User Guide

Changelog

This page shows the change log for the SATAYO Threat Intelligence Platform (TIP).

4.11 released on 2024-08-14

  • added IP enrichment with nat configuration and additional information. This information is useful to enrich the context at the customer infrastructure level and consequently provide more precise remediation indications on tickets.

  • added Hudson Rock Cavalier Platform Integration. This integration significantly improves SATAYO’s coverage of infostealer logs.

  • added Combo List Integration. When combo lists are detected on different types of sources, they are indexed and displayed in the “Breached Account” section or in the “Market” section, depending on the type of combo list.

  • added Check the presence of detected vulnerabilities within the KEV (Known Exploited Vulnerabilities) catalog

4.10 released on 2024-05-07

  • added Related tickets for users in the Mail section

  • added username visibility in market evidence

  • added list of usernames for market resources

4.9 released on 2024-03-25

  • fixed bug fixed and performance improvements

  • security multiple security improvements

4.8 released on 2024-02-05

  • added Different filters for Vulnerability

  • added License page

  • changed Improved tables for Vulnerability evidence

  • fixed Bug during CSV export of Mail evidence

4.7 released on 2024-01-05

  • added VIP Password Global Overview

  • added Breached VIP Accounts Global Overview

  • added Global Overview for Domain tld, Domain similar, Domain suspicious, Domain correlated and Domain phishing Global Overview

  • added Ransomware Monitor Statistic, Search and Evidence

  • added the possibility to set email accounts as disabled to stop receiving tickets related to them

4.6 released on 2023-10-03

  • added Blacklist indicators & indicators page

  • added Ransomware Monitor

  • added alert for changing vip email

  • added Context Data of various data breaches (Federprivacy)

  • added EPSS score in CVE page

  • changed split the market into two tabs: Evidence and Risk Accepted

4.5 released on 2023-07-05

  • added access to the managed status page for partners

  • added checks if an email is attached to an account on miro.com

  • added Mail VIP Global Overview

  • added difference between old and new evidence in the search box

  • added links for the different domains in global cve page

  • added set up your organization’s VIP mail accounts

  • fixed bug in count Filtered Tickets and Total Tickets

4.4 released on 2023-05-03

  • added Market Global Overview

  • added Sandboxes Global Overview

  • added Severity overview of the market resources

  • added New dashboards have been created on the Status Managed page

  • added the value of the remaining credit to the market pages

  • added Use of VirusTotal and Shodan to retrieve subdomains

  • added view filtered tickets on the dashboard

  • added Unsubscribed Social & Services

  • changed Overview for ticket in the managed service

4.3 released on 2023-03-19

  • added Traffic Light Protocol (TLP) system for classifying sensitive information

  • added fixed vulnerabilities are now highlighted with a green tick

  • added advanced profile search within Instagram

  • added IntelX platform content integration

  • fixed phone evidence

  • fixed new research notification

4.2 released on 2023-01-11

  • added Information regarding the tactics and techniques of the MITRE ATT&CK®

  • added Context Data of various data breaches (azazie, virustotal(multiple combolists), amway, brazilcatho, twitter200M, deezer, gemini, radioitalia, whitepages, ticketcounter, flexbooker, guntrader, onlinerspambot, imesh, netlog)

  • added registrant information for domain link

  • added VIP account - VIP accounts can now be monitored. VIP accounts are those relating to senior figures with a domain outside the monitored ones (e.g. gmail). VIP accounts must be reported by opening a ticket.

  • fixed bug fix

  • fixed domain similar notification

  • fixed 2easy market scraper

4.1 released on 2022-11-04

  • added new item sandboxes

  • added SATAYO user guide (link in menu)

  • added link from JIRA to SATAYO (managed service)

  • added The “Global Overview” provides a cross-domain view of the evidence found

  • changed graph icon

  • fixed Russian market scraper

  • fixed CVE order by CVSS score v3

  • security low vulnerability patch

4.0 released on 2022-10-10

  • added description field to CVE export

  • added Context Data of various data breaches (Exactis Netprospex StockX Start.ru (new Breach) Stripchat Tapa Airport)

  • fixed order column cvss for CVE evidence

3.7 released on 2022-07-13

  • added Continuous monitoring of the evidence published in the Genesis and Russian market places

  • added On the items relating to ports and vulnerabilities, evidence is given if that resource resides on IPs directly managed by the organization

  • added Context Data of various data breaches (Disk Union, Coin Pay Ex)

  • added severity field for the ticket in the managed service

  • changed overview for ticket in the managed service

3.6 released on 2022-06-13

  • added Parsing DMARC and SPF with verification of warnings or errors

  • fixed domain evidence in report

3.5 released on 2022-05-19

  • added Correlation of the CVEs identified with their presence within the TTPs (Tactics, Techniques, Procedures) used by threat actors

  • added Description of the identified CVEs

  • added Indication of the fact that the CVEs identified concern IPs present within IP blocks directly managed by your organization

  • added Management of related domains item: ability to manually add directly managed domains (black suitcase icon); automatic correlation through WHOIS record analysis of domains residing on networks not directly managed (black suitcase icon); automatic correlation through WHOIS record analysis of domains residing on networks not directly managed (blue suitcase icon)

  • added Context Data of various data breaches (adapt, riaru ,readnovel, mgm)

3.4 released on 2022-03-06

  • added Interactive Network Visualisation (beta)

  • added evidence of the paste value

  • added domains defined as suspicious since they contain the company’s domain

  • added Context Data of various data breaches (500px, animaljam, bb, animoto, annual, bitly, crackingforum, dave, eatstreet, indiamart, xhamster, youku, zomato, adityaBirla, yahoo, abandonia, aimjunkies, autohotkey, bitcointalk, bitshacking, bleachanime, couponmom2014, cfire, cheapassgamer, chinaeko, comicbookresources, crackingitaly, digitalgangster, openraid, combo, neteller)

3.3 released on 2021-11-26

  • added SATAYO now searches for Google and Amazon Buckets as well as Azure Conteiners related to the company domain.

  • added “Last modified” column in file evidence

  • added Possibility to mark as verified the emails that are reported within the various data breaches. The date and the user who carried out the verification are associated. In the event of new emails present in the future in the same data breach, a new verification by the organization is required.

  • added hashes of files found by SATAYO

  • changed improved file search by SATAYO

  • fixed VirusTotal Evidence

  • security Addition of the CSRF token to all user-interactable forms.

3.2 released on 2021-10-19

  • added API (Application Programming Interface): on the export page, accessible from the home page, it is now possible to enable your token to use the API and integrate the evidence collected by SATAYO into other platforms.

  • added Subdomain Takeover Checker. This evidence allows an attacker to set up a page on the service that was being used and point their page to that sub-domain.

  • added The related domains are now shown only in case of resources of those domains present on IP blocks managed directly by your organization. The reference IP of that particular domain is also indicated.

3.1 released on 2021-10-13

  • added MFA (Multi Factor Authentication): now, through the user menu, it is possible to configure the second authentication factor to make access to SATAYO more secure. Currently, the Google Authenticator app can be used as a second authentication factor.

  • fixed Domain date format

3.0 released on 2021-09-24

  • added Internal search engine. Through this feature it is possible to search for IP addresses, hostnames, email accounts, CVEs, data breaches in all the evidence discovered by SATAYO for the organization’s domains.

  • added Continuous, real-time scraping of Pastebin, with verification of evidence relating to the organization, using the configured keywords.

  • added the evidence of ip addresses managed directly by the company

  • added SATAYO now searches for similar domains used in phishing campaigns

2.5 released on 2021-08-16

  • added Information relating to the target within the records relating to the related domains, highlighting the types of the record.

  • added Context Data of various data breaches (Badoo, Boxee, Lumin, Cafepress, Evite, Edmodo, BitLy, Pixlr, EyeEm, Liker, Houzz…)

  • added Now from the password section it is possible to have evidence of the data breaches within which that password is present

  • added A threat actor has leaked a list of Fortinet VPN login names and passwords that were allegedly scraped from exploitable (see CVE-2018-13379) devices in 2020 summer. SATAYO checks if the IPs of your organization are within this list.

  • added A threat actor has leaked a list of Ivanti Pulse Connect Secure potentially vulnerable (see CVE-2021-22893 and CVE-2019-11510). SATAYO checks if the IPs of your organization are within this list.

  • changed Alignment of information enrichment (registrar, country) relating to the types of domains managed (TLD, similar, related).

  • fixed export Hostnames/IPs

2.4 released on 2021-07-07

  • added new Open Bug Bounty notify

  • added information in the Open Bug Bounty page

  • changed score calculation for Open Bug Bounty. Now the status and date of release are considered.

  • fixed country flag

2.3 released on 2021-03-18

  • added verification of the existence of MX records for domain similar and subsequent verification of the presence of the same in the blacklist

  • added check if the domains (correlated, similar and TLD) are managed by the organization in SATAYO

  • added checking the contents of robots.txt. If there are paths in the file related to administrative areas, an alert is displayed

  • added navigation menu on the research and statistics page

  • added in the “Phone number” object, in the “Source” column, the web resource in which the telephone number has been identified is shown

  • added registrar information for domain link

  • added Improve hostnames research

  • added GRAPH: comparison between the different historical scores

  • added Evidence of similar or tld domain that are owned by the organization

  • fixed email validation

  • removed domain similar of organization in CSV files

2.2 released on 2021-03-01

  • added the “Global Executive Summary”, printable from home page, contains matrices that aim to provide a quick observation point on issues that require the assignment of a high degree of priorities in mitigation / remediation issues

  • added the Exposure Assessment Index Value (EAIV), visible both in the web report and in the docx format, shows the degree of exposure of the 3 macro areas (Infrastructure - Data, Files & People - Deep & Dark Web)

  • added possibility to export data, from home page and in csv / plain text format, of different types (Mail, Domain Similar [last 60 days], Vulnerability High, Hostnames/IPs, SSL problems, Registry, Password)

  • added possibility to change the display order of the accounts present in the data breach. Now they can be sorted based on the date of release of the data breach or the date of discovery by SATAYO

  • added notification for new deployments

  • added possibility to export data, from home page and in csv / plain text format, of different types (Domain Similar ALL, CVE ALL)

  • added data breach and context data

  • added check on the correct configuration of the records relating to the ip blocks used

  • added descriptive field on the methods used to retrieve evidence relating to ips and hostnames

  • fixed improvement in searching for ip resources not linked to hostname

  • fixed Arrangement of fields related to TLS exposure

2.1 released on 2020-12-28

  • added new social

  • added for each vulnerability, the possible presence of exploits available is shown

  • added in the main menu a page that allows you to view the contact channels to receive technical support

  • fixed report

  • fixed time ago with years and months

  • fixed more CVE entity

  • fixed network graphs

2.0 released on 2020-12-01

  • added Breach last update for this domain

  • added item’s last evidence

  • added PDL data breach raw

  • added Link for malicious verify scan

  • added favorite in registry

  • added mobileapps in report

  • added technologies graph in report

  • added a report in docx format, containing all the evidence found, can be downloaded from the Report area

  • changed the presence of every single email account is checked within about 120 different web services

  • fixed bug fix in keyword databreach

  • fixed home items date

1.9 released on 2020-11-03

  • added ips download CSV (beta)

  • added Home - Report print button

  • added export page

  • added API documentation

  • added keywords visibility for collected records

  • added security News page

  • added Item SSL

  • added Cit0day data breach raw

  • added 2,844 Troy Hunt collection data breach raw

  • removed ips download CSV (beta)

1.8 released on 2020-09-28

  • added LinkedIn mail enumeration

1.7 released on 2020-09-11

  • added Ips country

  • added research created date in home

  • added malicious verify scan for ip

  • added Item CVE

  • added Item PORT

  • added link password to mail

  • changed single mail view in Breached Accounts

  • fixed Image domain similar country

1.6 released on 2020-08-27

  • added Keywords in Deep & Dark Web

  • added breach insert time

  • added paste insert time

  • added Deep & Dark Web - Conti News

  • added Deep & Dark Web - exploit.in

  • added Domain similar country

  • changed New mail sort

  • changed New domain link sort

  • fixed clear table sort

  • fixed SSL cert number

  • fixed sort users

1.5 released on 2020-08-19

  • added Deep & Dark Web

  • added column permission in partner org page

  • added new DeepDarkWEB notify

  • added new IP blacklist notify

  • added new Hostname blacklist notify

  • added Deep & Dark Web - Maze

  • added Deep & Dark Web - Raidforun

  • added Deep & Dark Web - Twitter

  • added Deep & Dark Web - Telegram

  • added Deep & Dark Web - darksearch

  • fixed CSS table

1.4 released on 2020-08-13

  • added partner

  • changed user page

1.3 released on 2020-08-10

  • added table sort

  • added tool: pagine gialle

  • added item last update

  • added recover password

  • fixed microsoft vulnerabilities

1.2 released on 2020-07-01

  • added changelog

  • added mail insert time

  • added domain insert time

  • added ticket

  • changed UI color table

  • fixed Phone number

  • fixed Mail