Recon Detection
See who is probing or enumerating your external attack surface. Deterministic rules, explainable alerts, and evidence-ready output—enabled per tenant by admins.
The Recon Blind Spot
Attack surface tools often tell you what you have—but not who is actively looking at it. Reconnaissance precedes most breaches; visibility into probing and enumeration helps you prioritise and respond.
Probing Before Breach
Scanning and enumeration against your scope are leading indicators of interest. Without detection, you only notice after an incident.
Noise vs. Signal
Raw logs and generic alerts create fatigue. You need rule-based, explainable detections tied to your in-scope assets.
Audit and Evidence
Demonstrating that you monitored recon activity strengthens defensibility and incident narratives for legal and regulatory review.
How Recon Detection Works
Tenant-gated add-on with deterministic rules and explainable evidence. Admins enable it per tenant; analysts and clients get full visibility inside the platform.
Tenant-Level Control
Admins turn Recon Detection on or off per tenant in Control Panel → Tenant settings. Analysts and clients see the feature only when enabled for their tenant.
Deterministic Rules
Detection is driven by rule contracts and a clear DAG—no black-box scoring. You get consistent, auditable outcomes.
Explainable Evidence
Each detection includes rule explanation, recommended actions, and timestamped evidence for prioritisation and reporting.
Fits Your Workflow
Summary and alerts surface in the Intelligence Hub; full detections and evidence live on the dedicated Recon Detection page.
How It Fits the Platform
Recon Detection plugs into your existing scope and assurance workflow.
Admin Enables Add-on
In Control Panel, select the tenant and enable the Recon Detection add-on in Tenant settings. Save. The tenant’s plan must include recon entitlements.
Events Ingested
Recon events (e.g. from WAF/proxy logs, sensors, or API) are ingested per tenant. Data stays scoped to that tenant.
Rules & Detections
The rule engine produces detections and alerts. Each has a rule ID, severity, pattern summary, and evidence.
Visibility for Analysts & Clients
When the add-on is enabled, analysts and clients see the Recon Detection link, Hub card, summary, detections, and alerts—all in-app.
Who It’s For
Security and risk teams that want to know when their surface is under active reconnaissance
Security Operations
Prioritise hardening and response using recon activity alongside drift and exposure findings.
Multi-Tenant Orgs
Enable Recon per client or business unit. Admins control access; each tenant sees only their own data.
Compliance & Legal
Timestamped recon events and explainable evidence support incident review and audit narratives.
Frequently Asked Questions
Recon Detection add-on
Ready to See Who’s Probing Your Surface?
Get deterministic recon detection and explainable evidence—enabled per tenant, inside your existing EASM workflow.