More options with tags
04 March 2024
Since the use of tags is increasing, it was time for a review. They now appear in more places, most notable phishy urls. The
documentation on how tags work is updated, and here are the most important rules to keep in mind:
- If you tag a domain, all subdomains will inherit that tag
- Subdomains can have tags that do not appear on the pay level domain.
- If you tag a url corresponding certificates, websites and DNS records get it too
- Certificates and websites can have additional tags that are not on the url
- Phishy_domains inherit tags from the original pay level domain
- If you tag a subnet, all hosts in it will inherit the tag
Some of the new reports make heavy use of magic queries (those starting with a $). All magic queries support two extra options
last_seen and
tags
So, to make a custom Software Vulnerabilities Report only for assets with the tag "my_tag" that are seen in the last two weeks, you use the query:
$software_vulnerabilities_report and last_seen>-14d and tags=my_tag
Adding custom DKIM selectors
26 February 2024
As the recently added mailservers report shows, most of your DKIM settings are automatically found by our scanner nodes. Some domains use very specific selectors, and these can only be found in email messages and not through scans online. This will result in warnings about a lack of DKIM.
If this is the case for your organization you can now add your custom selectors under
Settings->General in the GUI. You can find you selector by looking at the email headers of an email send from your domain (Look for a menu option labelled "view headers" or "view message details"). A DKIM header line will look like this:
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
d=shadowtrackr.com; i=@shadowtrackr.com; q=dns/txt;
s=my_selector;
As you might have guessed "my_selector" is the DKIM selector in this example. If you add that to the ShadowTrackr Settings your DKIM selectors will be monitored.
New reports available
19 February 2024
There are two new report templates available in the report library: the Mailservers report and European Cookie Law Report.
The Mailservers report shows the settings (MX records, SPF, DMARC and DKIM) on all your mailservers. The report contains suggestions to improve your security settings and if any server is blacklisted the report will also show it. With big email providers like Microsoft and Google blocking senders with wrong or missing SPF and DMARC settings, it's definitely worth it to stay on top of this. Problems mean your email is no longer received by a large part of the internet.
The European Cookie Law Report shows which of your websites set a cookie before any user interaction has taken place. This might indicate a violation.
The magic report queries (those starting with a $) can now also be amended with the fields
last_seen and
tags. So, to make a report of your mailservers over the last month tagged "acme", you use this query:
$mailservers_report AND last_seen>-1m AND tags=acme