Asset Relations

Asset relations capture the connections between assets in your inventory — domain hierarchies, shared TLS certificates, and IPs serving multiple domains. They help you trace infrastructure dependencies, spot shared hosting, and understand the blast radius of any single asset. You’ll see relations in two places in Odin:

• The Relation tab on any asset’s detail panel, in Assets and the Attack Surface Map
• The Attack Surface Map itself, where relations are drawn as edges between asset nodes

​

Domain relations

Domains and subdomains form a hierarchy:

• Root domain: the top-level domain (e.g. example.com)
• Parent: the domain one level up (e.g. api.example.com → example.com)
• Children: subdomains beneath a domain (e.g. example.com → api.example.com, app.example.com)

Walking these relations lets you see the full subdomain tree under any root domain. The Attack Surface Map’s domain navigator uses this hierarchy to let you drill from a root domain down to its descendants.

​

Certificate relations

When multiple assets share the same TLS certificate (identified by SHA-256 fingerprint), Odin links them together. This is common with wildcard certificates or multi-domain (SAN) certificates. Certificate relations help you identify:

• Assets served from the same infrastructure
• Wildcard certificate coverage across your subdomains
• Certificate-expiry risk affecting multiple assets at once

​

IP relations

IP relations connect assets that resolve to the same IP address. For each IP, Odin tracks:

• Domains: every domain and subdomain resolving to this IP
• Open ports: ports discovered during Network Recon
• Recon status: whether Network Recon has been run against this IP

​

How relations are derived

Most relations are inferred automatically from recon data. DNS resolution, TLS certificate fingerprints, and reverse-DNS lookups feed the relation graph as Continuous Asset Discovery scans run. You don’t manage relations directly — they’re a consequence of what Odin discovers about your attack surface.