Attaxion can discover 10 main types of external assets. All of them, except closed ports, contribute to the platform's pricing
As an external attack surface management (EASM) platform, one of Attaxion’s main functions is to discover an organization's external assets and identify their vulnerabilities.
What is an External Asset
An external asset is a component of your organization’s digital infrastructure that is visible to outsiders and potentially exploitable.
In Attaxion, external assets are classified by two main categories: root assets vs other assets, and by asset type.
Root Assets
A root asset is an external asset that the user manually adds to Attaxion with the goal of discovering related assets.
A root asset can be a domain, IPv4 or IPv6 address, an organization, a CIDR, or a cloud account with AWS, Azure, Google Cloud Platform, or Digital Ocean.
To start the process of discovering external assets related to a root asset, the root asset should be verified. Refer to the article about root assets' verification for details of this process.
Root assets are added one by one, but there is no hard limit of root assets that can be added within each account.
Other External Assets
While root assets are added automatically and need to be verified, other external assets are discovered by Attaxion using various reconnaissance techniques and added to the asset list.
These assets do not require verification.
The associated data, such as vulnerabilities and availability, that Attaxion provides for root assets and other external assets is roughly the same.
What Types of External Assets Can Attaxion Discover
Attaxion can discover the following types of assets:
- Domains (only for root assets)
- Subdomains
- IP addresses (both IPv4 and IPv6)
- Ports
- Organizations
- Email addresses
- Clouds
- CIDRs
- SSL certificates
Assets and Pricing
Attaxion’s pricing model is based on the total number of assets in the organization.
All assets contribute to that count equally, no matter whether they are root assets or discovered assets.