6.2 Network Topology

πŸ“– Overview

The Network Topology module offers a visual and interactive map of your entire internet-facing infrastructure. It illustrates the relationships between your domains, IP addresses, technologies, ports, and vulnerabilities in real-time β€” enabling you to understand your attack surface as a connected structure, not just a list.

🧠 Think of this as a cybersecurity radar that shows how all your digital assets are linked, and where your weaknesses may lie.

🧩 What It Displays

🧱 Nodes:

Each node represents an entity in your infrastructure:

  • Domain or subdomain (e.g., app.yourcompany.com)

  • IP Address

  • Open port or protocol (e.g., 443/HTTPS, 21/FTP)

  • Technology in use (e.g., PHP, MySQL, WordPress)

  • Associated vulnerability (if found)

πŸ”— Connections:

Lines between nodes show direct associations such as:

  • Domains resolving to IPs

  • IPs running services on specific ports

  • Ports linked to technologies or risk factors

🎨 Node Indicators:

Each node is color-coded based on its type or threat level:

  • πŸ”΅ Domain

  • 🟠 IP Address

  • πŸ”΄ Critical Vulnerability

  • 🟑 High Risk

  • 🟒 Safe

  • ⚫ Unknown/Other

πŸ–₯️ Interactive Features

  • Zoom & Pan β€” Explore the map freely or fit to screen

  • Filter Nodes β€” Search by domain, IP, or vulnerability

  • Layout Options β€” Switch between graph models (e.g., CoSE, Circle, Grid)

  • Export β€” Download your topology as a PNG for reports or auditing

  • Node Detail Panel β€” Click any node to view:

    • Associated ports

    • Technologies

    • Resolved IP

    • Detected vulnerabilities

πŸ› οΈ Why It Matters

Traditional asset lists can’t show how things are connected β€” and attackers exploit relationships.

This view helps you:

  • Detect exposed nodes with shared risk

  • Identify forgotten or shadow systems still reachable

  • Spot single points of failure or shared infrastructure risk

  • Understand potential pivot paths in case of breach

πŸ” Example Scenarios

Use Case
What You Can Discover

A vulnerable service on shared IP

Multiple domains exposed through one IP

A forgotten subdomain still active

Visualized next to your main infrastructure

A non-SSL port open to internet

See it linked under an insecure protocol node

A legacy PHP app next to new stack

Legacy risk adjacent to modern services

βš™οΈ Best Practices

Action
Why It Matters

Review the topology weekly

Spot new or unauthorized connections

Export before change deployments

Compare before/after network footprint

Investigate isolated nodes

May indicate misconfigurations or forgotten assets

Monitor for red nodes

Indicates confirmed vulnerabilities

🎯 The Network Topology module turns your digital surface into a visual map of risk. Not only will you see what’s online β€” you’ll see what’s connected, and what needs to be secured.

Previous6.1 Asset ManagementNext6.3 Vulnerability Scan

Last updated