6.2 Network Topology

📖 Overview

The Network Topology module offers a visual and interactive map of your entire internet-facing infrastructure. It illustrates the relationships between your domains, IP addresses, technologies, ports, and vulnerabilities in real-time — enabling you to understand your attack surface as a connected structure, not just a list.

🧠 Think of this as a cybersecurity radar that shows how all your digital assets are linked, and where your weaknesses may lie.

🧩 What It Displays

🧱 Nodes:

Each node represents an entity in your infrastructure:

  • Domain or subdomain (e.g., app.yourcompany.com)

  • IP Address

  • Open port or protocol (e.g., 443/HTTPS, 21/FTP)

  • Technology in use (e.g., PHP, MySQL, WordPress)

  • Associated vulnerability (if found)

🔗 Connections:

Lines between nodes show direct associations such as:

  • Domains resolving to IPs

  • IPs running services on specific ports

  • Ports linked to technologies or risk factors

🎨 Node Indicators:

Each node is color-coded based on its type or threat level:

  • 🔵 Domain

  • 🟠 IP Address

  • 🔴 Critical Vulnerability

  • 🟡 High Risk

  • 🟢 Safe

  • ⚫ Unknown/Other

🖥️ Interactive Features

  • Zoom & Pan — Explore the map freely or fit to screen

  • Filter Nodes — Search by domain, IP, or vulnerability

  • Layout Options — Switch between graph models (e.g., CoSE, Circle, Grid)

  • Export — Download your topology as a PNG for reports or auditing

  • Node Detail Panel — Click any node to view:

    • Associated ports

    • Technologies

    • Resolved IP

    • Detected vulnerabilities

🛠️ Why It Matters

Traditional asset lists can’t show how things are connected — and attackers exploit relationships.

This view helps you:

  • Detect exposed nodes with shared risk

  • Identify forgotten or shadow systems still reachable

  • Spot single points of failure or shared infrastructure risk

  • Understand potential pivot paths in case of breach

🔍 Example Scenarios

Use Case
What You Can Discover

A vulnerable service on shared IP

Multiple domains exposed through one IP

A forgotten subdomain still active

Visualized next to your main infrastructure

A non-SSL port open to internet

See it linked under an insecure protocol node

A legacy PHP app next to new stack

Legacy risk adjacent to modern services

⚙️ Best Practices

Action
Why It Matters

Review the topology weekly

Spot new or unauthorized connections

Export before change deployments

Compare before/after network footprint

Investigate isolated nodes

May indicate misconfigurations or forgotten assets

Monitor for red nodes

Indicates confirmed vulnerabilities

🎯 The Network Topology module turns your digital surface into a visual map of risk. Not only will you see what’s online — you’ll see what’s connected, and what needs to be secured.

Previous6.1 Asset ManagementNext6.3 Vulnerability Scan

Last updated