User Guides

Managing Domains

4min

In scope and out of scope domains

Hexiosec ASM uses 'in scope' and 'out of scope' to control how much of an attack surface to scan. Since everything on the internet is connected, we need to ensure the scope of a Hexiosec ASM scan is appropriately focussed.

Screenshot showing an example domain on the left, with the graph image showing connections on the right.
Domains Graph


'In scope' nodes, be they Domains, IP addresses, Components, etc., are connected back to one of the seed nodes via a valid path. A subdomain (or child) of a seed domain will be in scope. However, the domain of a 3rd-party script used on the seed domain's website will be 'out of scope'.

Simply put, if it is 'in scope', then Hexiosec ASM has determined that the risks associated with the asset are your responsibility. If it is out of scope, then Hexiosec ASM can't be sure it is yours, and you will need to add it as a seed to get Hexiosec ASM to inspect it further.

To view the 'out of scope' nodes, go to the 'Out of Scope' page on a scan, and you can add nodes to scope as seeds. Note, this will depend on permissions.

Screenshot showing an example list of out of scope domains
Out of scope domains


CSV file export

This feature is not available to all license plans, please contact us if you would like to discuss adding this feature to your Hexiosec ASM account.

To enable you to extract information related to in-scope domains found in a scan, including DNS data, risks, ASNs, cloud hosting and certificates, Hexiosec ASM provides an export button on the Domains page.

Data is exported as a CSV (comma separated values) file, which uses , as the cell separator. The file includes an initial heading row.

Document image


The exported data will match the data you currently have filtered in the app. To export a selection of the domains, e.g. domains related to a certain ASN, simply apply the filter before using the export button.

The generated CSV file outputs the following columns:

Text

  • id: "<domain_id>"
    • the domain ID
  • domain: "<domain>"
    • the domain name
  • stale: "<yes|no>"
  • name_server: "<yes|no>"
    • if the domain is a DNS name server
  • seed: "<yes|no>"
    • if the domain is a seed
  • dns_destination: "<ip|domain>,<ip|domain>,..."
    • [0 or more values] either:
      • IP addresses for DNS A records associated with the domain
      • domains for DNS CNAMEs associated with the domain
  • services: "<domain:port>,<domain:port>,..."
    • [0 or more values] services on the domain
  • certificates: "<certificate>,<certificate>,..."
    • [0 or more values] certificates used by the domain
  • cloud_regions: "<cloud_region>,<cloud_region>,..."
    • [0 or more values] cloud regions for any associated cloud providers
  • asns: "<asn>,<asn>,..."
    • [0 or more values] ASN (autonomous system number) network names
  • entities: "<entity>|<entity>,..."
    • [0 or more values] names of entities responsible for the ASNs
  • critical_risks: "<risk_count>"
    • count of critical risks associated with the domain
  • high_risks: "<risk_count>"
    • count of high risks associated with the domain
  • medium_risks: "<risk_count>"
    • count of medium risks associated with the domain
  • low_risks: "<risk_count>"
    • count of low risks associated with the domain