Ports and technology
Passive enrichment that keeps an open-ports inventory and a technology fingerprint current for every monitored asset, and gates which validation checks are relevant.
Once an asset is set to Monitor, Aether AI keeps a live picture of two things that matter most to an attacker sizing up a target: what is listening, and what it is running. Port Analysis tracks the open ports, Technology Detection tracks the software and versions behind them. Both are passive, both alert when something changes, and both feed the validation layer so that deeper checks only run where they make sense.
Why it matters
An attacker starts by looking at exactly this. Open ports tell them where they can reach you, and technology and version fingerprints tell them what is likely to be weak. Keeping that inventory current, and noticing the moment it changes, is the difference between spotting a newly exposed service before an adversary does and finding out afterwards.
Passive enrichment gives risk owners and application security a factual, always-current baseline of the surface without touching it aggressively. Nothing here brute forces, changes state, or exfiltrates data. It observes and records, and it tells you when the picture moves.
Port Analysis
Port Analysis maintains an open-ports inventory for each monitored asset. A port sweep records which ports are open, and Aether AI keeps that inventory current so it reflects the asset as it is now, not as it was at discovery.
When the set of open ports changes, whether a new service appears or a previously open port closes, Aether AI raises a change alert. A newly opened port is often the first visible sign of a new deployment, a misconfiguration, or a service that was never meant to face the internet, so surfacing that change quickly is the point.
Technology Detection
Technology Detection produces a technology and version fingerprint per asset: the software stack running on it and, where it can be determined, the versions. Like Port Analysis, it is kept current and it alerts on change.
Version-level detail matters because it is what an attacker maps against known weaknesses. When a fingerprint changes, for example a component is upgraded, replaced, or newly introduced, Aether AI raises a change alert so the shift is visible rather than silent.
For application security
The version fingerprint is not just a report line. It is the input that decides which validation checks are worth running against an asset, so keeping it accurate directly sharpens what the deeper layers look at.
Passive enrichment that feeds validation
Port Analysis and Technology Detection are the Monitor tier's passive enrichment. Beyond keeping the surface current and alerting on change, they gate the validation layer: the open ports and the technology fingerprint decide which checks are relevant for a given asset.
That gating is why enrichment sits underneath validation rather than beside it. When an asset is promoted to Monitor Plus, the Conventional Attack Surface validation uses what enrichment already knows to run only the checks that fit what is actually exposed and running, instead of testing blindly. Downgrading an asset back to Monitor stops that deeper work while keeping the passive enrichment in place.
What you see
For each monitored asset you get a current open-ports inventory and a current technology and version fingerprint, plus change alerts when either moves. Those alerts reach you through the in-app notification bell, the notifications page, and email, so a change on the surface does not depend on someone happening to look.
Related
Conventional Attack Surface
Monitor Plus validation of what a commodity attacker could exploit, gated by what enrichment finds.
Monitoring status and tiers
Discovered, Confirmed, Monitor, Monitor Plus, and Ignored, and how tiers meter cost per asset.
Risk Inbox
One queue of findings across ASM and pentest, filterable by severity, source, and update.