Customize Collections

In Attack Surface Management (ASM), Collections are created within Projects and are lists of assets that are actively being monitored. Collections define the starting point of external asset discovery. Entities, known as Seeds, are populated into a Collection to uncover additional Entities that are exposed. The data identified as related to the Seeds is represented in the Entities section of ASM.

Collection configuration is available for paid Attack Surface Management (ASM) customers.

If you would like to upgrade to a more feature-rich account, send a message using our contact form, https://www.virustotal.com/gui/contact-us.

For information on establishing Collections, see Create a Collection.

Explore Collections

To view all the Collections in your current Project, from the Collections menu in ASM, select Settings. You see a list of all the Collections in this Project. 

A list of two Collections in a specific Project with details about each Collection

Each Collection listing contains:

  • The title of the Collection

  • The Workflow associated with the Collection

  • The Entities and Issues associated with the Collection

  • The date of the last scan

  • The scan rate

  • An on-demand Scan option

    ℹ️

    Collection scans run for a maximum of 72 hours.

  • Access to Settings specific to this Collection

Customize a Collection

To explore a Collection in depth or modify its current settings, click Settings for the Collection.

Each collection contains four sections:

Configurations

Collections can be configured to focus on areas relevant to your organization. With custom configuration, you can define specific tasks, workflows, and scope. Multinational organizations with numerous subsidiaries and companies with operational technologies (OT) benefit from this functionality.

ℹ️

You must be the Collection owner to modify Configurations.

To establish Collection-specific configurations, navigate to a collection. Configurations is the default view.

Configurations options for a Collection.

Configurations are divided into six groups:

  • Issue Settings: Control the Issues that are shown to you.

    ℹ️

    • All updates require a collection refresh when first enabled. For immediate refresh, click Scan Collection.
    • Disabled Issues are still monitored but do not show up in your alerts or surface as Issues within the platform.
  • Scan Settings: Active Filter, Scoping and custom input types, including Cookies, Ports, and Headers.

    • Configurable Active Filter: Define the timeline for when Entities, Technologies, and Issues are considered Active versus Inactive.

    • Enable Broad Scoping: By default, broad scoping is disabled.

      Broad scoping is useful for penetration testers who want to expand the scope of their collection to find more Entities to test. However, this may result in false positives. When broad scoping is enabled, ASM changes its default behavior and scopes DNS Entities where scoping logic indicates potential ownership.

    • Cookies (string, name=value format): Enter one or more cookies to make a HTTP request. Individual cookies are concatenated and sent as one combined string.

      For example: x-cdn=akamai; SimpleSAMLSessionID=12312;

    • Ports: Limited to 100 TCP ports. You can add/delete multiple ports based on your requirements.

    • Headers: Limited to 100 Headers. Headers are case sensitive.

      ℹ️

      • Scanning time increases as more Cookies, Ports, or Headers are added.
      • If you add an entry that exists, you receive a "Validation failed" error.
  • Seed Entities: See Understanding Attack Surface Management Seeds to learn more about Seeds in ASM. Seeds can be uploaded from a CSV file.

  • Seed Keywords: These are UniqueKeyword Seed Types.

  • Integrations

    ℹ️

    You must be the Collection owner to view and modify Integrations.

    You can connect an available integration by clicking Connect Integration and selecting Link associated with that integration. See Integrations for more details on how to add a new integration to a Collection.

  • Out of Scope: Choose an Entity to set out of scope.

    ℹ️

    By default, these changes are effective at the next Collection scan. For immediate refresh, click Scan Collection.

Notifications

ℹ️

You must be the Collection owner to view and modify Notifications.

You can enable email notifications as well as webhooks. Both Slack and Microsoft Teams webhooks are supported. For more information, see Notifications.

Notifications options for a Collection including email and webhook options.

History

You can view scan history information including:

  • Engine

  • Status

  • #Entities: Number of Entities discovered.

  • Created By: Who initiated the scan.

  • Started At: When the scan started.

  • Finished At: When the scan finished. 

  • Duration

    Scan History for a Collection showing a table of relevant data.

ℹ️

Freemium organizations and organizations with trial entitlements may be linked to Read Only Collections that have historic data from the ASM catalogue. This can cause First seen dates for Issues to be well before a collection was established.

💡

Read Only Collections can be archived to prevent historic Issues from appearing in current scans.

Groups & Members

ℹ️

You must be the Collection owner to view and modify Groups & Members.

See Assign Roles Within a Collection for more information about how to add an individual member or a group to a Collection.

Archive a Collection

  1. In ASM, from the Collections menu, select Settings.
  2. Click associated with the Collection that you want to archive and select Archive.

Delete a Collection

ℹ️

A Collection must be archived before it can be deleted.

  1. In ASM, from the Collections menu, select Settings.
  2. Click the Archived tab.
  3. Click associated with the Collection that you want to delete and select Delete.