# Attack Surface Monitor

Continuously monitor internet-exposed assets, detect changes in attack surface, and report newly introduced security risks.

## Problem
Exposed services change over time, and unnoticed drift can introduce high-risk entry points.

## Core capabilities
- Discover external assets: domains, ports, endpoints, and certificates.
- Detect newly exposed services and configuration drift.
- Run lightweight vulnerability checks with severity scoring.
- Produce prioritized remediation tasks with owner mapping.

## MVP scope
- Scheduled external scan with baseline comparison.
- Alerts for new open ports and expired certificates.
- Weekly risk report with top findings.

## Success criteria
- Faster visibility into exposure drift.
- Reduced time to remediate high-risk findings.

## Stretch ideas
- Integrate with change management to link exposure to recent deploys.
- Auto-open hardening pull requests for common misconfigurations.