FAQs
      Back to home
      1. Knowledge Base
      2. FAQs

      Why Are Some of the Assets Marked as Non-Scannable?

      On the Assets catalog, you might see some “grayed out” assets. This means that these assets are not scanned for vulnerabilities.

      Some of the assets that Attaxion discovers, such as CDNs or third-party mail servers, for example, are directly associated with an organization’s infrastructure, but are not, in fact, owned by the organization. 

      Attaxion does not scan such assets for vulnerabilities, but it’s still important to know that they exist. That’s why, in the platform’s interface, they are grayed out – marked as non-scannable, but still visible.

      Below, we explain which kinds of assets are considered non-scannable and what you can do with them.

      Attaxion marks some assets as non-scannable. They are grayed-out in the list

      Click on the grayed-out asset to open the “Asset details” view. Here, you will see that they are labeled as “non-scannable.” Please note that these assets are not included in the billable asset count. 

      Grayed-out assets are tagged as non-scannable in the "Asset details" view

      What Makes an Asset Non-Scannable?

      Attaxion considers assets to be non-scannable when they belong to one of the following groups:

      1. Third-party service domains: Domain names that link an organization's infrastructure to external, shared public services (e.g., DNS, mail, CDNs, marketing platforms). These assets are not owned by the organization, thus are not the primary targets for vulnerability scanning but still matter when mapping an organization's digital footprint.
      2. Public cloud infrastructure endpoints: IP addresses or domain names residing within public cloud environments that were not determined to belong to the organization, but connect parts of its infrastructure. These assets are significant for understanding inter-service connections within the cloud, but their ownership may be ambiguous due to shared resources.
      3. Public cloud DNS zone record: Domain names identified as name servers (NS) or mail exchange (MX) servers within a public cloud DNS zone.
      4. SSL certificate-associated assets: IP addresses found in the SSL certificate alternative names or discovered during the SSL certificate lookup process. These assets are part of a shared infrastructure, so they are not included in vulnerability scans, but they help illustrate how SSL certificates are discovered.

      Grayed-out assets on the Attaxion graph

      What Can You Do with Non-Scannable Assets?

      On the “Asset Details” view, you can view the non-scannable asset’s discovery path and graph. Since Attaxion keeps rediscovering all of your assets, you will see all the dates when the asset was detected on the Events tab.

      Events displayed for a non-scannable domain


      Click on the “Actions” menu at the upper-right corner of the window to update the non-scannable asset’s tags or add a comment. You can also set it as a false positive to remove it from your asset catalog.