Getting started with Detectify and External Attack Surface Management (EASM)

Charlotte Kerridge

Modified on: Tue, 16 Apr, 2024 at 12:23 PM

THIS GUIDE WILL INTRODUCE YOU TO

Importing your assets to get coverage of your whole attack surface
How to start monitoring and scanning
How to work with your findings
Resources to help you along the way

Importing your assets

To map your assets (domains), we recommend using our Connectors feature. This can be found in the main menu on the left-hand side.

Connectors

Connectors are an efficient way to ensure all your digital assets are accounted for, particularly for organization's with larger attack surfaces. They hook up to whatever platform you're using for hosting or DNS management. Connectors also ensure that we can continuously important new domains as soon as they're added.

Instructions for specific Connectors:

'Get Started' flow in tool

If you have a smaller attack surface, adding domains manually is also an option. This can be done from the "empty state - add asset" section or through our in-tool guided onboarding process. When adding assets manually, ensure to include an apex level domain to maintain consistency and accuracy.

Zone file import

For a comprehensive import, you can upload a zone file. This method is ideal for capturing a wide array of domains and subdomains associated with your organization.

Verification of domain ownership

To maintain security and compliance, Detectify requires verification of authorization to run tests on the domains you import. This process is straightforward and can be completed using several methods we provide, ensuring that only authorized users can perform security assessments on your assets.

Monitoring and Scanning

Detectify offers two primary products that work in concert to provide comprehensive coverage of your attack surface:

Surface Monitoring

We recommend beginning with Surface Monitoring, which will start mapping your attack surface under that particular root domain. It will tell you about any changes, misconfigurations and the vulnerabilities that can be found in any of the web applications that are underneath the root.

The 'All Assets' page is where information about your attack surface will populate. This includes all the assets you have, domains, and their state e.g. if something is exposing an open port, DNS record information, and when assets were found. You can also filter information in different ways, such as via IP addresses, Ports and Technologies.

Application Scanning

Application Scanning offers deep scans of your applications to unearth vulnerabilities, with no limit on the number of scans per endpoint. You begin by adding a Scan Profile, which is a domain or an IP that you want to scan more thoroughly. We recommend that you always have recurring scheduled scans so that you don't have to manually trigger a scan. Application Scanning results will start to populate when vulnerabilities are found.

Working with findings

Everything we find, no matter if it's from Surface Monitoring or Application Scanning, will be combined in the 'Vulnerabilities' view.

You can easily triage, sort, and filter what you want to focus on. Findings can also be marked as fixed, excepted risk, false positive, and even forward them to the team that should take action on them.

Integrations

With Integrations, you can connect to your preferred tools and be notified about various things, for example, when a scan is completed, or if a high or critical vulnerability is detected. For customized integrations, our public API can really fine tune how you want to be notified and where.

Further resources

For more detailed information on our connectors, Surface Monitoring, Application Scanning, how to configure them, understanding vulnerabilities and findings, we encourage you to explore our extensive knowledge base.

For the latest updates and changes to our product offerings, visit changes.detectify.com.

Visit our Resources section on Detectify.com for Case Studies, Webinars, eBooks, events, and more.