LúminaKite
External exposure

Attack surface management

Unknown assets become risk when they are exposed, outdated or unowned. LuminaKite's ASM module reconciles passive discovery with controlled probing so teams can understand the external surface tied to verified domains.

Operational outcomes

ASM

  • Discover related assets from CT, DNS and lightweight web evidence.
  • Track asset changes over time instead of relying on one-off scans.
  • Use ASM Normal on every plan, with cadence and capacity limits that scale by plan.
  • Use ASM Plus on Business with allowlists, rate limits and scanning windows.

Core capabilities

ASM Normal
Passive and lightweight discovery combines Certificate Transparency, DNS and web probe evidence for verified domains.
ASM Plus
Business workspaces can run controlled active scans with allowlists, time windows, concurrency and rate limits.
Top port profiles
Profiles such as core_risk, web_only and extended focus scanning on web, admin, directory, database and mail exposure.
Web hardening checks
Lightweight probes gather service, response and hardening evidence without turning every check into a broad vulnerability scan.
Takeover hints
Asset evidence can point to dangling or misconfigured services that deserve human review.

How the module works

1

Start from verified domains

ASM runs from assets the organization has authorized, reducing noise and keeping scope explicit.

2

Discover related assets

Passive sources and light probes create an inventory of observed hosts, services and evidence.

3

Run controlled scans when allowed

ASM Plus applies plan policy, allowlists, rate limits and time windows before active scanning.

4

Review findings and changes

Teams prioritize new services, risky exposures and changes that need ownership or remediation.

Signals and evidence

Certificate Transparency discoveries
DNS-linked hostnames and service hints
HTTP response and web hardening evidence
Open service evidence from controlled top-port profiles
Scan mode, policy and timing metadata

Common use cases

Find untracked internet-facing assets

Identify hosts and services that were created outside the standard inventory workflow.

Review exposure after launches

Check whether a new product, region or infrastructure migration exposed unexpected services.

Support security operations

Give analysts evidence-backed findings instead of raw scanner output with little context.

Frequently asked questions

Is ASM Plus an uncontrolled internet scan?

No. ASM Plus is gated by plan, scope, allowlist, rate limit, concurrency and scanning-window controls.

What is the difference between ASM Normal and ASM Plus?

ASM Normal focuses on passive discovery and lightweight web probes. ASM Plus adds controlled active checks for top-risk services.

Which plans include ASM?

ASM Normal is included on every plan, with stricter cadence and capacity on Free. ASM Plus is designed for Business because active scanning needs stricter governance.

Does ASM replace a vulnerability scanner?

No. It provides external exposure inventory and evidence. It can complement vulnerability management by showing what should be assessed first.

Related modules