Getting started with Detectify and External Attack Surface Management (EASM)


Importing your assets

To map your assets (domains), we recommend using our Connectors feature. This can be found in the main menu on the left-hand side.


Connectors are an efficient way to ensure all your digital assets are accounted for, particularly for organization's with larger attack surfaces. They hook up to whatever platform you're using for hosting or DNS management. Connectors also ensure that we can continuously important new domains as soon as they're added.

Instructions for specific Connectors:

'Get Started' flow in tool

If you have a smaller attack surface, adding domains manually is also an option. This can be done from the "empty state - add asset" section or through our in-tool guided onboarding process. When adding assets manually, ensure to include an apex level domain to maintain consistency and accuracy.

Zone file import

For a comprehensive import, you can upload a zone file. This method is ideal for capturing a wide array of domains and subdomains associated with your organization.

Verification of domain ownership

To maintain security and compliance, Detectify requires verification of authorization to run tests on the domains you import. This process is straightforward and can be completed using several methods we provide, ensuring that only authorized users can perform security assessments on your assets.

Allowing traffic from Detectify

Since Detectify’s products are payload-based, please ensure that you allow-list the below IPs in your hosting providers and WAFs:

For region specific information and frequently asked questions, see:

Monitoring and Scanning

Detectify offers two primary products that work in concert to provide comprehensive coverage of your attack surface:

Surface Monitoring

We recommend beginning with Surface Monitoring, which will start mapping your attack surface under that particular root domain. It will tell you about any changes, misconfigurations and the vulnerabilities that can be found in any of the web applications that are underneath the root.

The 'All Assets' page is where information about your attack surface will populate. This includes all the assets you have, domains, and their state e.g. if something is exposing an open port, DNS record information, and when assets were found. You can also filter information in different ways, such as via IP addresses, Ports and Technologies.

Read more about all the Surface Monitoring features here.

Application Scanning

Application Scanning offers deep scans of your applications to unearth vulnerabilities, with no limit on the number of scans per endpoint. You begin by adding a Scan Profile, which is a domain or an IP that you want to scan more thoroughly. We recommend that you always have recurring scheduled scans so that you don't have to manually trigger a scan. Application Scanning results will start to populate when vulnerabilities are found.

Read more about all the Application Scanning features here.

Working with findings

Everything we find, no matter if it's from Surface Monitoring or Application Scanning, will be combined in the 'Vulnerabilities' view.

You can easily triage, sort, and filter what you want to focus on. Findings can also be marked as fixed, excepted risk, false positive, and even forward them to the team that should take action on them.


With Integrations, you can connect to your preferred tools and be notified about various things, for example, when a scan is completed, or if a high or critical vulnerability is detected. For customized integrations, our public API can really fine tune how you want to be notified and where.

Further resources

For more detailed information on our connectors, Surface Monitoring, Application Scanning, how to configure them, understanding vulnerabilities and findings, we encourage you to explore our extensive knowledge base.

For the latest updates and changes to our product offerings, visit

Visit our Resources section on for Case Studies, Webinars, eBooks, events, and more.