![ATX-resized_Prancheta 1-1.png]](https://support.attaxion.com/hs-fs/hubfs/ATX-resized_Prancheta%201-1.png?height=40&name=ATX-resized_Prancheta%201-1.png){kind=small}
To start working with Attaxion, you need to add at least one root asset. Attaxion will then proceed to discovering external assets related to this asset and finding their vulnerabilities.
In this article, we go through the process of adding, verifying, and removing root assets.
What Can Be a Root Asset
A root asset is an external asset that the user manually adds to Attaxion with the goal of discovering related assets.
A root asset can be one of the following things:
- Domain
- IPv4 or IPv6 address
- Organization (available for Enterprise customers only)
- CIDR (available for Enterprise customers only)
- AWS account
- Microsoft Azure account
- Google Cloud Platform account
- Digital Ocean account.
How to Add a Root Asset to Your Attaxion Account and Verify It
Automatic addition of one root asset
After you’ve created an account and verified your email address, Attaxion will automatically add the domain in your email address as a root asset and will prompt you to start scanning it. To agree, press the "Start scanning" button.
Manual root asset addition
If you skipped the prompt for some reason or if you want to add more root assets, you can do so in the “Management” of the menu on the left. Upon clicking on "Management", you end up on the "Root Assets" tab, and there you can click “Add new Root Asset” in the upper right corner.
After that, you’ll need to choose the type of root asset that you want to add. Attaxion will then guide you through the process of adding the asset, which is different for different asset types.
For Domains
Domains do not require verification. After adding the domain, you can start scanning immediately.
For Organization and CIDR Asset Types
These asset types are available as part of enterprise features. Enterprise clients should reach out to the support team to add new organization or CIDR root assets.
For IPv4 or IPv6 addresses
IPv4 and IPv6 addresses can be added and scanned immediately.
For AWS Accounts
Refer here to learn how to connect an AWS account to Attaxion.
For GCP Accounts
Refer here to learn how to connect a GCP account to Attaxion.
For Azure Accounts
Refer here to learn how to connect an Azure account to Attaxion.
For Digital Ocean Accounts
Refer here to learn how to connect a Digital Ocean account to Attaxion.
Approving Root Asset Candidates
Another way to add a new root asset is to approve a root asset candidate and then go through the same verification processes discussed above.
Root asset candidates are adjacent root assets that Attaxion detected while scanning a verified root asset. These may or may not belong to your organization, which is why you still need to approve or decline them.
Enabling Scanning
After adding, the root asset will appear in the list of root assets on the namesake tab. Scanning is usually disabled for newly added root assets, so you’ll need to enable scanning to start discovering related assets and associated vulnerabilities. To do this, first click the asset name in the list.
Then, click on the cog icon next to “Scan Mode” and choose the preferred scan mode. Read more about scan modes.
Active and Inactive Assets
Attaxion has another taxonomy for assets: they are divided between active and inactive.
Active means that during the last 7 days the asset has been seen by the scanner. Inactive means that the asset was active previously, but during the last 7 days the scanner didn't encounter it.