User Guides
Managing Domains and IPs
4 min
primary and secondary assets hexiosec asm uses 'primary' and 'secondary' to describe the relationships back to seed domains and ip addresses since everything on the internet is connected, we need to ensure the results of a hexiosec asm scan are appropriately focussed screenshot showing an example domain on the left, with the graph image showing connections on the right a domain (or ip) will be a 'primary' asset if it is connected back to one of the seed nodes via a valid path a subdomain (or child) of a seed domain will be a 'primary' asset however, the domain of a 3rd party service aliased (dns cname'd) from a primary domain, or a subdomain for a different website found in a certificate would both be 'secondary' assets for example, if an organisation uses microsoft for emails it would have an 'autodiscover' subdomain such as 'autodiscover example com', which has an alias to 'autodiscover outlook com' hexiosec asm would mark these domains as 'autodiscover example com' primary 'autodiscover outlook com' secondary if an asset is 'primary', hexiosec asm has determined that the risks associated with the asset are directly related to the seeds domains and ips if an asset is 'secondary' then hexiosec asm will still include the asset as it is key to understanding deployments and interconnected services, but risks will not be shown against this asset you can choose to add secondary assets as seeds to get hexiosec asm to inspect them further to view the secondary assets, go to the 'secondary assets' page on a scan, which can be found under the 'asset management' section in the sidebar from there, you can add a secondary asset as a seed, or unmark assets that have previously been marked as secondary note, this will depend on user permissions csv file export to enable you to extract information related to 'primary' domains found in a scan, including dns data, risks, asns, cloud hosting and certificates, hexiosec asm provides an export button on the domains page the same functionality is available for the ip addresses page data is exported as a csv (comma separated values) file, which uses , as the cell separator the file includes an initial heading row the exported data will match the data you currently have filtered in the app to export a selection of the domains, e g domains related to a certain asn, simply apply the filter before using the export button for domains, the generated csv file outputs the following columns id "\<domain id>" the domain id domain "\<domain>" the domain name stale "\<yes|no>" if the domain is stale (see report terminology ) name server "\<yes|no>" if the domain is a dns name server seed "\<yes|no>" if the domain is a seed dns destination "\<ip|domain>,\<ip|domain>, " \[0 or more values] either ip addresses for dns a records associated with the domain domains for dns cnames associated with the domain services "\<domain\ port>,\<domain\ port>, " \[0 or more values] services on the domain certificates "\<certificate>,\<certificate>, " \[0 or more values] certificates used by the domain cloud regions "\<cloud region>,\<cloud region>, " \[0 or more values] cloud regions for any associated cloud providers asns "\<asn>,\<asn>, " \[0 or more values] asn (autonomous system number) network names entities "\<entity>|\<entity>, " \[0 or more values] names of entities responsible for the asns critical risks "\<risk count>" count of critical risks associated with the domain high risks "\<risk count>" count of high risks associated with the domain medium risks "\<risk count>" count of medium risks associated with the domain low risks "\<risk count>" count of low risks associated with the domain