What are Seeds?
Seeds are entities that Mandiant Advantage Attack Surface Management (MA-ASM) uses to start a data collection run. MA-ASM takes each Seed as a starting point and recursively analyzes all other Entities that are related to that Seed, adding each Entity that is encountered to the Collection.
When adding a Seed to a Collection, both the value and the type must be provided. MA-ASM uses this pairing to determine how to analyze this Seed and enumerate Entities from it. For example, if you add the domain mandiant.com as a Seed, then select Domain as the Seed type. If you want to refer to a website, you must provide the full URL of http://www.mandiant.com (including the prefix http://) and select the Seed type Uri.
For more specific information about the Seeds available in MA-ASM, see Seed Examples.
The best Seeds for starting a new Collection
Domains and netblocks are the best types of Seeds to start with. This is because many child Entities can be discovered through enumeration. If resources and time allow, adding all known entities that belong to your organization is even better.
The more known entities that are provided to start, the better the scoping works. MA-ASM assigns a confidence rating to each Entity that is found, and automatically determines whether it is in scope or out of scope. By having more defined data points (in this case, Seeds that are in scope) the accuracy of the system goes up.
scoped:false). When using keyword Seeds, you need to review Entities to identify those of interest. To bring an Entity into scope (scoped:true), you must add the Entity to a Collection with the appropriate Seed type: Domain or IP address.For more information about Seeds, see Collections Tips and Tricks.
Seed Examples
The following tables list the name, the description, and a sample value for each Seed type in MA-ASM. All sample entries are in the format that you'd enter them, unless you see or, which means there are two samples provided.
Active Seeds
| Seed Type | Description | Sample Values |
|---|---|---|
| DnsRecord | DNS record | est.acme.com |
| Domain | Top-Level Domain (TLD) | acme.com |
| GithubAccount | Account in GitHub | https://github.com/acme |
| GithubRepository | Repository in GitHub | https://github.com/acme/acme-core |
| IpAddress | IP address, either IPv4 or IPv6 | 1.1.1.1 or 3FFE:FFFF:7654:FEDA:1245:BA98:3210:4562 |
| Nameserver | Domain Name Server (DNS), either fully-qualified domain name (FQDN) or IP address | ns1.acme.com or 2.2.2.2 |
| NetBlock | A block of IP addresses (IPv4) in CIDR notation | 1.1.1.1/24 |
| UniqueKeyword | Globally unique keyword that can be reliably searched for | Acme |
| Uri | Link to a website or a webpage | https://acme.com |
Legacy Seeds
These seeds have been deprecated, but may still be seen in MA-ASM as part of Legacy Collections.
| Seed Type | Description | Sample Values |
|---|---|---|
| ApiEndpoint | HTTP-based API endpoint | https://app.acme.com/api |
| AutonomousSystem | An autonomous system number (AsNumber) | AS1234 |
| AwsS3Bucket | AWS S3 bucket | publicfiles-acme |
| EmailAddress | Email address | no-reply@acme.com |
| UniqueToken | API key or analytics ID | UA-34505845 |