User Guide

Getting Started

You don’t have SATAYO but are interested in it? Contact us!



Registration

The registration process is quite simple. First your company will be added into SATAYO and then the various scans will begin. Accounts for your users will be created by us and you will receive an email with a link to finalize the registration.

../../../_images/registration.png

Note

We recommend you to set the 2FA from the settings to further protect your account. To do so go to Settings -> User Information. At the moment, 2FA is supported by the Google Authenticator application, which is available for all smartphones.



How does SATAYO work

SATAYO integrates a wide variety of different tools to perform the analysis. Every two months a new exhaustive search is launched and all new findings are compared to the previous results, to show how the situation has changed. Old searches remain available and can be checked in the History section. During the two months some tools are run daily or weekly and continue to update the SATAYO Items. In the settings you can set up an e-mail or telegram notification if you want to be notified of new research or discoveries.

The evidences collected by SATAYO are ordered in multiple Items that can be reviewed. A number called Exposure Assessment Index Value (EAIV) is calculated based on the evidences and highlights the Exposure Assessment of the domain. This value ranges from 0 to 100, where zero means no exposure at all and 100 is the maximum value. The higher the value, the higher the possible attack surface, with more information available online and potentially exploitable by threat actors. Of course, as the company gets bigger, so will the score.

The items are divided into three major categories called INFRASTRUCTURE, DATA FILES & PEOPLE and DEEP & DARK WEB. The Exposure Assessment is evaluated on them. You can download a Global Report containing the data of all monitored domains or a Domain Report for a single domain.

Scan times by type of object

The following table lists the details of how often each scan is performed according to the type of item. All the evidences are described in details in the page SATAYO Items.

ITEM

PERIODICITY

HOSTNAME/IP

60 days

IP BLOCK

60 days

PORTS

60 days

DOMAIN SUSPICIOUS

every day

DOMAIN CORRELATED

60 days

DOMAIN SIMILAR

every day

DOMAIN TLD

60 days

DOMAIN PHISHING

every day

FILE

60 days

VULNERABILITY

every week

PHONE NUMBER

60 days

GENERAL SOCIAL

60 days

MAIL SERVER

60 days

BUCKET

15 days

MOBILE APPS

60 days

EMAIL

every day

SOCIAL & SERVICES

15 days

BREACHED ACCOUNTS

every day

PASSWORD

every day

OPEN BUG BOUNTY

every week

TELEGRAM

every day

TWITTER

every day

DARK WEB FORUMS

every day

DATA LEAK SITES

every day

LOG STEALER MARKET

every day

SANDBOXES

every day

CREDIT CARD

every day



The SATAYO platform

After the login you will face a page similar to this one:

../../../_images/satayoHome.png

Click on the image to enlarge it

  1. All the domains in your organization that have been analyzed by SATAYO. The number depends on how many domains you have.

  2. The name of the analyzed domain. Data is obscured in this picture for privacy reasons.

  3. Information about the number of performed scans.

  4. The options available for each domain. Better explained in the section, Domain Options.

  5. The global options valid for all domains listed in the page. More information in Global Options.

  6. The search bar and the settings. More information in Settings.


Global options

../../../_images/globalOptions.png

The global options. Read below for more details.

1. Report - Global Executive Summary

The button with the printer emoji lets you download a document called “Global Executive Summary”. Inside you will find a summary of the critical issues retrieved by SATAYO for all the domains that are being monitored. Details about the Exposure Assessment Index Value can be found within this document.

A report like this is available for each domain, as shown in the section Domain Report, and contains more detailed information about the analyzed evidences.

2. Global Overview

This button provides a global overview of evidence collected across multiple domains. It is particularly useful in case you want to check, for example, all vulnerabilities in the monitored perimeter without entering each domain individually. The global overview is available for vulnerabilities, markets, sandboxes and domains. Findings related to VIP accounts (breached accounts and exposed passwords) are also shown here.

3. Interactive Network Visualization

This is a visualization that highlights all the relationships between the analyzed domains. You can drag and drop elements, but it is still in beta and we are working on a new version, with which it will be easier to interact.

4. Export

The export section, accessible through the third button, allows you to download in different formats (csv, plain text and json) the collected resources for all domains. If you are interested in downloading evidence for a single domain only, you can access the report section from it, as described in Domain Export.


Domain options

These options visible from the home page are also available once you enter one of the subcategories.

../../../_images/domainOptions.png

The domain options. Read below for more details.

1. Research

This is the page where all the items collected by SATAYO are shown. Complete information about these objects can be found in the page SATAYO Items.

2. Report

From this page you can download the report of the various evidences collected by SATAYO for the selected domain. The scoring of the three main sections of the report is shown and each section can be consulted directly from this page. A summary of the findings with a description of how the score was calculated is also available. The definition of the number was given earlier, in the section Global Report.

3. Export

From this section you can download the data collected for the chosen domain. Several formats are available, such as csv, plaintext or json . You can also generate an API token and send API requests to download the content without having to log in. The token is unique for all users in the company.

4. Historical Researches

From here it is possible to browse previous searches done by SATAYO and take a look at what has been found before. You can also see if the overall situation is getting worse or better as the time passes. Statistic can also be viewed from the appropriate page.

5. Statistic

This section shows the comparison between different searches, so at least two are needed to see a trend in the graphs. You can interact with the charts and click on an element to disable it and get a better view of the rest.

6. Interactive Network Visualization

Similar to the visualization present in the global menu, this time it shows only the relationships between IPs and hostnames of the selected domain.


Tables

Evidences in SATAYO are organized in tables and it’s possible to filter data from any column. More advanced filters such as AND, OR, NOT operators, regular expressions and more are possible. The complete list and some examples are available here.



Tickets

The operation of tickets is explained in the page Managed Service.