Getting started with Surface Monitoring

Surface Monitoring is our External Attack Surface Management product that ensures complete coverage of your attack surface. It monitors and maps all your different assets and subdomains, helping you understand what assets you have, how they're changing over time, and what specifically is changing. It also identifies misconfigurations and vulnerabilities across your attack surface.


You can set up and configure Surface Monitoring from the Surface Monitoring page in the tool. This page lists all your root assets and allows you to configure monitoring at that level, which then propagates to all subdomains.

Root Assets

A root asset is typically an apex domain, but can also be a subdomain if that's the highest level of the hierarchy you've added. This page also shows which roots are verified and which are not, informing you of the actions you need to take. Enabling monitoring is straightforward - just a click away.

Discovery Settings

Surface Monitoring is divided into two parts: Discovery (or reconnaissance) and Vulnerability Assessment. Discovery populates data about your attack surface, starting with subdomain discovery to cover both known and unknown assets. It then adds information about DNS records, IP addresses, and exposed ports. You will also be informed about SSL/TLS configurations, which you can adjust in the settings.

All discovery data is found under the 'Attack Surface' section in the menu, where you can dive into different assets, IP addresses, ports, and technologies.

Vulnerability Assessment Settings

Vulnerability Assessment starts with subdomain takeover assessment, a powerful tool to prevent forgotten subdomains from being used in phishing attacks. It also includes SSL/TLS assessment to check for misconfigurations and certificate assessment to ensure SSL certificates are not expired or misconfigured. Lastly, stateless tests are payload-based HTTP tests run against your web apps, utilizing our crowdsourced network to identify and test against new exploits quickly. You can customize tests, including specifying headers or request per second limits for older infrastructure.


Surface Monitoring begins populating assets, IP addresses, ports, and technologies upon activation. Vulnerabilities are added continuously, but some time is required for the system to run fully.


If you encounter unexpected results after a day, it may be due to certain providers blocking tools like ours. Ensure our IP addresses are listed in your settings. If you have any questions, feel free to reach out to our support.