What to do if somebody uses Attaxion to scan your assets without proper authorization
Attaxion scans internet-facing assets including domains, IP addresses, and ports to map the attack surfaces of organizations.
Here’s what you need to know if you notice that someone uses Attaxion to scan your organization’s assets and may not have the proper authorization.
It Is Not a Security Concern
During scanning, Attaxion doesn’t collect any personal information, log in or attempt to log in into any services, or gain unauthorized access to systems by any other means.
To populate asset databases, Attaxion uses only publicly and officially available information obtained using a list of benign scanning techniques.
Attaxion doesn’t use payload-based vulnerability scanning, so it cannot inflict any damage.
Proof of Ownership is Required to Add a Root Asset
To ensure Attaxion only scans the assets that it’s supposed to scan, users need to add and verify root assets that belong to their organization.
If a user adds a domain that corresponds to their business email address as a root asset, the domain is verified automatically. If it’s any other asset, the process of verification is more strict.
Without verification, Attaxion will not start scanning. We take all precautions to make sure Attaxion is only used correctly and responsibly.
How to Report Unauthorized Scans
If you notice that your organization’s assets are being scanned by Attaxion without proper authorization, you can report it to us.
To do so, please contact our service desk and provide information about the assets you want Attaxion to avoid scanning.