Introduction

The Discovery Platform is designed to help organizations uncover and analyse their external digital footprint. This guide will explain how to log in, start a scan, and evaluate the information in the resulting reports.

Logging In

To begin using the Discovery Tool, log in with your credentials and authenticator app. 

Upon logging in, the Tool will open on the main Dashboard Page, where you can manage your scans and analyse the results. If you haven’t started any scans, this page will be empty except for a prompt to start a scan.

Empty Dashboard View

Starting a Scan

Use the ‘Click to start a scan’ button to open the Scan Module, which shows your project’s working queue. This will be empty, so click the ‘Add item’ button in the top-right corner of the page. 

Add Item Button

In the following pop-up window, you can add a domain, FQDN, URL, or IP address. You can also use the bulk import function to add multiple items at once. 

Next, choose your scan type:

• Static Discovery – Scans the specific item, staying within the same domain.
• Deep Discovery – Explores everything related to your company, giving you a broader view of your digital footprint.

Click the ‘Add’ button to finish and close the window.

 Add Item Window

To start the scan you have just added to the queue, click the Scan Icon in the top-left corner of the screen, then launch the scan from the pop-up.

Scan Icon

Monitoring Scan Progress

Once a scan is running, you can monitor its progress in the Jobs Module. Click on the Jobs Icon in the left-hand navigation pane to open this page.

Jobs Module

Each scan is listed in the Jobs Module’s tabular view, which lists data around status, duration, and (when scans fail) reasons for failure. From this page, you can see when scans have completed and when they have failed or are stuck in a ‘pending’ status.

‘Pending’ scans can be terminated early by clicking on the Scan Icon and selecting ‘abort’.

 Abort Scan

When scans show as ‘Completed’, you can proceed to reviewing the scan items.

Reviewing Scan Items

Return to the Scan Module by clicking the Scan Icon in the left-hand navigation pane. As your scan completes, this page will populate with items. Make sure you are in the Items tab to view them.

Items tab

The items are displayed in a tabular view, with information about the items shown under different column headings.

One of these headings is Trust. Every item is assigned a Trust level from 0–100%; this score indicates how confident the system is that the item belongs to your organization. Any items added manually using the ‘Add item’ button are automatically given a score of 100.

It is important that you review the list of items to check that everything that has been discovered is accurately linked to your organisation. Anything with a Trust level greater than 50 will automatically be included in the findings and reports, and anything with a Trust level below 50 will be excluded. However, you can manually override this by toggling between ‘Use’ and ‘Don’t use’ for each item.

 
Toggle to use/don’t use

After making these changes and manually adding any new items, you can update the scan results by clicking on the main scan icon and selecting ‘Update the current test’ from the drop-down menu.

Updating a scan

Understanding Scan Results

The Dashboard Module aggregates and displays key insights from scans, providing a real-time and historical view of the organisation’s:

• Complete digital footprint
• Overall “cyber hygiene” position
• Risk exposure and attack surface insights.

Access the Dashboard Module by clicking the Dashboard Icon on the left-hand navigation panel.

Dashboard Module

The Dashboard Module’s default view is a Heatmap, which is a visual representation of issues by severity and category. You can hover over or click on each item to see more detailed insights.

Select World Map from the drop-down menu to see a different visual breakdown of issues, this time organised geographically. See details about discovery, hygiene, and attack surface reduction by selecting locations from the breadcrumb menu on the left.

World Map view

Everything that has been discovered by a scan is listed in the final view in the Dashboard Module: the Things view. Select Things in the drop-down menu to open it.

Things view

The Things View is a deep-dive, CMDB-style interface that categorises all discovered “things”, showing them in tabular views which are ideal for asset inventory, triage and tagging. Use the selection bar in the upper-right corner to switch between viewing:

• Applications
• Domains
• IPs
• Certificates
• Cookies, etc

Click on individual “things” to open passport view, and see details about attack surface, visibility, and other related “things”.