# Discovery The discovery process is all about compiling a complete inventory of internet-facing assets. We use several methods to identify potential assets (IP addresses or hostnames) that belong to your organization and present them to you to easily add those as [targets](/docs/platform/targets.md) within your account to help you gain full visibility into the risks across your organization's attack surface. ## Discovery Types We use a few different methods to help you discover internet-facing assets. ### Domain Discovery Domain discovery uses a *seed domain*, like `example.com`, to identify subdomains (or hostnames) such as `sub.example.com`. Domain discovery also identifies other potential top-level domains, such as `example.net`. Jump to the full article for more details: {% content-ref url="/pages/JgpKL7zQHjfqIA0HgCBQ" %} [Domain Discovery](/docs/platform/discovery/domain-discovery.md) {% endcontent-ref %} ### Network Discovery Network discovery monitors a network to identify IP addresses that are alive and exposed to the internet. If your organization controls a dedicated IP space, we can regularly monitor it for changes to ports and alive IP addresses to avoid unnecessary exposures going online. For instance, if you have a network like `74.62.62.128/26` we can discover alive IP addresses, such as `74.62.62.129`. Jump to the full article for more details: {% content-ref url="/pages/cvx78jT5dNDiS0FReMUm" %} [Network Discovery](/docs/platform/discovery/network-discovery.md) {% endcontent-ref %} ### Connected Asset Discovery During the website and firewall monitoring scans, we identify references to other hostnames, such as scripts loading from `example-static.com` or other hostnames on shared SSL/TLS certificates. ## Discovery Process Discovering your full attack surface starts with entering the information you know, for instance, the list of domains your organization has registered or networks that your organization uses. We then use that information to identify related or connected hostnames or IP addresses and present those to you. You can easily then add those hostnames or IP addresses as [targets](/docs/platform/targets.md). When new targets are added, our discovery process will incorporate those new targets to further flush out a complete inventory of your organization's external assets. We can summarize the process as follows: 1. Add domains or networks that you *know about* to your account 2. Halo Security discovers related IPs and hostnames 3. You decide whether to add those discovered assets as targets for our security monitoring services 4. Halo Security continuously updates the discovered asset inventory based on those new targets and as new assets are found For more information on managing discovered targets, see: {% content-ref url="/pages/Q022rjM9kNczQhfJlExb" %} [Discovered Assets](/docs/platform/discovery/discovered-assets.md) {% endcontent-ref %} ## Plans Discovery is included in all Halo Security subscriptions. You may add as many domains and networks as you own at no additional cost. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.halosecurity.com/docs/platform/discovery.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.