Declare the assets that you know
The first step to fully leveraging our Attack Surface Management solution is accurately mapping your assets.
Begin by declaring your known assets, called Primary Assets. This will lay the foundation for discovering additional ones.
Go to the “Admin Panel”
Click on “Attack Surface” and “Assets” in the left-side menu
Click on “+ Add assets”
Select the import method of your choice: “Import a file” or “Add Manually”
⚠️ You should add assets that you own and you wish to monitor. The goal is not to list every single cybersquatting possibility.
💡Tips
There’s no need to list of your subdomains if the main domain is already monitored. Our solution will discover all the subdomains and apply the asset value of the main domain.
However, if a subdomain should get a different asset value, you may declare it separately.
Option 1: Add Manually
A new window will open with three fields to fill out:
Type of asset
Domain
IP/Range/CIDR
Asset
In this example, a domain. It can also be a subdomain.
Asset value
This defines the level of priority this assets carries for your business.
Very low, Low, Medium, High, Critical
Option 2: Import a file
Import a CSV file containing your assets
ℹ️ A template can be downloaded. The fields are:
Type (Domain or IP/Range/CIDR)
Asset
Asset_Value (Very Low, Low, Medium, High, Critical)
Exclude assets
It is also possible to exclude specific assets from the monitored list.
Go to the “Admin Panel”
Go to “Attack Surface” and “Assets” in the left-side menu
Click on “X Exclude assets”
Enter the domain/subdomain or IP range/address to exclude
Example: if you wish to exclude all subdomains related to -dev.yeswehack.ninja, enter *-dev.yeswehack.ninja.
Discover new assets
The YesWeHack Attack Surface Management solution will automatically discover subdomains of your Primary Assets.
It also enables you to discover “Related domains”: domains that belong to the same entity (i.e., registrar) that you might not be aware of.
This feature is available exclusively on APEX domains.
Go to the “Admin Panel”
Click on “Attack Surface” and “Assets” in the left-side
Click on the “Actions” icon radar
This action will launch a scan for such related domains. A new window will open with the results:
Some domains of this list will already be part of your mapped assets. The other, new, assets can be added to the monitoring list.
Click on “+ Add asset”
Select an Asset Value
ℹ️ You can download the complete list of related domains as a CSV file from this window.