Get started with ShadowTrackr in five steps. This guide walks you through adding your first assets, discovering your external attack surface, reviewing suggestions, scheduling reports, and setting up alerts.
Looking for more? Check the
FAQ, browse the
blog, or
contact us — we're happy to help.
When you first log in to ShadowTrackr, your dashboard will be empty. Head over to
Assets to add your first data.
Paste your domains, URLs, and IP addresses into the assets field — one per line, comma-separated, or semicolon-separated. You can mix different asset types freely; ShadowTrackr will sort them out automatically. If your organization owns its own subnets, you can add those too.
Every entry is validated before it is added. Malformed data is removed, and unroutable or internal IP addresses are filtered out so they don't count toward your assets or clutter your reports.
Tip: Power users can expand the advanced options when adding assets to control follow-up actions during the discovery process.
Within minutes, data starts appearing. ShadowTrackr's scanner nodes begin finding your hosts, websites, certificates, DNS records, domain data, exposed email addresses, suppliers, vulnerabilities, and phishing variants of your domains. Watch it happen in real time on the events timeline.
Discovery speed depends on the size of your organization and current scanner load. In most cases you will have a solid picture within an hour. Discovery never truly stops — every asset is rechecked periodically (most checks run daily), and new assets surface over time. If you have made a change and want it scanned immediately, use the manual scan option in the GUI.
Assets that are clearly related to your organization are added automatically. Cloud-hosted assets (websites with frequently changing IP addresses) are added and scanned, but the underlying IP addresses are not. These hosts are tagged as cloud, with the provider name shown. You can see the IP addresses and add them manually if needed.
When our scanners cannot determine with certainty whether an asset belongs to you — for example, a neighbouring website on shared hosting — they create a suggestion instead. Check your
Suggestions regularly and accept or reject them, especially right after your initial discovery.
By default, every registered user receives a weekly PDF report by email highlighting the most pressing issues that need attention. A set of popular reports is activated automatically when your account is created. You can schedule them to be sent to any email address you like.
Explore the
Report Library for additional templates, or build
custom reports using the
query language. The syntax is similar to Splunk, which is already familiar to most SOC analysts who process internal network logs. You can also load ShadowTrackr data directly into Splunk, Sentinel, Elastic Search or any other SIEM.
Use the
query language to create alerts for specific events. When an alert fires, the query results are sent to the configured email recipients as an Excel, CSV, PDF, or JSON attachment.
Browse the
Alert Library for commonly used alert templates to get started quickly.
Once the basics are in place, take your monitoring further by integrating ShadowTrackr with your existing tools.
API — Use the
ShadowTrackr API to extract all data and manage assets programmatically.
Multi-tenant support lets MSSPs automate and scale across organizations.
Data enrichment — Connect
Shadowserver, Shodan, and Censys to enrich your ShadowTrackr data. These integrations are optional, but they bring all your intelligence into one place.
OpenCTI — The
OpenCTI connector lets you feed ShadowTrackr data into OpenCTI to reduce false positives in your threat intelligence workflow.
