Skip to main content
Continuous Asset Discovery (CAD) automatically finds and monitors your external attack surface around the clock. Turn it on for a root domain or IP, and Odin discovers subdomains, open ports, running services, and linked infrastructure — keeping your asset inventory current as your environment changes. As your organisation grows, new subdomains, services, and infrastructure appear regularly. CAD picks these up automatically, so your security team always has a complete picture without coordinating across teams or manually importing every asset.

Scan schedule

CAD runs three scan tiers on a recurring basis:
TierFrequencyWhat it does
HourlyEvery hourLight DNS enumeration to discover new domains and subdomains
Tri-hourlyEvery 3 hoursAdvanced enumeration techniques for deeper domain and subdomain discovery
DailyOnce per dayFull port scan across all 65,535 ports, IP-address linking, and service labelling
All scanning is non-intrusive. Newly discovered assets are automatically added to your Assets inventory and the Attack Surface Map.

Recon types

Domain Recon

DNS enumeration, HTTP probing, and TLS inspection on domains and subdomains. Identifies web servers, WAFs, certificates, and technologies in use.

Network Recon

Scans the full port range (65,535 ports) on IP addresses. Identifies open ports, running services, and version information. For certain services, Odin uses targeted probing to extract detailed configuration.

Recon results

Recon data is available on each asset’s detail page. Click any asset on the Assets page to view its results. For domains and subdomains, Domain Recon surfaces:
  • Web server: the detected web server (e.g. Cloudflare, Nginx)
  • TLS: protocol version and cipher details (e.g. TLS 1.3)
  • Certificate: certificate subject and issuer
  • WAF: detected web application firewall
  • IP: resolved IP address
  • HTTP status: response code and latency
  • DNS records: A, AAAA, CNAME, and other resolved records
Asset detail panel showing Domain Recon results for a subdomain, including web server, TLS, certificate, WAF, IP, HTTP status, and DNS records
For IPs, Network Recon shows open ports, detected services, and version information where available.

Configuration

CAD runs only on assets you explicitly enable it for. When adding a domain or IP on the Assets page, toggle Continuous Asset Discovery on to start monitoring. You can disable CAD on any asset at any time — scanning stops immediately for that asset.
CAD is a paid add-on billed per root domain. It must be activated on your subscription before you can toggle it on individual assets. Visit Billing in the sidebar to activate, or contact [email protected] to discuss pricing.