DeepSurface: Configuration Alerts
DocumentationInstallation GuideOverviewLet DeepSurface Host For YouGetting StartedSystem RequirementsSelf Hosted Quick Start - Installing to Cloud PlatformsSelf Hosted - Installation Using an OVARegistration, Package Installation, and InitializationFirst Steps After Initialization of the ConsoleDeployment OptionsMain and Subordinate ConsolesAgent-Based DeploymentUser Managed Scan DeploymentCredentialed Scanning DeploymentMixed EnvironmentDeployment ToolsActive Directory Group PolicyMicrosoft Endpoint Configuration Manager (part of InTune)Tanium DeployHCL BigFixIvantiVirtual MachinesVMWareVirtual BoxVirtualBox Guest AdditionsAWS EC2 (BYOL)AWS EC2 (Usage Based)Azure CloudGoogle CloudAdditional Items to ConsiderMain Console Server CertificatesLDAPTOFUClock SyncDeepSurface CommandsMultiple Vulnerability SourcesAPI DocumentationUser GuideReportingDashboardsExportsRisk InsightHostsPatchesVulnerabilitiesVulnerability InstancesUsersRemediation Workflow ManagerPlansSettingsIntegrationsWorkflowExportingAccepted Risk PlansAccepted Risk WorkflowExploreModelPathsActivityTasksConfiguration AlertsScan LogsNotification SettingsScanningStatusAgentsUser ManagedCredentialed Scanning SettingsCredentialsScan GroupsGeneral SettingsCloud ScanningNetwork ConnectivitySubordinatesVulnerability SourcesSetupSensitive Assets: PolicesSensitive Assets: ManualAdmin SettingsSMTP SettingsCertificatesOutbound ProxyAuthentication ProvidersUsersTagsIntegrations GuideVulnerability SourcesCrowdStrike SpotlightSentinelOneCarbon Black CloudMicrosoft Defender for EndpointWazuhLansweeper CloudNessus APITenable.io APISecurity Center/Tenable.sc APIRapid7 InsightVM APIQualys APINozomi GuardianEclypsiumAWS InspectorRemediationJira SoftwareTanium (BETA)Authentication ProvidersLDAP (Active Directory)SAML (Azure Active Directory)SAML (Google)SAML (Okta)PAMCyberArkDelinea (Thycotic)Microsoft LAPSSecurity GuideFirewall ConfigurationBase Network RequirementsAgent Network RequirementsCredentialed Scanning Network RequirementsAPI Network RequirementsHow DeepSurface Scans WorkDomain (LDAP) ScanningHost Scanning RoutineReasons for the Administrative Access RequirementEndpoint Protection ConsiderationsOther ItemsScope of Data Storage and RetentionIPS/IDS ConsiderationsLoggingResetting the DSADMIN passwordProduct InformationChangelogsOpen source LicensesEnd User License Agreement (EULA)
Configuration alerts highlight potential problems with the configuration of the DeepSurface application. Examples of misconfigured settings
often have to do with, but are not limited to integrating with third-party APIs and systems, smtp settings, and domain settings. They also identify cases where DeepSurface was unable to obtain information from potentially useful sources during a scan. Refer to the screenshot below.

The screen is mainly divided into the filters on the top and the results on the bottom.
Filters
The amount of configuration alerts can sometimes be staggering, and therefore it can be helpful to filter down the results
to a narrower set of more digestible information.

- Priority: One of four possible values: All, High, Medium, or Low.
- Category and Type: There are many categories, and within categories, there are many sub-types. The sub-types selector will change depending on which category is selected.
- Subject: Filter your results by a key word in the alert subject. This works just like you might expect. Type in a string such as include "credentials", "unconfigured", or "failed" to narrow the results.
- Show Hidden Alerts?: You can optionally hide a given alert. It may be an alert you know is not a problem or one with a near-term remediation plan. You will also get false alerts when DeepSurface tries to scan an unsupported device such as a router.
Selecting this box displays alerts you have previously hidden.
Results
Each configuration alert will appear in the list below. For ease of use, only 100 alerts are displayed at a time, it is advised to filter down the list to try to find specific alerts that you are looking for. The alert item in the list will give basic information about a given alert, in order to see all the details, click on the right carret (arrow) button for an alert and a modal will pop up showing you more information. Sometimes an alert will have a suggested fix or action associated with it, if that is the case, the button in the lower right of the modal will take you to a part of the application where the specifics of this alert can be addressed.
