FAQs

Frequently asked questions about AttackLens.

General

What is AttackLens?

AttackLens is a Continuous Exposure Management (CEM) platform for auditing, monitoring, and managing security policies and compliance. It discovers your assets, evaluates them against security policies, identifies vulnerabilities, and maps attack paths through your infrastructure.

Is AttackLens cloud-hosted or on-premises?

AttackLens is deployed 100% on your premises. Your data never leaves your infrastructure. The only cloud-hosted component is the license server for license validation and content updates.

What compliance frameworks does AttackLens support?

AttackLens ships with built-in policies for GDPR, ISO 27001, SOC2, and other frameworks. You can also create custom policies tailored to your requirements.

Discovery

Which cloud providers are supported?

AWS, Azure, and GCP. Each provider has a dedicated adapter with deep resource discovery.

How often does discovery run?

Discovery runs automatically on a configurable schedule. You can also trigger manual discovery at any time from the adapter detail page.

What about on-premises resources?

Deploy sensors on your on-premises machines. Sensors collect installed packages, running services, and security configurations locally.

Attack Graph

What is the attack graph?

The attack graph is a visual representation of how an attacker could move laterally through your environment, showing all possible paths from entry points to critical assets.

How are attack paths calculated?

Attack paths are calculated using graph analysis algorithms that consider network connectivity, identity relationships, vulnerability severity, and trust relationships between resources.

What are toxic combinations?

Toxic combinations are clusters of individually low-risk findings that together create a critical security risk. For example, an internet-facing VM with an unpatched CVE that has access to a sensitive database.

Sensors

What operating systems do sensors support?

Windows, Linux, and macOS, supporting both amd64 and arm64 architectures.

Do sensors auto-update?

Yes. When a new sensor version is available, sensors automatically download and apply the update during idle periods.

How much network bandwidth do sensors use?

Sensors are lightweight and send only inventory and configuration data. Typical bandwidth usage is minimal.

Security

How is data stored?

AttackLens uses MongoDB for primary data storage, PostgreSQL for vulnerability data, and MinIO for evidence files. All data remains within your deployment.

Is data encrypted?

HTTPS is required for all communications. Data at rest encryption depends on your infrastructure configuration.

What authentication methods are supported?

Username/password with complexity requirements, and SAML 2.0 SSO for enterprise identity providers.