Seeds and IPs

this section explains seeds and ips and includes information on limits applied to them the limits applied to domains/ips for a scan type are covered in the scan limiting section what is a seed? a seed, or multiple seeds, are used to provide the starting point for a scan the example below shows the add seeds dialogue for an own monitoring scan text guidance followed by an add seed box, after which the start scanning button can be used using the seeds defined in the scope, hexiosec asm uses various sources and methods to find related subdomains and ip addresses what can be used as a seed? a seed can be specified as one or more of the following a domain (e g hexiosec com) an ip (e g 8 8 8 8 ) a n ip range (e g 1 0 0 0 1 0 0 255, 1 0 0 0/24 ) when specifying a domain, the simplified form can be used, for example you can use hexiosec com instead of https //www hexiosec com the option to use ip ranges is not included in all plans if you would like to discuss the use of ip ranges, please contact us at support\@hexiosec com seed limits the limit on the number of seeds per scan will vary based on your license plan these limits apply to the total number of individual domains, ips, and ip ranges used as the scan seeds, they do not apply to the number of ips or domains found when the scan is run each ip, or ip range, counts as one seed; for example, if your seed limit was 100 then you could configure a scan with 30 domains and 70 ips, or , 15 domains, 80 ips, and 5 ip ranges as shown in the example, the number of ips in an ip range doesn't count towards the seed limit, it is the number of ranges that is counted if your plan has ip ranges available, you will also have a corresponding ip range size limit this shows the total number of ips across all ip ranges that can be added to your scan as a seed, either as one large ip range or multiple smaller ip ranges continuing with our example above, if you create a scan with 30 domains 30 ips 2 ip ranges, each with a /22 subnet (each containing 1024 ip addresses) you will have used 62 seeds of your 100 seed limit and consumed 2048 ips of your ip range limit if your ip range limit was 2816, you could still add another ip range with a /23 subnet (512 ip addresses), bringing your total to 2560 ips and 63 seeds still within both limits however, adding another /22 range (1024 ips) would exceed the 2816 ip range size limit and would not be allowed take a look at ip range seeds for more detailed information on using ip ranges the owner and admins of an organisation can check the scan limits for their license plan on the usage page , this will show the seed limits for each type of scan how many seeds have i used? when the seeds for a scan are defined or updated, a message under the add seeds box will show the seed allowance that has been used and how many are available the information displayed will depend on the license plan if more seeds are needed, they will need to be manually split across two or more scans, or please contact support\@hexiosec com to discuss upgrading your account identifying additional seeds an online asset will be defined as being in scope if it is connected back to one of the seeds via a valid path , t his means that if issues are found then they are within the remit of the seed owner to fix rather than belonging to a third party such as amazon or google, for example hexiosec asm achieves good coverage from the starting seeds but after the scan results have been reviewed, you may identify additional seeds that should be included in the scan the out of scope page includes domains that hexiosec asm has found but excluded from the results (see what is out of scope? ), this should be reviewed, as additional domains may be found that can be included in a scan if a subdomain has a minimal online presence or doesn't use a name that appears to be related to the seeds, it may not be found and may need to be manually added as a seed office and vpn ip addresses may also need to be manually added as seeds seeds can be added to an existing scan at the bottom of the overview page single or multiple seeds per scan? each licence plan has a domain/ip limit applied to each scan type the limit is not just the seeds used as the starting point for the scan, it is based on all discovered domains and ips during the scan discovery activity which includes both in and out of scope domains and ips if the scan shows as limited, the seeds will need to be manually split across two or more scans, or your account upgraded to ensure that all subdomains are scanned by hexiosec asm the domains page can be a good starting point for identifying how to split out the scan if the license plan limit has been reached aside from scan limit considerations, it may be appropriate to split out seeds into separate scans if the resulting scan report needs to be shared with multiple stakeholders and confidentiality needs to be maintained on results for subdomains it may also be appropriate to split seeds across multiple scans when the scanned infrastructure is managed by different teams