Organization Settings

This section provides advanced control over subdomain asset classification.

• All discovered subdomains are listed (e.g., apps.example.com, example.com).

• Subdomain Risk Level Classification

  Each discovered subdomain is assigned a risk level classification to help prioritize monitoring and remediation efforts. These levels indicate the potential impact of a compromise on the organization:

  • Informational

    Represents assets that have little to no security impact. Typically includes marketing pages, documentation, or test environments with no sensitive data. They are monitored but do not require urgent attention.

  • Low

    Assets that have minimal exposure or limited functionality. A compromise here would not directly affect critical systems but should still be addressed to prevent exploitation.

  • Medium

    Subdomains with moderate risk they may include login portals, APIs, or secondary applications. A breach could expose data or provide attackers with a foothold into the environment.

  • High

    Assets directly tied to business operations or sensitive processes. If compromised, they could significantly affect services, customer data, or internal systems. These require active monitoring and prioritized remediation.

  • Critical

    The most sensitive and business-impacting assets. Examples include core applications, financial systems, or platforms handling authentication and customer data. Any compromise here poses a severe threat to the organization and must be addressed immediately.

Security teams can manually adjust classifications, ensuring prioritization aligns with business impact.

• Changes can be saved with “Save Edits”, allowing continuous fine-tuning of risk levels.

This flexibility makes it easy to differentiate between harmless informational assets and truly critical infrastructure.