SIFTR External Portal
The SIFTR External Portal is a web application that allows you to interact with content generated by the SIFTR platform. Clients of the SIFTR service can authenticate using the credentials provided to them during their enrollment.
If you do not have credentials for your account, contact SIFTR@sra.io.
Authenticating to the Portal
By navigating to the link above, you are greeted with the following page:
First-Time Account Setup
If this is the first time that you are authenticating to the SIFTR Portal, you will be required to change your password and enroll in multi-factor authentication (MFA) via a mobile phone app such as Google/Microsoft Authenticator.
The password change screen will look like this:
Once you have configured your new password, you will return to the main login where you will enter your new password, this time you will be greeted with the MFA enrollment screen like this:
From here, you will need to use a mobile device and an authenticator app to complete the MFA registration.
Once that has finished, you will return to the main login screen again, where you will be asked for your password once more. This time, you will also be prompted for the MFA code tied to the device you enrolled with your account:
This completes the First-Time Account Setup section, and you should now be able to access the SIFTR Portal and see the findings tied to your organization.
Forgot Password
You can click on the "Forgot your password?" link seen on the main login page of the SIFTR Portal. This will take you to the account recovery page. Provide the email associated with your login, and a temporary password will be sent to you.
Navigating the Dashboard
Once authenticated to the Portal, you should see a Dashboard like the following:
Within the Dashboard, you will notice cards that show summaries of the findings generated by the SIFTR platform. These findings are classified by the SIFTR module that generated them.
Beneath the cards is a table that contains a digest of the most recent findings sorted by date. This elevates new content so that it is instantly visible upon login.
You have several navigation options:
- You can select the sidebar pages or their corresponding cards in the dashboard to be shown all of the findings of that particular type.
- You can select specific results from the table of recent findings to drill down into details about that item.
In this case, let's navigate to the Secrets page so we can view all secrets findings.
SIFTR Secrets Findings
Notice that Secrets Findings have different classifications based on the content. In this case, we see several "Database Credential" Secret Findings along with several "Other" secrets. The "Other" type is a catch-all for those secrets not fitting into one of the more common classifications.
Notice also that in totality, the number of secrets listed here sums to five, whereas the Dashboard reported only four secrets findings. Why the discrepancy? This is because a particular instance of an object containing secrets such as a GitHub repository can contain more than one occurrence of a secret.
However, since it is likely the entire object will be removed instead of itemized secrets being removed, we report there as being only four actions that need to be taken to get rid of the five secrets discovered.
Let's select the top finding and drill into the details of that item.
Detailed Secrets page
The Detailed Secrets page provides you with some additional information about the item including a commentary provided by a human operator who reviewed this content.
There is also a direct link to the secret so that you can review it if desired. By clicking on that link, you will be taken directly to the secret's location on the public Internet:
Next, we can look at the SIFTR Domain monitoring module.
SIFTR Domain Findings
SIFTR Domain Findings correspond to domains that are believed to be potentially malicious or hosting content that may threaten your organization (eg. phishing/credential harvesting).
From the Dashboard, you can select the Domains page to view all of your Domain Findings:
The cards shown above provide different classifications of Domain Findings. Clicking on any of these cards gives you the ability to select domains of just one specific type to review. Additionally, you can select any of the domains from the table to get detailed information about that single Domain Finding.
Detailed Domains page
The following view shows the detailed domain information page after selecting a domain from the Domains page.
SIFTR Breach Findings
The SIFTR Breach module produces CSV files that contain itemized records of users within your organization who were identified in public data breaches.
Each Breach Finding represents a point-in-time snapshot of all users tied to your organization found in any public data breach up to the current date.
Breach Findings must be downloaded as the files often contain several thousand rows. Do this by selecting the "CSV" button within the Breach Findings table:
SIFTR Perimeter Findings
The SIFTR Perimeter module produces a standard Security Risk Advisors "Footprint" document in the XLSX format. This document details your organization's public attack surface as we see it.
These documents are refreshed once per quarter and, like the Breach Findings, must be downloaded to be inspected:
