add the sub-page by clicking the [+Create] button.
- Sub pged path : Enter the sub-page path of the domain to check for status, including '/'.
- Memo : Enter a note of the path to the subpage that you entered.
6) Certificate check status
Select "Domain Assets" from the sidebar to view the connection status. Check two aspects of the domain's connection status: if both are 'UP', it will be marked as 'UP'. Click the [i] button to view a guide on the checking criteria.
Status Code: Click on the status code (e.g. (200 / OK)) to view detailed information about the current status.
7) Connection Speed
When you select a domain asset from the sidebar, the connection speed is displayed. A line graph shows the maximum, average, and minimum connection speeds for the domain in milliseconds, based on a 5-minute interval. By selecting the legend in the upper right corner, you can view the graph excluding the selected maximum, average, or minimum lines.
8) Summary Information
When you select a domain asset from the sidebar, a summary is displayed showing the domain's access speed, average speed, uptime, and certificate expiration date.
Click the [i] button to view detailed information about the domain.
For root domain assets, a Common tab is provided in addition to the SSL tab in the details view.
2. Server Assets
1) Allowed Ports
You can manage the server's ports by specifying which ports the administrator permits. Once a port is registered as an allowed port, an immediate notification will be sent if any other ports are opened.
You can register allowed ports using the following two methods:
Click the [Register] button from the allowed port list to manually register an allowed port.
In the port scan results list, click the More menu > Register Allowed Port to directly register an allowed port from the list.
(1) Register Allowed Port
[Register]: Click the register button to add the port you want to allow on the server.
- Port: Enter the port number to register as an allowed port.
- Service: Enter the service name of the port to register as an allowed port.
- Note: Enter a note for the port to register as an allowed port.
(2) Modifying Allowed Ports
In the allowed ports list, you can click the "More" menu, then select the [Edit] option to modify the registered allowed port information.
(3) Delete Allowed Port
Click the "More" menu on the allowed ports list, then select [Delete] to remove the registered allowed port information.
2) Port Scan
You can scan the server by specifying a range of ports.
(1) Set the scan range and start scanning.
Open Port: Scans all open ports.
Known Ports (0 ~ 1023): Scans only known ports.
Direct Input: Enter specific port numbers or ranges to scan only those ports.
(2) Scan Individually from Scan Results
To quickly check the status of a specific port, click on the 'More' menu in the list of scanned results and select 'Single Scan'.
(3) Register Allowed Ports from Scan Results
In the scan results list, click the "More" menu, then select "Register Allowed Port" to directly register a port as allowed from the scan results.
3. Cloud Assets
By entering the AWS Access Key ID and Secret Access Key to register as a cloud asset, a review of 9 IAM items on AWS can be conducted. Once registered as a cloud asset, the OK Intelligence system carries out a full review of these 9 IAM items automatically once daily, eliminating the need for manual checks by administrators.
Upon the initial registration of a cloud asset, an IAM check will be forcibly conducted on 9 selected items by the system. After the initial comprehensive check, you can review the results and proceed with manual checks from the right screen area.
For enhanced security, it is recommended to conduct a separate full audit based on AWS's official guidelines.
Inspection: Click the [Inspect] button to sequentially review the 9 IAM items.
OK Intelligence assesses these selected 9 items and evaluates them based on a scoring system criteria.
Checklist
Score
Explanation
Custom Policy Inspection
15
Adherence to the Principle of Least Privilege
Password Policy Review
15
Set a Strong Password Policy
MFA Usage Check
15
MFA Usage
Access Key Check
12
Access Key Management Status
Unassigned Group Administrator Check
10
Group-based assignment of administrator privileges
Duplicate User Check
8
Existence of Duplicate User Accounts
Checking Inactive Accounts
10
Management status of inactive accounts over a set period
Administrator Console Usage Check
5
Console Login Activity Monitoring
Administrator Activity Pattern Check
10
Detecting Anomalous Patterns in Administrator Activity
Once the inspection is complete, the results will appear as a status on the next screen. In the IAM inspection area, you can manually perform inspections and view detailed inspection results at any time.
1) Comprehensive IAM Audit
You can check the audit results for all 9 items. Clicking the [i] button will display a window with audit standards information.
The comprehensive IAM check provided by OK Intelligence examines only 9 selected IAM security items, and scores are evaluated according to their own scoring criteria.
[Overall IAM Assessment (9 Criteria) Guidelines]
Assessment Item Guide
Checklist Items
Score
Explanation
User-Defined Policy Inspection
15
Compliance with the Principle of Least Privilege
Password Policy Review
15
Setting a Strong Password Policy
MFA Use Inspection
15
Use of MFA
Access Key Inspection
12
Access Key Management Status
Unassigned Group Administrator Check
10
Group-based assignment of admin rights enabled or not
Check for Duplicate Users
8
Check for Duplicate User Accounts
Inactive Account Review
10
Management Status of Inactive Accounts for a Certain Period
Administrator Console Usage Check
5
Console Login Activity Monitoring
Administrator Activity Pattern Check
10
Detection of Anomalous Patterns in Administrator Activity
Evaluation Criteria and Calculation Method
Evaluation Criteria
Calculation Method
Full Compliance: 100% of item score
Non-compliance: 0 points
Check compliance status for each item (Complete/Non-compliant)
Score per Item = Item Points x Compliance Status (100% / 0%)
Total Score = Sum of all item scores (out of 100)
Status Based on Score
Total Score
Status
90 ~ 100 points
Good
50 ~ 89 points
Warning
0 ~ 49 points
Vulnerability
2) Overall Security Classification
The overall security rating is evaluated based on the total score from 9 selected IAM assessment items. Only these restricted items are checked rather than all AWS IAM security items, and ratings are based on our scoring criteria.
For enhanced security, it's recommended to perform a full assessment according to the AWS official guidelines.
Click the [i] button to view the assessment criteria guide.
[Security Classification Guidelines]
Grade
Score
Explanation
A
90 ~ 100 Points
The compliance status of 9 IAM account inspection items is satisfactory.
B
80 ~ 89 points
The compliance status of 9 IAM account inspection items is set to default compliance.
C
70 ~ 79 points
Among the IAM account inspection items, 9 items are generally compliant but require improvement for each item.
D
50 ~ 69 points
The compliance status of 9 IAM account check items is weak; immediate improvement is needed for each item.
F
0 ~ 49 points
Out of the IAM account inspection items, 9 items are in a critical risk state and require comprehensive security review and restructuring.
3) All Security Issues
You can view the security issues from the IAM inspection results numerically. By clicking on the security issue numbers, you can quickly see only the issues that arose in a separate window, out of the nine categories of the overall inspection results.
4) IAM Manual Check
(1) Overall IAM Inspection
We are conducting an IAM assessment covering a total of 9 items.
(2) Select IAM Checkup
Only the IAM items directly selected by the administrator will be inspected.
5) Inspection Results
Once the inspection is complete, you can review the inspection status, type, items, summary, security status, and date in the inspection results list. For detailed results, click on the magnifying glass icon in the summary section.
4. Alert Log
Each asset provides notification logs below. They are sorted by occurrence date and display events that have occurred for each asset.
Domain
Server
Cloud
Last updated
Was this helpful?