Glossary
Key terms used throughout ShadowMap.
| Term | Definition |
|---|---|
| APT | Advanced Persistent Threat — a sophisticated, sustained cyberattack by well-funded threat actors |
| ASA | Attack Surface Area — the total external footprint of an organization |
| BEC | Business Email Compromise — fraud attacks impersonating executives or business partners |
| C2 | Command and Control — infrastructure used by attackers to manage compromised systems |
| CART | Continuous Automated Red-Teaming — ShadowMap's automated red-teaming, alert management, and vulnerability tracking system |
| CISA | Cybersecurity and Infrastructure Security Agency (US) |
| CT Logs | Certificate Transparency Logs — public ledgers of SSL certificates |
| CVE | Common Vulnerabilities and Exposures — standardized vulnerability identifiers |
| CVSS | Common Vulnerability Scoring System — severity rating for vulnerabilities |
| EASM | External Attack Surface Management — the discipline of discovering and monitoring external digital assets |
| IOC | Indicator of Compromise — observable evidence of a security incident |
| KEV | Known Exploited Vulnerabilities — CISA's catalog of actively exploited CVEs |
| MISP | Malware Information Sharing Platform — open-source threat intelligence sharing framework |
| MITRE ATT&CK | A knowledge base of adversary tactics and techniques |
| SLA | Service Level Agreement — defined response time targets for findings |
| Stealer Log | Data harvested by info-stealer malware from infected machines |
| TTP | Tactics, Techniques, and Procedures — methods used by threat actors |
| VRM | Vendor Risk Management — assessment and monitoring of third-party security posture |