Help Center
News
Indusface
Help Center
News
Indusface
AppTrana
OverviewOnboarding to AppTranaComparison between Old Portal and New PortalSAML Integration with Entra ID for Single Sign-On - AppTrana WAF
Dashboard
Applications & Groups
Protection StatusDiscover AssetsDNS ManagementManage Groups
API Security
Manage Assets
WAAP Policies
Vulnerabilities
Attacks
Bandwidth
Actions
Logs & Reports
License & Utilizatiion
Settings
Profile
Others
AI Shield
Indusface WAS
Indusface WAS MSSP
WAS MSSP Consultant
Additional Resources
Zero-Day Vulnerability Reports
Security Bulletins
AppTrana API Integration
Release Notes

Discover Assets

The Discover Assets feature helps you find and manage your public-facing assets including web applications and APIs. It gives you full visibility into these assets and displays details such as public IP addresses, subdomains, and hosting data centers. This helps you maintain an accurate and up-to-date inventory for stronger security.

How to Access Discovered Assets

To view newly discovered assets:

  1. Select the All Domains filter.
  2. Go to Applications & Groups > Discover & Manage.

Note: If you select an individual domain in the filter, the tab name changes to Manage Assets. The tabs under this section differ from those under Discover and Manage.

Discovered Root & Sub Domains

 The discovery results show:

  1. The date of the last scan
  2. Total number of root and subdomains
  3. Subdomain count for each root domain
  4. Number of included TLDs (Top-Level Domains)

  

Configure Domain Discovery Settings by TLDs

Fine-tune domain discovery settings by managing TLDs.

  1. Go to Discover Summary > Configure Domain Discovery.
  2. Review the list of TLDs with checkboxes. All are selected by default.
  3. To exclude a TLD, uncheck the box next to it.
  4. To include a specific TLD, use the search bar and check the box.
  5. Click Save to apply your changes.

  

Discover Applications

To initiate a discovery scan:

  1. In the Discover Summary, click Discover Applications.
  2. A confirmation pop-up appears showing the number of root domains that will be scanned.
  3. Choose to include or exclude specific root domains.
  4. Click Start to begin the scan.

NoteDiscovery may take up to 72 hours to complete and identify all related subdomains 

 

List of Subdomains 

After the scan completes, you will see a list of discovered subdomains for each root domain, along with the following details:

ParameterDescription
SubdomainName of the subdomain.
IP AddressSubdomain's public IP.
Data CenterHosting location.
Discovered OnDate discovered.
TypeType of Subdomain discovered (e.g., Website, API)
Enable ProtectionOne Click Onboarding of unprotected Subdomains to AppTrana.
ActionClick Ignore to move subdomain Ignored Tab.

 

AI Server Exposure

AppTrana surfaces exposed AI runtime services, such as Ollama, and highlights them within the discovered subdomain inventory when they are publicly accessible due to misconfiguration or missing access controls.

These assets are automatically tagged (e.g., Ollama) to help you quickly filter and isolate AI-related exposures across your environment.

AI Server Detail View (IP-Level)

Clicking on the IP address opens a detailed view of the identified AI server.

This view provides:

  • Open port details (e.g., 443)
  • Detected web server information
  • List of hosted AI models (e.g., DeepSeek, GPT variants)

This allows security teams to validate exposure, understand the runtime environment, and take immediate action.

Filtering AI Exposures

Use the Filter option to view only assets tagged as AI services (e.g., Ollama). 

 

This helps you quickly identify shadow AI deployments, prioritize remediation of high-risk assets and reduce noise from non-AI infrastructure.

Exporting Asset Inventory Data

You can download the complete asset inventory for offline analysis, reporting, and remediation tracking.

 

Parameter

Description

Applicable To

SubdomainName of the discovered subdomainAll assets
IP AddressPublic IP address mapped to the subdomainAll assets
Data CenterHosting provider or infrastructure location (e.g., AWS, On-Premises)All assets
Discovered DateDate when the asset was identified during the scanAll assets
TypeAsset type (e.g., Website, API)All assets
AI DetectionIndicates if an AI runtime (e.g., Ollama) is detected (Yes/No)All assets
PortOpen port used by the detected AI service (e.g., 80, 443)AI-detected assets only
Web ServerDetected server details for the AI runtime (e.g., Apache version)AI-detected assets only
Models DetectedList of AI models exposed via the serviceAI-detected assets only

Configure Root Domains

Manage whether a root domain is included in future scans.

  1. Navigate to the Root Domains section.
  2. Use the search bar to locate the domain.
  3. Use the toggle switch to Include or Exclude the domain.

 

4. To ignore a domain completely, click Configure > Ignore.

Excluded Root & Sub Domains 

Excluded Root Domains 

ParameterDescription
Root DomainName of the excluded root domain.
IP AddressIP address of the domain.
Data CenterHosting location.
Discovered OnDate of discovery.
ActionClick Restore to re-include in protection.

Restore Root Domain

To restore:

  1. Locate the domain in the table.
  2. Click Restore in the Actions column.
  3. Confirm restoration in the pop-up
     

Excluded Subdomains

View ignored subdomains that can be restored.

ParameterDescription
SubdomainName of the subdomain.
IP AddressSubdomain's public IP.
Data CenterHosting location.
Discovered OnDate discovered.
ActionClick Restore to move subdomain back into protection.

Protected Subdomains

Lists onboarded subdomains and their security metrics.

ParameterDescription
Asset NameProtected subdomain name.
Last ScanDate of the most recent scan.
Open VulnerabilitiesNumber of unresolved issues by severity.
Bandwidth UsageData used by the application.
Total AttacksNumber of detected attacks.
WAF StatusCurrent Web Application Firewall mode.
API Policy CreationDisplays the number of API sites protected using Positive Security Rules. This metric is shown only when the site type is set to API or Hybrid.
PlanSubscription plan assigned (e.g., Premium, Advanced).
ActionsIncludes options like Unprotect or Download Report.

You can group subdomains for better management and view metrics per group.


 

Add a New Application

To onboard a new subdomain:

  • Click Add Application from the application list view.

Edit Group

  • Selecting a group updates the dashboard to show group-specific data.
  • Click Edit Group (available only for custom groups) to modify the group.

Create a Group

Creating a custom application group helps you organize related subdomains or applications under a single dashboard view. This allows security teams to monitor metrics, manage vulnerabilities, and apply security policies more efficiently across specific business units, regions, or application types.

To create a custom application group: 

Step 1: Enter Basic Details

  1. Go to Groups > Create Group.
  2. Enter the Group Name and Description.
  3. Click Next.

Step 2: Select Applications

  1. Use the checkboxes to select subdomains.
  2. Use the search bar to filter.
  3. Click Save.

The new group appears alongside All Sites

Was this helpful?

Powered by Product Fruits