Long-Running Public-Facing Cloud Instance with No Domain and Stale Scan

← All Findings

Vendor: SentinelOne Singularity XDR FIN-473 Weight: Confidence: Not Verified

What It Detects

MITRE ATT&CK Techniques

Comma-separated, e.g. T1078, T1190

Checks read-only

Field	Operator	Value
`Public IP Address`	is not empty
`Cloud Account ID`	is not empty
`First Time Seen`	older than	180 days
`Domain`	is empty
`Last Scanned Time`	older than	30 days

Remediation

Why It Matters

Notes read-only

LDG fields used:

Public IP Address
Cloud Account ID
First Time Seen
Domain
Last Scanned Time

Supporting endpoints:

_web_api_agents_actions_initiate-scan_post