User Guide

Changelog

This page shows the changelog for the SATAYO Threat Intelligence Platform (TIP).

4.13

released on 2025-01-07

  • added email flags (Disabled, VIP User) in the Breached Accounts item for improved account status visibility

4.12

released on 2024-10-23

  • added The insert_time field to API responses to indicate the data discovery timestamp

  • added A new API endpoint to export the ticket list. The feature is available in the global APIs

  • added The ability to organize domains into groups and grant users restricted access to the platform

  • added Now the indication of the number of assets, used to manage the service quotation, can be viewed on the License page. In addition, a graph has been added to the Report section, showing the trend over time of the number of assets for each individual domain of your organization

4.11

released on 2024-08-14

  • added IP enrichment with NAT configuration and additional information. This information is useful to enrich the context at the customer infrastructure level and consequently provide more precise remediation indications on tickets

  • added Hudson Rock Cavalier Platform Integration. This integration significantly improves SATAYO’s coverage of infostealer logs

  • added Combo List Integration. When combo lists are detected on different types of sources, they are indexed and displayed in the Breached Account item or in the Market item, depending on the type of combo list

  • added Check the presence of detected vulnerabilities within the KEV (Known Exploited Vulnerabilities) catalog

4.10

released on 2024-05-07

  • added related tickets for users in the Mail item

  • added username visibility in market evidence

  • added list of usernames for market resources

4.9

released on 2024-03-25

  • fixed bug fixed and performance improvements

  • security multiple security improvements

4.8

released on 2024-02-05

  • added new filters for vulnerabilities in Vulnerability item

  • added new page License

  • changed improved tables for Vulnerability item

  • fixed Bug during CSV export of Mail evidence

4.7

released on 2024-01-05

  • added VIP Password Global Overview

  • added Breached VIP Accounts Global Overview

  • added Global Overview for Domain tld, Domain similar, Domain suspicious, Domain correlated and Domain phishing Global Overview

  • added new tabs Statistics, Search and Evidence

  • added the possibility to set email accounts as disabled to stop receiving tickets related to them

4.6

released on 2023-10-03

  • added Blacklist indicators & indicators page

  • added new page Ransomware Monitor

  • added alert for changing vip email

  • added Context Data of various data breaches (Federprivacy)

  • added EPSS score in CVE page

  • changed split the market into two tabs: Evidence and Risk Accepted

4.5

released on 2023-07-05

  • added access to the managed status page for partners

  • added checks if an email is attached to an account on miro.com

  • added Mail VIP Global Overview

  • added difference between old and new evidence in the search box

  • added links for the different domains in global cve page

  • added set up your organization’s VIP mail accounts

  • fixed bug in count Filtered Tickets and Total Tickets

4.4

released on 2023-05-03

  • added Market Global Overview

  • added Sandboxes Global Overview

  • added Severity overview of the market resources

  • added New dashboards have been created on the Status Managed page

  • added the value of the remaining credit to the market pages

  • added subdomain search with VirusTotal and Shodan

  • added view filtered tickets on the dashboard

  • added Unsubscribed column for Social & Services in the Mail item

  • changed Overview for ticket in the managed service

4.3

released on 2023-03-19

  • added Traffic Light Protocol (TLP) system for classifying sensitive information

  • added fixed vulnerabilities are now highlighted with a green tick

  • added advanced profile search within Instagram

  • added IntelX platform content integration

  • fixed phone evidence

  • fixed notification when a new research is available

4.2

released on 2023-01-11

  • added Information regarding the tactics and techniques of the MITRE ATT&CK®

  • added Context Data of various data breaches (azazie, virustotal(multiple combolists), amway, brazilcatho, twitter200M, deezer, gemini, radioitalia, whitepages, ticketcounter, flexbooker, guntrader, onlinerspambot, imesh, netlog)

  • added registrant information for domain link

  • added VIP account - VIP accounts can now be monitored. VIP accounts are those relating to senior figures with a domain outside the monitored ones (e.g. gmail). VIP accounts must be reported by opening a ticket.

  • fixed bug fix

  • fixed domain similar notification

  • fixed 2easy market scraper

4.1

released on 2022-11-04

  • added new item sandboxes

  • added SATAYO user guide (link in menu)

  • added link from JIRA to SATAYO (managed service)

  • added The “Global Overview” provides a cross-domain view of the evidence found

  • changed graph icon

  • fixed Russian market scraper

  • fixed CVE order by CVSS score v3

  • security low vulnerability patch

4.0

released on 2022-10-10

  • added description field to CVE export

  • added Context Data of various data breaches (Exactis Netprospex StockX Start.ru (new Breach) Stripchat Tapa Airport)

  • fixed order column cvss for CVE evidence

3.7

released on 2022-07-13

  • added Continuous monitoring of the evidence published in the Genesis and Russian marketplaces

  • added in the Port and Vulnerability item, evidence is given if the resource resides on IPs directly managed by the organization

  • added Context Data of various data breaches (Disk Union, Coin Pay Ex)

  • added severity field for the ticket in the managed service

  • changed ticket overview in the managed service page

3.6

released on 2022-06-13

  • added Parsing DMARC and SPF with verification of warnings or errors

  • fixed domain evidence in report

3.5

released on 2022-05-19

  • added Correlation of the identified CVEs with the TTPs (Tactics, Techniques, Procedures) used by threat actors

  • added Description of the identified CVEs

  • added focus on CVEs when they concern IPs present within IP blocks directly managed by the customer

  • added Management of related domains item: ability to manually add directly managed domains (black suitcase icon); automatic correlation through WHOIS record analysis of domains residing on networks not directly managed (black suitcase icon); automatic correlation through WHOIS record analysis of domains residing on networks not directly managed (blue suitcase icon)

  • added Context Data of various data breaches (adapt, riaru ,readnovel, mgm)

3.4

released on 2022-03-06

  • added Interactive Network Visualisation (beta)

  • added evidence of the paste value

  • added domains defined as suspicious since they contain the company’s domain

  • added Context Data of various data breaches (500px, animaljam, bb, animoto, annual, bitly, crackingforum, dave, eatstreet, indiamart, xhamster, youku, zomato, adityaBirla, yahoo, abandonia, aimjunkies, autohotkey, bitcointalk, bitshacking, bleachanime, couponmom2014, cfire, cheapassgamer, chinaeko, comicbookresources, crackingitaly, digitalgangster, openraid, combo, neteller)

3.3

released on 2021-11-26

  • added SATAYO now searches for Google and Amazon Buckets as well as Azure Conteiners related to the company domain

  • added “Last modified” column in file evidence

  • added Possibility to mark as verified the emails that are reported within the various data breaches. The date and the user who carried out the verification are associated. In the event of new emails present in the future in the same data breach, a new verification by the organization is required

  • added hashes of files found by SATAYO

  • changed improved file search by SATAYO

  • fixed VirusTotal Evidence

  • security Addition of the CSRF token to all user-interactable forms

3.2

released on 2021-10-19

  • added API (Application Programming Interface): on the export page, accessible from the home page, it is now possible to enable your token to use the API and integrate the evidence collected by SATAYO into other platforms

  • added Subdomain Takeover Checker. This evidence allows an attacker to set up a page on the service that was being used and point their page to that sub-domain

  • added The related domains are now shown only in case of resources of those domains present on IP blocks managed directly by your organization. The reference IP of that particular domain is also indicated

3.1

released on 2021-10-13

  • added MFA (Multi Factor Authentication): now, through the user menu, it is possible to configure the second authentication factor to make access to SATAYO more secure. Currently, the Google Authenticator app can be used as a second authentication factor

  • fixed date format in all the Domain items

3.0

released on 2021-09-24

  • added internal search engine. Through this feature it is possible to search for IP addresses, hostnames, email accounts, CVEs, data breaches in all the evidence discovered by SATAYO for the organization’s domains

  • added continuous, real-time scraping of Pastebin, with verification of evidence relating to the organization, using the configured keywords

  • added the evidence of IP addresses managed directly by the company

  • added SATAYO now searches for similar domains used in phishing campaigns

2.5

released on 2021-08-16

  • added target information for Domain correlated item. Host and IP address is shown

  • added new context data of various data breaches (Badoo, Boxee, Lumin, Cafepress, Evite, Edmodo, BitLy, Pixlr, EyeEm, Liker, Houzz…)

  • added from the Password item it is possible to have evidence of the data breaches within which that password is present

  • added a threat actor has leaked a list of Fortinet VPN login names and passwords that were allegedly scraped from exploitable (see CVE-2018-13379) devices in 2020 summer. SATAYO checks if the IPs of your organization are within this list

  • added a threat actor has leaked a list of Ivanti Pulse Connect Secure potentially vulnerable (see CVE-2021-22893 and CVE-2019-11510). SATAYO checks if the IPs of your organization are within this list

  • changed alignment of information enrichment (registrar, country) relating to the types of domains managed (TLD, similar, related)

  • fixed export Hostnames/IPs

2.4

released on 2021-07-07

  • added new notification for the Open Bug Bounty item

  • added information in the Open Bug Bounty item

  • changed score calculation for Open Bug Bounty item. Now the status and date of release are considered

  • fixed country flag

2.3

released on 2021-03-18

  • added verification of the existence of MX records for domain similar and subsequent verification of the presence of the same in the blacklist

  • added check if the domains (correlated, similar and TLD) are managed by the organization in SATAYO

  • added check the content of robots.txt file. If there are paths in the file related to administrative areas, an alert is displayed

  • added navigation menu on the research and statistics page

  • added in the Phone number item, in the “Source” column, the web resource in which the telephone number has been identified

  • added registrar information for all the Domain items

  • added improvement in hostnames research

  • added new graph with a comparison between the different historical researches

  • added evidence of similar or tld domain that are owned by the organization

  • fixed email validation

  • removed domain similar of organization in CSV files

2.2

released on 2021-03-01

  • added the “Global Executive Summary”, a printable report that aims to provide a quick observation point on issues that require a high degree of priority in mitigation / remediation

  • added the Exposure Assessment Index Value (EAIV), visible both in the web report and in the docx format, which shows the degree of exposure of the 3 macro areas (Infrastructure - Data, Files & People - Deep & Dark Web)

  • added possibility to export data, from home page and in csv / plain text format, of different types (Mail, Domain Similar [last 60 days], Vulnerability High, Hostnames/IPs, SSL problems, Registry, Password)

  • added possibility to change the display order of the accounts present in the data breach. Now they can be sorted based on the date of release of the data breach or the date of discovery by SATAYO

  • added notification for new deployments

  • added possibility to export data, from home page and in csv / plain text format, of different items (Domain Similar ALL, CVE ALL, etc.)

  • added new data breach and context data

  • added check on the correct configuration of the records related to the IP blocks used

  • added descriptive field on the methods used to retrieve evidence in the Hostname item

  • fixed improvement in searching IPs not linked to hostnames

  • fixed field arrangement in SSL/TLS item

2.1

released on 2020-12-28

  • added new item General Social

  • added in the Vulnerability item the presence of exploits for each CVE (when available)

  • added new page that allows you to view the contact channels to receive technical support

  • fixed downloadable report

  • fixed inserted time with years and months

  • fixed more CVE entity

  • fixed network graphs

2.0

released on 2020-12-01

  • added new filter in Breached Accounts item to order databreaches for last update date for the domain or breach date

  • added item’s last evidence

  • added data breach - PDL

  • added link to the malicious scan report for IPs

  • added favorite option in Registry item

  • added mobileapps in report

  • added technologies graph in report

  • added downloadable report in docx format, containing all the evidence found

  • changed the presence of every single email account is checked within about 120 different web services

  • fixed bug in Databreach keywords

  • fixed items date in homepage

1.9

released on 2020-11-03

  • added IPs export in CSV (beta)

  • added Home - Report print button

  • added new page Export

  • added API documentation

  • added visibility of keywords used for collecting records

  • added new page Security News

  • added new item SSL/TLS

  • added data breach - Cit0day

  • added data breach - 2,844 Troy Hunt collection

  • removed IPs export in CSV (beta)

1.8

released on 2020-09-28

  • added LinkedIn email enumeration

1.7

released on 2020-09-11

  • added Ips country

  • added scan creation date in SATAYO homepage

  • added blacklist scan for IP addresses

  • added new item Vulnerability

  • added new item Port

  • added link to Password item in the Mail item

  • changed single mail view in Breached Accounts item

  • fixed country image in all the Domain items

1.6

released on 2020-08-27

  • added keywords in Deep & Dark Web

  • added insert time in Breached Accounts item

  • added insert time in Paste item

  • added Deep & Dark Web - Conti News

  • added Deep & Dark Web - exploit.in

  • added country flag in all the Domain items

  • changed sorting option in Mail item

  • changed sorting option in all the Domain items

  • fixed clear table sort

  • fixed SSL certificate number

  • fixed option to sort users

1.5

released on 2020-08-19

  • added Deep & Dark Web

  • added column permission in partner org page

  • added notification for new Deep & Dark Web items

  • added notification for new IP items in blacklist

  • added notification for new Hostname items in blacklist

  • added Deep & Dark Web - Maze

  • added Deep & Dark Web - Raidforun

  • added Deep & Dark Web - Twitter

  • added Deep & Dark Web - Telegram

  • added Deep & Dark Web - darksearch

  • fixed CSS table

1.4

released on 2020-08-13

  • added partner

  • changed user page

1.3

released on 2020-08-10

  • added option to sort tables

  • added tool: pagine gialle

  • added last update date for items

  • added recover password option

  • fixed Microsoft vulnerabilities

1.2

released on 2020-07-01

  • added changelog

  • added insert time in Mail item

  • added insert time in all the Domain items

  • added ticket

  • changed UI color table

  • fixed item Phone number

  • fixed item Mail