# Getting Started Guide

It's easy to get started with Halo Security. Initial onboarding can be completed in as little as a few hours. In this guide, we'll dive into our recommended steps for getting started.

{% hint style="info" %}
**Let us help!** Our security engineers are always happy to configure your account for you. Just [schedule a security review](https://app.halosecurity.com/user/security/review/schedule).
{% endhint %}

***

## Preparation

Here's what you'll want to have before you begin:

* A Halo Security account
  * If you don't have one already, reach out to [request a free trial](https://www.halosecurity.com/landing/attack-surface-management-trial)
* A few pieces of information about your organization:
  * A list of domains you own: We recommend downloading these from your domain registrar or using our
  * A list of your static network ranges
  * Admin access to any you want to use (like AWS, Azure, or Google Cloud Platform)

{% hint style="info" %}
While we can work with as little as **your primary domain name**, more information can help ensure more comprehensive discovery.
{% endhint %}

***

## Understanding the Process

To get a complete picture of the attack surface of an organization, you'll start by adding **seeds** to your account. These can include known domains, network ranges, to cloud providers, and more. From these seeds, the platform automatically discovers assets that belong to your organization.

You can review these discovered assets and add them as **targets.** As targets are scanned, additional connected assets are discovered. Based on these targets, the platform also suggests other potential seeds to add.

Scanning the targets also identifies issues, technologies, ports, services, and other web elements to help you improve the security posture of your attack surface.

<figure><img src="/files/E81kxQ2aTmvK7spduSQI" alt=""><figcaption></figcaption></figure>

***

## Checklist

You can use this checklist to complete your initial setup.

* [ ] [Add Seeds ](#add-seeds)\*
  * [ ] [Domains](#domains)
  * [ ] [Networks](#networks)
  * [ ] [Searches](#searches)
* [ ] [Identify Icons](#identify-icons)
* [ ] [Add or Acknowledge Discovered Assets](#add-or-acknowledge-discovered-assets)
* [ ] [Review Suggested Seeds](#review-suggested-seeds)
* [ ] [Set Up Organizations](#set-up-organizations)
* [ ] [Set Up Auto Tags](#set-up-auto-tags)
* [ ] [Add Additional Users](#add-additional-users)
* [ ] [Review Findings](#review-findings)
* [ ] [Complete Security Review Checklist](#complete-the-security-review-checklist)
* [ ] [Schedule Human Security Review](#schedule-a-human-security-review)

***

## Add Seeds

Seeds are the things you know about your organization. We'll use these to discover your external assets. While we can work with as little as your domain name, adding more seeds will generally improve the comprehensiveness of the discovery.

The [Seeds](https://app.halosecurity.com/user/settings/seeds/) section allows you to input all of your seeds.

### Integrations

[Add integrations](https://app.halosecurity.com/user/settings/integrations/add) to automatically pull in data from your DNS and cloud hosting providers. These API connections allow Halo Security read-only access to pull in asset information from the following providers:

* [Amazon Web Services (AWS)](/docs/integrations/discovery-integrations/aws.md)
* [Google Cloud Platform (GCP)](/docs/integrations/discovery-integrations/gcp.md)
* [Microsoft Azure](/docs/integrations/discovery-integrations/azure.md)
* [Cloudflare](/docs/integrations/discovery-integrations/cloudflare.md)
* [GoDaddy](/docs/integrations/discovery-integrations/godaddy.md)

We also support an HTTP integration that accesses data from a specified URL.

### Domains

[Add domains](https://app.halosecurity.com/user/settings/seeds/domains/add) that your organization has registered. We recommend downloading a list from your registrar, or manually entering the ones you know about.

### Networks

If your organization uses static network ranges or netblocks, [add those](https://app.halosecurity.com/user/settings/seeds/networks/add) in as well. We'll scan those to identify any internet-accessible ports and IP addresses.

### Searches

Searches allow you to find unknown assets using information about your organization. There are 5 search types. We'll walk through some recommended searches.

{% hint style="info" %}
For the following recommendations, we'll use a fictional business called `Rincon Bags`.
{% endhint %}

#### Domain Registry Search

[Add a Domain Registry search](https://app.halosecurity.com/user/settings/seeds/search/add?type=2) to find registered domains that may belong to your organization.

> **Query**: `rinconbags`\
> **Match**: `contains`
>
> *This will find any domains that contain rinconbags, like `myrinconbags.com`.*

> **Query**: `rinconbags`\
> **Match**: `Levenshtein`\
> **Max Levenshtein Score:** `3`
>
> *Levenstein is a similarity algorithm which works best for more unique brand names. With this we can identify a domain like `riinc0nbags.com`.*

#### Web Search

[Add a Web search](https://app.halosecurity.com/user/settings/seeds/search/add?type=1) to find websites that contain words and phrases associated with your organization.

> **Query**: `© Rincon Bags, Inc`\
> **Site**: `(leave empty)`
>
> *This will find websites that use the specified phrase.*

#### Whois Search

[Add a Whois search](https://app.halosecurity.com/user/settings/seeds/search/add?type=3) to find domains registered with your organization's contact information.

> **Query:** `@rinconbags.com`
>
> *This finds domains registered with corporate email addresses.*

> **Query:** `Rincon Bags, Inc`
>
> *This finds domains registered with your organization's name.*

> **Query:** `1 (800) 940-2375`
>
> *This finds domains registered with your corporate phone number.*

#### Business Search

[Add a Business search](https://app.halosecurity.com/user/settings/seeds/search/add?type=5) to find subsidiaries, parent companies, and acquisitions.

> **Business:** `Rincon Bags, Inc.`
>
> *This will find other websites using the corporate logo.*

{% hint style="success" %}
[**☕**](https://emojipedia.org/hot-beverage) **Time for a break.** Once you've added your initial seeds, you'll want to give the scanners a bit of time to complete their initial discovery.
{% endhint %}

***

## Identify Icons

Once your initial discovery scans are complete, you'll start to see assets populate in the [Assets](https://app.halosecurity.com/user/security/discovery/) section. Before diving into those, it can be helpful to identify the icons (or favicons) associated with your organization.

Jump over to the [Manage Icons](https://app.halosecurity.com/user/settings/icons/manage) section. Here you'll see all of the icons associated with the discovered assets.

Click the icons that belong to your organization once to highlight them in green. Click unfamiliar icons twice to highlight them in red.

When you click **Save**, icons highlighted in green will be added as "My Icons" while red icons will be acknowledged. You'll now be able to filter assets that have the icons you've associated with your brand.

***

## Add or acknowledge discovered assets

It's time to review the discovered assets and start adding them to your inventory for additional scanning.

On the [Assets Overview](https://app.halosecurity.com/user/security/discovery/), you'll see a summary of your discovered assets and your progress in evaluating them. Green bars represent the assets that have been added as targets. Yellow indicates assets that are restricted from scanning. Grey indicates assets that you've acknowledged and don't view as part of your inventory. Black indicates assets that haven't yet been evaluated. We call this the shadow bar.

We recommend approaching asset evaluation in the following order.

### 1. Add all [discovered hosts](https://app.halosecurity.com/user/security/discovery/list?type=1)

Discovered hosts are all subdomains of your organization's domains. Use the pencil icon to bulk-select all of the assets here, then select **Add Target**.

### 2. Add all [discovered IPs](https://app.halosecurity.com/user/security/discovery/list?type=2)

These IPs are either part of your network ranges or attached to assets you own. We recommend adding all of these as targets.

{% hint style="success" %}
[☕](https://emojipedia.org/hot-beverage) **Time for a break.** We recommend waiting for initial scans to complete on these assets to help find more connected assets before moving on.
{% endhint %}

### 3. Review [connected domains](https://app.halosecurity.com/user/security/discovery/list?type=4)

Connected domains are domains we've found through our various discovery techniques that seem to be connected to your organization. Easily sort them using the Connected Score to see how connected they are to your seeds and targets.

Add any domains that belong to you as domain seeds. Once the discovery process runs against those seeds, you'll be able to add each of the subdomains from the discovered hosts section. Acknowledge the rest.

### 4. Review [connected hosts](https://app.halosecurity.com/user/security/discovery/list?type=3)

Connected hosts are the hostnames we've found that aren't subdomains of any domains in your account. This can be useful for identifying and adding subdomains of cloud providers and vendors where you only control the subdomain and not the full domain space.

Add the ones that belong to you as targets. Acknowledge the rest.

{% hint style="info" %}
**Tip:** You can easily filter by the assets that use one of your icons within the filter panel by selecting **Icons: My Icons.**
{% endhint %}

Once you've added any new targets or domain seeds, allow the scanners to run, and then check back to look at any [newly discovered assets](https://app.halosecurity.com/user/security/discovery/). This recursive process helps ensure more comprehensive coverage of your attack surface.

***

## Review Suggested Seeds

As we scan your assets and targets, the platform learns more about your organization and suggests potential seeds that may help identify more unknown assets. Review those by visiting the [Seeds Suggestions](https://app.halosecurity.com/user/settings/seeds/suggest). Add any that make sense to you and dismiss the rest.

***

## Set Up Organizations

Now that you've built an inventory of your external assets, you can start organizing your assets to understand who is responsible for them and how they relate to your organization.

Visit the [Organizations overview](https://app.halosecurity.com/user/security/orgs/) to begin building out your organizational structure. Click the + icon in the top right to add a new organization.

Organizations are very flexible and can be used in different ways to match the way you think about your organization. A common approach is to set the **Top** as your organization's name, then add subsidiaries beneath it, and then add business units beneath those subsidiaries.

Experiment a bit to find the right balance for your organization. You can set target domains for each unit within the organizational structure to automatically include all targets from those selected domains. You can also use tags and auto tags to group targets within the organizational unit.

***

## Set Up Auto Tags

Auto tags allow you to automatically group targets by nearly any data point that we collect. To get started, go to *Settings* → [Automations](https://app.halosecurity.com/user/settings/automations/) and click the plus to add a new automation.

Name your auto tag and select the tag that will be applied to the targets that match the rules you'll enter. You can require **all** the rules to match or tag all targets that match **any** of the rules you set.

Next, add the rules and easily see how many targets the rule set matches.

### Examples

#### Tag all targets that are located outside of the USA:

> **Type**: `Country`
>
> **Match**: `No`
>
> **Value**: `USA`

#### Tag all targets using AWS CloudFront:

> **Type**: `Technology`
>
> **Match**: `Yes`
>
> **Value**: `AWS CloudFront`

{% hint style="info" %}
**Tip**: Use the auto tags you've created to automatically group the targets within your [Organization](#set-up-organizations).
{% endhint %}

***

## Add additional users

Head over to *Account* → [Users](https://app.halosecurity.com/user/account/users) to add your colleagues and teammates. '

{% hint style="info" %}
Use the auto tags you created to [limit each user's access](/docs/account/users/roles-and-permissions.md) to a specific subset of targets.
{% endhint %}

***

## Review findings

With your account set up, it's time to take a look at what's been found. While this guide is not intended to walk through the full breadth of security information we find, here are a few places to start:

* [Issues](https://app.halosecurity.com/user/security/issues/): The issues section lists all of your most critical vulnerabilities and misconfigurations, and is your central hub for remediation. You can easily view and assign issues to the relevant users, and use workflows to track your remediation progress.
* [Open Ports](https://app.halosecurity.com/user/security/firewall/ports/): Minimizing your internet footprint can make it easier to defend. Check out what ports are open and ensure you're not accidentally exposing ports and services that shouldn't be on the internet.
* [Technology](https://app.halosecurity.com/user/security/techs/): See what third-party technology is being used. People often find vendors they thought were off-boarded, or technologies with many different versions. A banner will appear if any technology is detected that has known exploited vulnerabilities. You can also see and address any technology versions that are associated with known CVEs.
* [DNS Records](https://app.halosecurity.com/user/security/dns/records/): Review DNS records to ensure you're not accidentally pointing your domains anywhere you don't intend to.
* [Script Secrets](https://app.halosecurity.com/user/security/website/script/secrets): Review any possible secrets or API keys that might accidentally be exposed within your JavaScript files.
* [Web Server Redirect Locations](https://app.halosecurity.com/user/security/firewall/http/list?s=0\&sb=1\&sd=0\&scope=2\&redirect=1\&nocss=0\&nowebsite=0): Make sure you don't have servers redirecting places you don't expect.
* [HTTP codes](https://app.halosecurity.com/user/security/firewall/http/): Look for unexpected response codes that may indicate a potential issue.

***

## Complete the Security Review Checklist

The [Security Review checklist](https://app.halosecurity.com/user/security/review/) is designed to be completed quarterly to help ensure your attack surface management program remains as strong as possible. It provides a checklist of best practices to ensure things don't fall through the cracks and your Halo Security settings are optimized. With these recommendations, you can efficiently assess discovery seeds, security risks, and account settings.

***

## Schedule a human security review

Once you've configured your account, it's a great time to meet with one of our external security experts. [Schedule a time](https://app.halosecurity.com/user/security/review/schedule) to review your account and findings, and get help strategizing and prioritizing your security efforts.\\


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.halosecurity.com/docs/platform/getting-started-guide.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.