Ask or search…
Comment on page


The discovery process is all about compiling out a complete inventory of internet facing assets.
We use several methods to identify potential assets (IP address or hostnames) that belong to your organization, and present them to you to easily add those as targets within your account to help you gain full visibility into the risks across your organization's attack surface.

Discovery Types

We use a few different methods to help you discover internet-facing assets.

Domain Discovery

Domain discovery uses a seed domain, like, to identify subdomains (or hostnames) such as Domain discovery also identifies other potential top-level domains, such as
Jump to the full article for more details:

Network Discovery

Network discovery monitors a network to identify IP addresses that alive and exposed to the internet. If your organization controls a dedicated IP space, we can regularly monitor it for changes to ports and alive IP addresses to avoid unnecessary exposures going online. For instance, if you have a network like we can discover alive IP addresses, such as
Jump to the full article for more details:

Connected Asset Discovery

During the website and firewall monitoring scans, we identify reference to other hostnames, such as scripts loading from or other hostnames on shared SSL/TLS certificates.
These are presented, along with other discovered hosts and domains, on Discovery › Add.
If you signed up before June 1, 2021 and haven't yet upgraded to our full attack surface management platform, firewall and website monitoring do not run, so connected assets may not be discovered.

Discovery Process

Discovering your full attack surface starts with entering the information you know, for instance the list of domains your organization has registered or networks that your organization uses.
We then use that information to identify related or connected hostnames or IP addresses and present those to you. You can easily then add those hostnames or IP addresses as targets and apply the necessary scanning services to them.
When new targets are added, our discovery process will incorporate those new targets to further flush out a complete inventory of your organization's external assets.
We can summarize the process as follows:
  1. 1.
    Add domains or networks that you know about to your account
  2. 2.
    Halo Security discovers related IPs and hostnames
  3. 3.
    You decide whether to add those discovered assets as targets for our security monitoring services
  4. 4.
    Halo Security continuously updates the discovered asset inventory based on those new targets and as new assets are found
For more information on managing discovered targets, see:


Discovery is included in all Halo Security subscriptions. You may add as many domains and networks as you own at no additional cost.