The Explore area of the application is all about discovering and understanding your network as DeepSurface sees it. The Explore > Model section is all about mixing, matching, and visualizing all of the data that DeepSurface has gathered for you. It is possible to see a large portion of your network from a bird's eye view, and also dive down to the smallest detail of just one vulnerability instance.
The heart of the Model explorer is the Graph Visualizer. This powerful interface allows you to see all of the connections and pathways that DeepSurface has mapped out. However, when you first visit the page, the graph is empty. To remedy this, you can start adding different elements by selecting them in the graph menu section of the interface. You have several options on what to add to the graph visualizer:
You can toggle between the different element types with the selector at the top of the menu and DeepSurface will automatically show you the top 100 elements of that type, sorted by greatest overall percentage of your risk score. You can further narrow down this list by adding keywords to filter by. Once you have added a few elements, your graph will begin to fill out and possibly look something like this:
Now that your visualizer has some elements selected, you can see the list of selected elements in the lower section of the graph menu. At any time, you can remove a selected element by clicking on its remove button at any time. For some of the selected elements, mousing over them will highlight that particular element in the graph visualizer. This is not possible for all types of added elements ( patches and vulnerabilities do not have an associated element to highlight ), but is useful for quickly identifying a scope, node, path, or segment.
Once you have all of the items selected, it might be helpful to collapse the graph menu so that it does not take up any space on the screen. To do this, simply click "collapse" and the menu will appear as a tab in the top left of the screen.
Now lets focus on the graph visual itself. The graph consists of 3 main elements. Scopes, Segments, and Nodes.
Scopes are represented as boxes in the visualizer. A scope will always contain at least one node and may also be a host but does not necessarily have to be one.
Nodes are represented with a label and an icon. There are several types of node possibilities. A node of the graph could represent a user, a group, a shared folder, or a database, as possible examples. A node will usually have a line connecting it to another node in the graph. This line is the third main element in the visualizer, a segment.
Segments are represented as lines connecting different nodes. A segment can only exist if there is an exploitable vulnerability or implicit access between nodes. The risk level of a segment is represented by the color, dark red being the highest risk, down to a neutral light grey, signifying implicit access.
clicking on a segment will give you more information about what vulnerabilities are being exploited to achieve the connection between the nodes on your network. There are often several vulnerabilities present on a given segment and DeepSurface will let you dive into any or all of them as deeply as you like.
When a segment is selected, it will be highlighted in the graph, as well as the two nodes that it connects to. Once selected, a new modal will appear on the right of the screen showing an overview of the information DeepSurface has about that segment. The most prominent piece of information provided is a list of all the vulnerabilities present on this segment. Clicking into any of these vulnerabilities will provide you with all of the information that DeepSurface has gathered from our feeds and your particular vulnerability scanner. If you would like to investigat this vulnerability further, click the "Learn More" link and you be taken to the detail page for this vulnerability where you can see all of the details, affected hosts, available patches, CVSS breakdown, and exploit status, as well as all of the other information DeepSurface has for this vulnerability.
When a node is selected, DeepSurface will provide you with all of the information that we have gathered on the node. This may include its name, any vulnerable or potentially risky permissions and/or behavior (in the case of a user), and any alerts present.
Similarly, when selecting a scope in the graph, an informative modal will appear that gives you an overview of the given scope. If the scope also happens to be a host, a link to the detail page for that host will be present and you can click that in order to see everything DeepSurface knows about that host.
Similar to the graph menu, you might find it helpful to collapse the element information modal down to a tab as well. Just like in the graph menu, click the collapse button at the top of any of these information modals and the modal will instead appear as a tab in the top right of the screen, ready to open again whenever you wish to understand more about a given element.
One useful visual tool is the ability to dynamically find paths between 2 nodes in the visualizer. To do this, choose the "Find paths from here" option by either right-clicking on, or selecting a node and you will be prompted to select the second node you would like to find paths to. Once selected, DeepSurface will calculate the available segments and return a list that will appear in the information modal above the options. Hovering over any of the paths will highlight that path in the graph for you to see.
Not only is the Explore interface a good way to research and understand your model, it also includes a powerful editing interface as well. Any of the main elements discussed above can also be edited or even added to the model. You may have noticed that when clicking on any of the segments, nodes, or scopes, there was also an options menu at the bottom of the information modal. The same options can also be access by right-clicking on any element of the visualizer. To illustrate the power of editing, we can choose the "Add Segment" option when right-clicking on a node.
Here you can see that you are immediately asked to either choose an existing vulnerability to add to this segment, or even create a new custom vulnerability that is not yet in DeepSurface. You must choose either because, as stated above, a segment cannot exist without a vulnerability that is being exploited. If you decide to add an existing vulerability, you will be taken to another screen that will let you modify this particular instance that best suits the situation you are trying to create in the model. The form is divided into 2 sections. The upper section contains the actual vulnerability details themselves and therefore, if you want to edit any of that information, a warning will let you know that doing so will edit the details for EVERY instance of that vulnerability in the DeepSurface system. The lower section pertains to this specific instance of the vulnerability and therefore will not apply to any other if edited.
You can always go back and add or create as many vulnerabilities as you would like for this segment, noting that each newly added or created vulnerability will be added to the left-hand column. Clicking on any of the vulnerabilities in this column will bring up its form and allow you to make as many changes as you would like. Once you are satisfied with the vulnerabilities on this segment, click "Save all changes" and the alert will tell you what impact your changes will have on the model. If you agree to these changes, the form will save and you will now notice that the newly created segment has been added to the visualizer and now appears with the other selected elements in the lower left corner of the interface.
Adding, or editing scopes and nodes are a much simpler affair. Right-clicking on the visualizer on either of these elements will give you a simple form for changing the name, impact, parent scope, etc. And just like when creating a new segment, the visualizer will refresh to include the newly added or edited elements.