You can add various types of root assets to Attaxion in the Management section. The verification process for most of them is different.
To start working with Attaxion, you need to add and verify a root asset. Attaxion will then proceed to discovering external assets related to this asset and finding their vulnerabilities.
In this article, we go through the process of adding, verifying, and removing root assets.
What Can Be a Root Asset
A root asset is an external asset that the user manually adds to Attaxion with the goal of discovering related assets.
A root asset can be one of the following things:
- Domain
- IPv4 or IPv6 address
- Organization
- CIDR
- AWS account
- Microsoft Azure account
- Google Cloud Platform account
- Digital Ocean account.
How to Add a Root Asset to Your Attaxion Account and Verify It
Automatic addition of one root asset
After you’ve created an account and verified your email address, Attaxion would automatically add the domain in your email address as a root asset and will prompt you to start scanning it. To agree, press the "Start scanning" button.
Manual root asset addition
If you skipped the prompt for some reason or if you want to add more root assets, you can select “Management” in the menu on the left. That'll get you to the "Root Assets" tab, and there you can click “Add new Root Asset” in the upper right corner.
After that, you’ll need to choose the type of root asset that you want to add. Attaxion will then guide you through the process of adding the asset, which is different for different asset types.
The asset will appear on the list even before you verify it. But scanning won’t begin until you verify the asset. You can check if the asset is verified by clicking on it and checking if there’s a “Verification Required” warning tag in the upper left corner of the asset window.
For Domains
This is the recommended way of adding new root assets.
First, type in the address of the domain that you want to add.
To verify ownership of the domain, Attaxion will prompt you to add a TXT file to the root directory of the website, or to add a DNS record.
After you’re done with the required steps, you’ll need to return to Attaxion and click the Verify button. Normally it takes a few minutes, but with a DNS record, it sometimes may take up to 48 hours.
For Organization Asset Type
This is a manual process.
First, type in the name of the organization.
Then, you’ll need to contact the service desk at service.desk@attaxion.com to manually verify the organization.
For IPv4 or IPv6 addresses and CIDRs
Just like with organizations, it’s also a manual process.
First, type in the IP address that you want to add.
Then, you’ll need to contact the service desk at service.desk@attaxion.com to manually verify the organization.
For AWS Accounts
Refer here to learn how to connect an AWS account to Attaxion.
For GCP Accounts
Refer here to learn how to connect a GCP account to Attaxion.
For Azure Accounts
Refer here to learn how to connect an Azure account to Attaxion.
For Digital Ocean Accounts
Refer here to learn how to connect a Digital Ocean account to Attaxion.
Active and Inactive Assets
Attaxion has another taxonomy for assets: they are divided between active and inactive.
Active means that during the last 7 days the asset has been seen by the scanner. Inactive means that the asset was active previously, but during the last 7 days the scanner didn't encounter it.