THIS GUIDE WILL INTRODUCE YOU TO
- Importing your assets to get coverage of your whole attack surface
- How to start monitoring and scanning
- How to work with your findings
- Resources to help you along the way
Before you start
Allowing traffic from Detectify
Since Detectify’s products are payload-based, please ensure that you allow-list the below IPs in your hosting providers, WAFs and other security tooling:
52.17.9.21
52.17.98.131.
For regional differences, filter API requests, and additional information and frequently asked questions, see: https://support.detectify.com/support/solutions/articles/48001049001-how-do-i-allow-detectify-to-scan-my-assets-.
Surface Monitoring as an inventory of your domains
A good place to start if from the Surface Monitoring page. While Surface Monitoring is also one of our discovery and assessment engines, once you are up and running it will also serve as a directory of the domains that you own.
Importing your assets
To map your assets (domains), we recommend using our Connectors feature. This can be found in the main menu on the left-hand side.
Connectors
Connectors are an efficient way to ensure all your digital assets are accounted for, particularly for organization's with larger attack surfaces. They hook up to whatever platform you're using for hosting or DNS management. Connectors also ensure that we can continuously important new domains as soon as they're added.
Instructions for specific Connectors:
- Connector for AWS Route53
- Connector for Azure
- Connector for Google Cloud DNS
- Connector for Cloudflare
- Connector for Alibaba Cloud
- Connector for DigitalOcean
- Connector for GoDaddy
- Connector for NS1
'Get Started' flow in tool
If you have a smaller attack surface, adding domains manually is also an option. This can be done from the "empty state - add asset" section or through our in-tool guided onboarding process. When adding assets manually, ensure to include an apex level domain to maintain consistency and accuracy.
Zone file import
For a comprehensive import, you can upload a zone file. This method is ideal for capturing a wide array of domains and subdomains associated with your organization.
Verification of domain ownership
To maintain security and compliance, Detectify requires verification of authorization to run tests on the domains you import. This process is straightforward and can be completed using several methods we provide, ensuring that only authorized users can perform security assessments on your assets. If you have a large attack surface, reach out to our support team for quick assistance.
Detectify discovery
Regardless of the method you choose to import your known assets, Detectify will always run it's own complementary, continous discovery to identify associated assets along with new assets that may appear across your attack surface.;
Monitoring and Scanning
Detectify offers two primary products that work in concert to provide comprehensive coverage of your attack surface:
Surface Monitoring
We recommend beginning with Surface Monitoring, which will start mapping your attack surface under that particular root domain, including all its underlying subdomain, and collecting data about it. Aside from its continuous discovery capabilities it also runs stateless vulnerability assessment on the DNS level. It checks for thousands of vulnerabilities including a wide variety of subdomain takeovers and will notify you of any changes, misconfigurations and vulnerabilities found in any of the assets underneath the root.
The insights about your attack surface will be populated on the 'Domains' page. This includes all the assets you have, domains, and their state e.g. if something is exposing an open port, DNS record information, and when assets were found. You can also filter information in different ways, such as via IP addresses, Ports and Technologies which are found as individual views under the Attack Surface section.
From the Domains page you can also set customized rules, what we call Custom Policies, based on specific data points, such as ports, technologies, countries, vendors and more. This allows you to enforce your internal security policies and monitor them for breaches.
Vulnerabilities found from Surface Monitoring can be viewed and interacted with from the "Open Vulnerabilities" tab.
Read more about all the Surface Monitoring features here.
Asset Classification and Scan Recommendations
Surface Monitoring will categorize assets across your attack surface based on their characteristics and label them accordingly. It will highlight web apps of different complexities as well as APIs and will disclose information about their behaviours such as whether they redirect or throw http errors. Once a web app is identified, it will analyze it in terms complexity to determine whether it warrants deeper testing. Mimicking hacker reconnaissance it looks at attributes such as technologies, headers, interaction points and more to assess target attractiveness to malicious actors. This will then prompt scan recommendations for targets which may require DAST through comprehensive crawling and fuzzing. Scan recommendations are found on the Application Scanning Page.
Application Scanning
Application Scanning offers deep DAST scans of your web applications to unearth vulnerabilities and, just like Surface Monitoring, using payload -based testing for accuracy and reliable results. It run thousands of tests for vulnerabilities, both known CVEs, non-CVEs and novel new vulnerabilities and 0-days. There is no limit on the number of scans you can run per endpoint. You begin by adding a Scan Profile, which is a domain or an IP that you want to scan more thoroughly. We recommend that you always have recurring scheduled scans so that you don't have to manually trigger a scan. You can configure your scan to dictate how the scanner should behave, set up authenticated scanning and crawling and much more from Scan Settings in the "Actions" menu Application Scanning results will start to populate when vulnerabilities are found.
Read more about all the Application Scanning features here.
Working with findings and vulnerabilities
Everything we find, no matter if it's from Surface Monitoring or Application Scanning, will be combined in the 'Vulnerabilities' view.
You can easily triage, sort, and filter what you want to focus on based on category, severity, score, and more. Findings can also be marked as fixed, accepted risk, false positive, and even forward them to the team that should take action on them.
Integrations
With Integrations, you can connect to your preferred tools and be notified about various things, for example, when a scan is completed, or if a high or critical vulnerability is detected. For customized integrations, our public API can really fine tune how you want to be notified and where.
Further resources
For more detailed information on our connectors, Surface Monitoring, Application Scanning, how to configure them, understanding vulnerabilities and findings, we encourage you to explore our extensive knowledge base.
For the latest updates and changes to our product offerings, visit changes.detectify.com.
Visit our Resources section on Detectify.com for Case Studies, Webinars, eBooks, events, and more.