Guides
πŸ”‘ GET YOUR FREE API KEYπŸ€– AI Assistant
Start typing to search…

Third-Party Risk Assessment

Perform an assessment search to evaluate potential risks.

Third Party Risk Assessment Guide

Endpoint: /search-by-domain/assessment
Required Permissions: search-by-domain

Overview

The Third Party Risk Assessment endpoint helps you evaluate potential security risks associated with a specific domain. It analyzes compromised credentials and provides insights into employee, user, and third-party exposures.

Use Cases

  • Evaluate security risks of potential business partners
  • Assess third-party vendor security posture
  • Monitor supply chain security risks
  • Due diligence for mergers and acquisitions
  • Continuous third-party risk monitoring

Request Format

{
"domain": "tesla.com"
}

Understanding the Response

The response contains three main sections:

1. Employee URLs

Lists URLs associated with compromised employee credentials from the target domain.

{
    "employee_urls": [
        {
            "url": "https://sso.tesla.com/adfs/ls",
            "occurrence": 174
        },
      ...
    ]
}
  • url: The compromised service or application URL
  • occurrence: Number of times this URL appeared in compromises

2. Third Party URLs

Shows URLs where the target domain's employees were compromised while accessing third-party services.

{
    "third_party_urls": [
        {
            "occurrence": 84,
            "url": "https://uptimerobot.com/signup",
            "domain": "uptimerobot.com"
        },
      ...
    ]
}
  • url: The third-party service URL where compromises occurred
  • occurrence: Frequency of compromises
  • domain: The root domain of the third-party service

3. User URLs

Displays URLs where clients of the target domain were compromised.

{
    "user_urls": [
        {
            "url": "https://auth.tesla.com/oauth2/v1/authorize",
            "occurrence": 5794
        },
      ...
    ]
}

Best Practices

  1. Regular Monitoring: Run assessments periodically (e.g., monthly) to track changes in risk exposure
  2. Focus on High-Occurrence URLs: Prioritize investigation of URLs with higher occurrence counts
  3. Third-Party Analysis: Pay special attention to third-party URLs as they represent potential supply chain risks
  4. Pattern Recognition: Look for patterns in compromised URLs to identify vulnerable systems

Risk Assessment Methodology

  1. Employee Risk:

    • High number of employee_urls indicates potential internal security issues
    • Multiple occurrences suggest repeated compromises

  2. Third-Party Risk:

    • Large number of third_party_urls suggests supply chain vulnerabilities
    • High occurrences on critical services require immediate attention

  3. User Impact:

    • user_urls show potential impact on your customers
    • Helps prioritize security measures for customer-facing services

Common Response Scenarios

Low Risk

{
    "employee_urls": [
        
    ],
    "third_party_urls": [
        {
            "url": "common-service.com",
            "occurrence": 1
        }
    ],
    "user_urls": [
        
    ]
}
  • Few or no compromises
  • Low occurrence counts
  • Limited spread across URL types

Medium Risk

{
    "employee_urls": [
        {
            "url": "mail.example.com",
            "occurrence": 10
        }
    ],
    "third_party_urls": [
        {
            "url": "cloud-storage.com",
            "occurrence": 15
        }
    ],
    "user_urls": [
        
    ]
}
  • Moderate number of compromises
  • Multiple affected services
  • Higher occurrence counts

High Risk

{
    "employee_urls": [
        {
            "url": "mail.example.com",
            "occurrence": 50
        },
        {
            "url": "vpn.example.com",
            "occurrence": 30
        }
    ],
    "third_party_urls": [
        {
            "url": "critical-service.com",
            "occurrence": 45
        }
    ],
    "user_urls": [
        {
            "url": "client-portal.example.com",
            "occurrence": 25
        }
    ]
}
  • High number of compromises
  • Multiple critical services affected
  • High occurrence counts
  • Spread across all URL types

Error Handling

  • 400: Check domain format and ensure it's properly specified
  • 403: Verify API key permissions include domain intelligence access
  • 404: Domain might not exist in our database
  • 408: Try reducing request complexity or retry later

Rate Limiting

  • Standard rate limits apply
  • Consider implementing caching for frequently assessed domains
  • Space out batch assessments of multiple domains

Security Considerations

  1. Keep API keys secure and rotate regularly
  2. Store assessment results securely
  3. Limit access to assessment data to authorized personnel
  4. Consider data retention policies for stored results

Integration Tips

  1. Automate regular assessments
  2. Set up alerts for significant changes
  3. Integrate with your risk management system
  4. Document and track remediation efforts

Updated 18 days ago