ShadowTrackr

Log in >

Assets

Assets in ShadowTrackr are urls, hosts or subnets. There are a lot of related entities like dns records, whois records, ip addresses, certificates, tcp ports, security headers and more. All those are related to urls, hosts and assets so we picked those as basic units to work with. Only urls, hosts and subnets count towards your asset limit.

Here are some examples of assets:
    shadowtrackr.com
www.shadowtrackr.com
1.1.1.1
10.10.10.0/16


How does asset discovery work?

We're not going to disclose the secret recipe here, but think of parsing ssl certificates, extracting dns data and pulling in data from about a dozen of sources that are readily available on the internet.

What is important to know is that if we find your url running on a specific host, that host is not automatically considered your asset. Unless we have more info (for instance it's in a subnet range known to be yours) we'll leave it. It could be shared hosting and before you know it we're monitoring an entire hosting provider (yes, that happened).

With the same reasoning a pay level domain (blogspot.com) is not automatically added if you add a subdomain (myblog.blogspot.com).

The other way around is different. If you add an ip address, that is considered your host. If the security of that host is compromised, then every url running on that host has to be considered compromised as well. So, all urls found on your host are added automatically.

Grouping things with tags

You can attach one or more tags to each asset. A tag is just a name you choose. You can group assets with tags and create custom graphs or reports with them. Tags can also be used in search, reports and exports. There are two types of tags: system tags (blue, all caps) and user tags (purple). You can remove system tags, but since the condition that caused the tag to appear will still exist they will very likely reappear again. System tags provide information and are things like "mailserver", "Malicious host", "Ad network", "For sale", etc.

There are some rules to tags to keep in mind:
- If you tag a domain, all subdomains will inherit that tag.
- Subdomains can have tags that do not appear on the pay level domain.
- If you tag a url corresponding certificates, websites and DNS records get it too
- Certificates and websites can have additional tags that are not on the url
- Phishy_domains inherit tags from the original pay level domain
- If you tag a subnet, all hosts in it will inherit the tag.

Note that you can use tags in magic queries. If you want to generate a weekly report for specific tags only, make a report with the query:

$weekly_pdf_report AND tags=my_tag



Ignoring urls and hosts

Some of our bigger clients run a shared service. They are not responsible for all urls running on certain hosts. If you are in a similar situation, you have the option to ignore a url or host. Go to your url or host page from assets (in the menu on the left) and click the action menu (the three dots) in the top right. You'll find the ignore option there.

If you want to do advanced ignoring like ignoring all subdomains or sub-subdomains (including the ones not found yet), there's an easy button for that. Go to the url page or domain page for the pay level domain (shadowtrackr.com), click the action menu and select "ignore filter". You can also go straight to:

https://shadowtrackr.com/usr/ignore_filter?url=[your domain here].

Ignored hosts and urls do not count towards your asset limits.

What happens when you reach the asset limit?

You lose the ability to add any additional assets or accept suggestions. The discovery process keeps running and anything directly related to you will still be added automatically. Monitoring will continue as well for all your assets, even those that are above the limit of your subscription.

We could have decided to just drop any additional assets found of course. But that would make it difficult for you to determine which subscription size you should pick. Also, it would be a real pain in the ass to code such a thing. I think we all should be happy with the current choice.

It is possible to register with the cheapest subscription and strategically add just a few very large domains and subnets. The discovery process will likely find thousands of assets that we'll monitor for you. We do notice though, and a sales rep should contact you with the notice that you're using up way more rescources than you are paying for and should upgrade your subscription.




Resources
API
Blog
Documentation
Integrations
Shodan
OpenCTI