Powered by

# Domains

Domain assets include all domain names that are identified as being owned by your organization. They are discovered through a multitude of automated and manual methods, a short list including:

  • Public databases
  • SSL/TLS certificate parsing
  • Subdomain bruteforcing
  • DNS record searching

# Accessing the Domains Page

The Domains page can be accessed from the following locations in ASM:

  • Attack Surface Dashboard -> Live Domains
  • Assets -> Domains
  • Exposures -> Domains

# Filter Domains and View CVEs

  1. Select any criteria in the inner sidebar filter to narrow the Domains table results.

  • If any domain has a CVE (common vulnerabilities and exposures) associated with it, the name and instance count of that CVE vulnerability or exposure display as filter options.
  1. Select any Domains table row to display the Domain details page and view vulnerability history, associated DNS records, IP addresses, certificates, and/or CVEs, and the discovery chain for the IP address.

Here you can:

  • Search and filter the CVEs for the domain
  • Display the CVEs in an explore or table format
  • Export the CVEs in a CSV format
  • View the CVSS and EPSS* scores for the CVE along with the CVE's publish and last modified date
  • Select the linked CVE name to open a browser tab to the NIST website with full details for the CVE

* See EPSS at https://www.first.org/epss.

See the new CVE API endpoints here and CVE information in Ports, IPs, and Vulnerabilities.

# Network Analysis

For domains that point to infrastructure you control, you can enable Network Analysis. This allows Scan Monster to perform in-depth checks against the underlying infrastructure and discover more assets. It's very important not to enable Network Analysis for domains that point to shared hosting providers (e.g. Wordpress), since you do not control the underlying infrastructure. However, network analysis is encouraged on domains pointing to IP addresses your organization owns, or statically allocated cloud IP addresses.

Is the Enable button disabled?

Make sure to click Add to Monitoring for your domain first!

© Copyright 2025. All rights reserved.