Seeds and IPs

this section explains seeds and ips and includes information on limits applied to them the limits applied to domains/ips for a scan type are covered in the scan limiting section what is a seed? a seed, or multiple seeds, are used to provide the starting point for a scan the example below shows the add seeds dialogue for an own monitoring scan text guidance followed by an add seed box, after which the start scanning button can be used using the seeds defined in the scope, hexiosec asm uses various sources and methods to find related subdomains and ip addresses what can be used as a seed? a seed can be specified as one or more of the following a domain (e g hexiosec com) an ip (e g 8 8 8 8 ) a n ip range (e g 1 0 0 0 1 0 0 255, 1 0 0 0/24 ) when specifying a domain, the simplified form can be used, for example you can use hexiosec com instead of https //www hexiosec com the option to use ip ranges is not included in all plans if you would like to discuss the use of ip ranges, please contact us at support\@hexiosec com seed limits the limit on the number of seeds per scan will vary based on your license plan these limits only apply to the seeds used to create the scan, they do not apply to the number of ips or domains found when the scan is run the owner and admins of an organisation can check the scan limits for their license plan on the usage page , this will show the seed limits for each type of scan when the seeds for a scan are defined or updated, a message under the add seeds box will show the seed allowance that has been used and how many are available the information displayed will depend on the license plan example seed is shown, with the add seed box underneath if more seeds are needed, they will need to be manually split across two or more scans, or please contact support\@hexiosec com to discuss upgrading your account identifying additional seeds an online asset will be defined as being in scope if it is connected back to one of the seeds via a valid path , t his means that if issues are found then they are within the remit of the seed owner to fix rather than belonging to a third party such as amazon or google, for example hexiosec asm achieves good coverage from the starting seeds but after the scan results have been reviewed, you may identify additional seeds that should be included in the scan the out of scope page includes domains that hexiosec asm has found but excluded from the results (see what is out of scope? ), this should be reviewed, as additional domains may be found that can be included in a scan if a subdomain has a minimal online presence or doesn't use a name that appears to be related to the seeds, it may not be found and may need to be manually added as a seed office and vpn ip addresses may also need to be manually added as seeds seeds can be added to an existing scan at the bottom of the overview page single or multiple seeds per scan? each licence plan has a domain/ip limit applied to each scan type the limit is not just the seeds used as the starting point for the scan, it is based on all discovered domains and ips during the scan discovery activity which includes both in and out of scope domains and ips if the scan shows as limited, the seeds will need to be manually split across two or more scans, or your account upgraded to ensure that all subdomains are scanned by hexiosec asm the domains page can be a good starting point for identifying how to split out the scan if the license plan limit has been reached aside from scan limit considerations, it may be appropriate to split out seeds into separate scans if the resulting scan report needs to be shared with multiple stakeholders and confidentiality needs to be maintained on results for subdomains it may also be appropriate to split seeds across multiple scans when the scanned infrastructure is managed by different teams