Getting Started Guide

Best practices for getting up and running with Halo Security.

It's easy to get started with Halo Security. Initial onboarding can be completed in as little as a few hours. In this guide, we'll dive into our recommended steps for getting started.

Let us help! Our security engineers are always happy to configure your account for you. Just .

Preparation

Here's what you'll want to have before you begin:

A Halo Security account
- If you don't have one already, reach out to
A few pieces of information about your organization:
- A list of domains you own: We recommend downloading these from your domain registrar or using our
- A list of your static network ranges
- Admin access to any you want to use (like AWS, Azure, or Google Cloud Platform)

While we can work with as little as your primary domain name, more information can help ensure more comprehensive discovery.

Understanding the Process

To get a complete picture of the attack surface of an organization, you'll start by adding seeds to your account. These can include known domains, network ranges, to cloud providers, and more. From these seeds, the platform automatically discovers assets that belong to your organization.

You can review these discovered assets and add them as targets. As targets are scanned, additional connected assets are discovered. Based on these targets, the platform also suggests other potential seeds to add.

Scanning the targets also identifies issues, technologies, ports, services, and other web elements to help you improve the security posture of your attack surface.

Checklist

You can use this checklist to complete your initial setup.

Add Seeds

Seeds are the things you know about your organization. We'll use these to discover your external assets. While we can work with as little as your domain name, adding more seeds will generally improve the comprehensiveness of the discovery.

Integrations

We also support an HTTP integration that accesses data from a specified URL.

Domains

Networks

Searches

Searches allow you to find unknown assets using information about your organization. There are 5 search types. We'll walk through some recommended searches.

For the following recommendations, we'll use a fictional business called Rincon Bags.

Domain Registry Search

Query: rinconbags Match: contains
This will find any domains that contain rinconbags, like myrinconbags.com.

Query: rinconbags Match: Levenshtein Max Levenshtein Score: 3
Levenstein is a similarity algorithm which works best for more unique brand names. With this we can identify a domain like riinc0nbags.com.

Web Search

Query: © Rincon Bags, Inc Site: (leave empty)
This will find websites that use the specified phrase.

Whois Search

Query: @rinconbags.com
This finds domains registered with corporate email addresses.

Query: Rincon Bags, Inc
This finds domains registered with your organization's name.

Query: 1 (800) 940-2375
This finds domains registered with your corporate phone number.

Image Search

Name: Rincon Bags Logo Image URL: https://www.rinconbags.com/static/img/logo.png
This will find other websites using the corporate logo.

Business Search

Business: Rincon Bags, Inc.
This will find other websites using the corporate logo.

Identify Icons

Click the icons that belong to your organization once to highlight them in green. Click unfamiliar icons twice to highlight them in red.

When you click Save, icons highlighted in green will be added as "My Icons" while red icons will be acknowledged. You'll now be able to filter assets that have the icons you've associated with your brand.

Add or acknowledge discovered assets

It's time to review the discovered assets and start adding them to your inventory for additional scanning.

We recommend approaching asset evaluation in the following order.

Discovered hosts are all subdomains of your organization's domains. Use the pencil icon to bulk-select all of the assets here, then select Add Target.

These IPs are either part of your network ranges or attached to assets you own. We recommend adding all of these as targets.

Connected domains are domains we've found through our various discovery techniques that seem to be connected to your organization. Easily sort them using the Connected Score to see how connected they are to your seeds and targets.

Add any domains that belong to you as domain seeds. Once the discovery process runs against those seeds, you'll be able to add each of the subdomains from the discovered hosts section. Acknowledge the rest.

Connected hosts are the hostnames we've found that aren't subdomains of any domains in your account. This can be useful for identifying and adding subdomains of cloud providers and vendors where you only control the subdomain and not the full domain space.

Add the ones that belong to you as targets. Acknowledge the rest.

Tip: You can easily filter by the assets that use one of your icons within the filter panel by selecting Icons: My Icons.

Review Suggested Seeds

Set Up Organizations

Now that you've built an inventory of your external assets, you can start organizing your assets to understand who is responsible for them and how they relate to your organization.

Organizations are very flexible and can be used in different ways to match the way you think about your organization. A common approach is to set the Top as your organization's name, then add subsidiaries beneath it, and then add business units beneath those subsidiaries.

Experiment a bit to find the right balance for your organization. You can set target domains for each unit within the organizational structure to automatically include all targets from those selected domains. You can also use tags and auto tags to group targets within the organizational unit.

Set Up Auto Tags

Name your auto tag and select the tag that will be applied to the targets that match the rules you'll enter. You can require all the rules to match or tag all targets that match any of the rules you set.

Next, add the rules and easily see how many targets the rule set matches.

Examples

Tag all targets that are located outside of the USA:

Type: Country
Match: No
Value: USA

Tag all targets using AWS CloudFront:

Type: Technology
Match: Yes
Value: AWS CloudFront

Add additional users

Review findings

With your account set up, it's time to take a look at what's been found. While this guide is not intended to walk through the full breadth of security information we find, here are a few places to start:

Complete the Security Review Checklist

Schedule a human security review

PreviousPlatform Overview NextDiscovery

Last updated 2 months ago

Was this helpful?

*

The section allows you to input all of your seeds.

to automatically pull in data from your DNS and cloud hosting providers. These API connections allow Halo Security read-only access to pull in asset information from the following providers:

that your organization has registered. We recommend downloading a list from your registrar, or manually entering the ones you know about.

If your organization uses static network ranges or netblocks, in as well. We'll scan those to identify any internet-accessible ports and IP addresses.

to find registered domains that may belong to your organization.

to find websites that contain words and phrases associated with your organization.

to find domains registered with your organization's contact information.

seed to find websites using specific images, such as your organization's logo.

to find subsidiaries, parent companies, and acquisitions.

Time for a break. Once you've added your initial seeds, you'll want to give the scanners a bit of time to complete their initial discovery.

Once your initial discovery scans are complete, you'll start to see assets populate in the section. Before diving into those, it can be helpful to identify the icons (or favicons) associated with your organization.

Jump over to the section. Here you'll see all of the icons associated with the discovered assets.

On the , you'll see a summary of your discovered assets and your progress in evaluating them. Green bars represent the assets that have been added as targets. Yellow indicates assets that are restricted from scanning. Grey indicates assets that you've acknowledged and don't view as part of your inventory. Black indicates assets that haven't yet been evaluated. We call this the shadow bar.

1. Add all

2. Add all

Time for a break. We recommend waiting for initial scans to complete on these assets to help find more connected assets before moving on.

3. Review

4. Review

Once you've added any new targets or domain seeds, allow the scanners to run, and then check back to look at any . This recursive process helps ensure more comprehensive coverage of your attack surface.

As we scan your assets and targets, the platform learns more about your organization and suggests potential seeds that may help identify more unknown assets. Review those by visiting the . Add any that make sense to you and dismiss the rest.

Whenever you add new seeds, wait for the discovery process to complete and then .

Start by enabling organizations from , then visit the to begin building out your organizational structure.

Auto tags allow you to automatically group targets by nearly any data point that we collect. To get started, go to and click the plus to add a new ruleset.

Tip: Use the auto tags you've created to automatically group the targets within your .

Head over to to add your colleagues and teammates. '

Use the auto tags you created to to a specific subset of targets.

: The issues section lists all of your most critical vulnerabilities and misconfigurations, and is your central hub for remediation. You can easily view and assign issues to the relevant users, and use workflows to track your remediation progress.

: Minimizing your internet footprint can make it easier to defend. Check out what ports are open and ensure you're not accidentally exposing ports and services that shouldn't be on the internet.

: See what third-party technology is being used. People often find vendors they thought were off-boarded, or technologies with many different versions. A banner will appear if any technology is detected that has known exploited vulnerabilities. You can also see and address any technology versions that are associated with known CVEs.

: Review DNS records to ensure you're not accidentally pointing your domains anywhere you don't intend to.

: Review any possible secrets or API keys that might accidentally be exposed within your JavaScript files.

: Make sure you don't have servers redirecting places you don't expect.

: Look for unexpected response codes that may indicate a potential issue.

The is designed to be completed quarterly to help ensure your attack surface management program remains as strong as possible. It provides a checklist of best practices to ensure things don't fall through the cracks and your Halo Security settings are optimized. With these recommendations, you can efficiently assess discovery seeds, security risks, and account settings.

Once you've configured your account, it's a great time to meet with one of our external security experts. to review your account and findings, and get help strategizing and prioritizing your security efforts.\

schedule a security review

request a free trial

Seeds

Add integrations

Amazon Web Services (AWS)

Google Cloud Platform (GCP)

Add a Domain Registry search