Randori Glossary

An entity that is connected, discoverable, or interactive in such a way that it has a function.

The status of an entity that is associated with an organization. This association occurs either automatically or if the entity is added to the platform manually or with integrations.

A discrete activity that is performed in service of an attack-targeted objective, and can be categorized as either a recon attack action or an attack-targeted action.

An attack action is an intermediate step in a runbook. Attack actions allow the system to provide partial feedback on the progress of a runbook to the user.

A proprietary scoring mechanism that indicates the likelihood that an adversary acts against a target.

Information that an organization knows about an entity on the attack surface.

The user enters the business context in the impact and status fields. The business context influences the priority score.

A trait or property that can be discovered about a target that is not specific to the application or service. Characteristics are used as input for the attackability and subsequent priority of a target.

A piece of metadata that describes where a runbook or attack action is dispatched to.

A method that an attacker can use to find a specific target. Detections include at least an IP address and port number. Other examples of data that a detection includes are a path, a hostname, and related artifacts.

A measurement of a service's susceptibility to weakness. Publicly released and privately held weaknesses and exploits are considered.

The relative importance of an entity in the context of your business. See also business context.

Software or hardware that is installed by the attack-targeted team that subverts the authentic function of a system. An implant can be installed to run commands, set up a VPN, push exploits, or otherwise conduct offensive activities.

A piece of metadata that describes where a runbook or attack action is dispatched from.

The point of view from which entities are observable, and by which they can be grouped.

A workflow that runs a series of actions with the goal of sharing data between Randori and another tool.

An observable component of the Randori attack infrastructure. When connections occur to or from customer infrastructure to the Randori attack infrastructure, they interact with the Randori redirectors.

A set of user-facing attack targeted actions that further an attack objective by either increasing the information that is known about a target or creating a new perspective.

A specific software version that is seen in use on a customer’s attack surface.

A human being, or digital information about a human being, whom attackers can target due to affiliation with a particular organization. Social entities can include employees, contractors, or any individual with access to a company's digital systems.

A location where Randori conducts activities from. These locations include ephemeral nodes, internal agents, and attack-targeted implants.

A discoverable instance of a service.

A score applied to a service that rates how interesting that service is to a potential attacker. Temptation is computed without contextual information such as location, attacker objective, or knowledge of related services.