Skip to main content

Asset Discovery — User Guide

Organizations: Find related subdomains and enriches discovered endpoints with ports, technologies, and HTTP service metadata

Updated this week

Overview

What Is Asset Discovery?

Asset Discovery is an automated system that maintains a comprehensive, up‑to‑date inventory of an organization’s externally visible digital assets. Using root domains as seed inputs, Asset Discovery identifies related subdomains and enriches discovered endpoints with ports, technologies, and HTTP service metadata. Results are automatically imported into Asset Inventory and available for security testing.

Key Benefits

  • Automated discovery — reduces manual inventory overhead and blind spots.

  • Weekly cadence — balance between timeliness and noise.

  • Comprehensive enrichment — subdomains, IPs, open ports, tech stacks, SSL/TLS metadata.

  • Immediate integration — auto-import into Asset Inventory and searchable metadata.

Who This Is For

This guide is written for:

  • Security engineers and asset owners responsible for maintaining external attack surface inventories.

  • Platform and DevOps leads who coordinate whitelisting and scanning impact.

  • CSMs and enablement teams preparing customers for beta onboarding.

If you are a program owner advising non-technical stakeholders, see Admin Quick‑Start for a concise operational checklist.

Prerequisites

Required Product Tier

  • CTEM Platform Professional and CTEM Platform Enterprise

  • Ask your CSM if you are outside these product tiers and would like to explore Asset Discovery

Required Permissions

Action

Permission

View Discovery

Any organization member

Enable/Disable Scanners

Assets Manager (org-level)

To check permissions, go to Organization Settings → Members → [your account].

Getting Started

Accessing Asset Discovery

  1. From the org dashboard, click Assets (left navigation).

  2. Select the Discovery tab.

  3. If no root domains exist, you will see the empty-state prompt: “No root domains found. Add root domains to your asset inventory to enable automated subdomain discovery.”

Add Your First Root Domain

  1. Assets → Inventory → Add Asset → Domain

  2. Enter the root domain (e.g., example.com) — root only.

    • ✅ example.com

    • ❌ api.example.com

  3. Complete required metadata, click Save.

  4. Return to Assets → Discovery and your domain should appear in the list.

Using Asset Discovery

Page Layout and Columns

The Discovery table shows one row per root domain with these columns:

  • Domain — Root domain being scanned.

  • Assets Discovered (Cumulative) — : cumulative number of assets created or updated by the scanner. This number is cumulative and does not decrease if assets are archived.

  • Last Scan — Timestamp of the last scanner run (e.g., 2 days ago).

  • Last Scan Status — New explicit status: Success / Failed / Pending. This helps quickly surface recurring failures.

  • Scanner Enabled — Toggle to enable/disable scanning. (Assets Manager permission required)

UI guidance: use the Last Scan Status to prioritize troubleshooting before contacting support.

Search & Filters

  • Use the search bar to filter domains by name.

  • Filters in Asset Inventory should be used to inspect discovered assets using the following fields (filter names are exact):

    • discovery_source (value: asset_discovery)

    • scanner_domain (value: root domain)

    • scanner_ports / protocol

    • technology_fingerprint

Link these filter names in the UI documentation to make them clickable in the product help panel.

Managing Scanner Profiles

Enable Scanner

  1. Find domain row or use search.

  2. Toggle Scanner Enabled to on.

  3. A confirmation toast appears.

Behavior:

  • Weekly automatic schedule.

    • Not currently configurable

  • Auto‑import into Asset Inventory.

  • Discoveries include subdomains, ports, tech fingerprinting, and HTTP service metadata.

Disable Scanner

  1. Toggle Scanner Enabled to off.

  2. Scanning stops for that domain; existing assets remain in inventory.

Permissions: only Assets Manager sees and can use the toggle. Others see a read‑only toggle and tooltip: "Assets Manager permission required".

Understanding Scan Results

What Gets Discovered And How It's Enriched

  • Subdomains: all public subdomains, including multi‑level.

  • Open ports: port numbers and protocols; filterable.

  • Technology fingerprinting: server software, frameworks, cloud providers, detected versions.

  • HTTP/HTTPS discovery: endpoints, configurations, SSL/TLS metadata.

Scan Process (High Level)

  1. Execution — Weekly scanner run (Aardvark).

  2. Processing — Validation, de‑duplication, merge/updates.

  3. Auto‑Import — Create/update assets in Asset Inventory; add discovery metadata.

  4. Visibility update — Last Scan, Last Scan Status, and the cumulative assets counter update.

Viewing Discovered Assets

  • Go to Assets → Inventory → apply discovery_source:asset_discovery and optionally scanner_domain:example.com.

  • Click any asset to view details and discovery metadata (ports, technologies, timestamps).

Admin Quick‑Start (Operational checklist)

Purpose: Fast operational steps for admins to enable Asset Discovery for a customer or organization.

Pre‑enable Checks (5 minutes)

  • Verify CTEM Platform Professional and CTEM Platform Enterprisetier in Organization Settings.

  • Confirm at least one user has Assets Manager permission.

  • Identify 3–5 high‑value root domains to bootstrap scanning (internet‑facing production domains).

  • Coordinate with platform/DevOps to whitelist HackerOne scanner IPs (or provide guidance if IPs are not yet published).

Enable (5 minutes)

  1. Add each root domain to Assets → Inventory as Domain.

  2. In Assets → Discovery, search for the domain and toggle Scanner Enabled.

  3. Confirm toast appears and Scanner Enabled shows on.

Immediate Validation (10–30 minutes — informal)

  • Note: scans run weekly. For initial validation:

    • Check Last Scan Status and Last Scan after the first scheduled run.

    • Use Asset Inventory filters: discovery_source:asset_discovery and scanner_domain:<domain> to inspect results.

    • Flag obvious false positives for archive.

Troubleshoot Common Issues (Quick Commands)

  • Toggle not clickable — check Assets Manager permission.

  • No assets discovered after run — verify domain DNS is public and no firewall/rate limiting.

  • Scan failed — check Last Scan Status, then check status page and contact CSM if persistent.

Handoff & Governance (Recommended)

  • Assign a primary reviewer (security engineer) for each scanned domain.

  • Define cadence for inventory review (weekly for initial 4 weeks, then monthly).

  • Document any domain‑level exclusions by policy (even though product lacks exclusions today) so reviewers can archive appropriately.

Troubleshooting

Common Issues & Immediate Actions

  • No root domains found — add domain as Domain type.

  • Toggle unavailable — assign Assets Manager permission.

  • Scanner not running — validate weekly schedule; check status.hackerone.com; contact CSM after one week.

  • No assets discovered — check DNS/public accessibility; whitelist scanner IPs; contact CSM.

FAQs

Q: Cost?

A: Included in CTEM Platform Professional and CTEM Platform Enterprise

Q: Manual scans?

A: Not supported — weekly schedule only.

Q: Change frequency?

A: Not supported — fixed, queued cadence.

Q: Non‑root domains?

A: Not supported; use root domains for comprehensive coverage.

Q: Intrusive?

A: No — passive discovery and light port scanning; no exploitation.

Q: robots.txt?

A: Not applicable — scanner discovers infrastructure, not crawls content.

Q: Data location & access?

A: Stored in HackerOne infrastructure; visible only to org members.

Q: Delete assets?

A: Archive only; assets are retained in org records.

Q: Exclusions?

A: Not available today; archive unwanted assets post‑discovery.

Q: Export?

A: CSV export from Asset Inventory or programmatic export via HackerOne API.

Best Practices

  • Start with critical domains and validate results before broad enablement.

  • Archive false positives promptly.

  • Whitelist scanner IPs to reduce noise.

  • Keep tags/metadata updated for inventory hygiene.

  • Coordinate with DevOps for expected changes (new services, decommissioning).

Getting Help

Support contacts:

  • Customer Success Manager (CSM) — primary support for beta participants

  • Design Partner Program support — dedicated feedback channel

When to contact your CSM:

  • Scanner inactive beyond 48 hours after enablement

  • Unexpected or missing asset counts

  • Permission or access problems

  • Feature requests or product feedback

Information to include:

  • Org name/handle

  • Affected domain(s)

  • Screenshots and steps to reproduce

  • Expected vs actual behavior

Status page: https://status.hackerone.com

Did this answer your question?