Account Creation and Attack Surface Setup Account Creation and Attack Surface Setup

Account Creation and Attack Surface Setup

Welcome to Chariot!

This page offers step-by-step instructions to sign up and get started in Chariot.

Sign up

1. Navigate to https://chariot.praetorian.com/login
2. On your first visit, you'll see several options:
- Sign in with email/password
- Sign in with Single Sign-On (SSO)
- Sign in with Google
- Sign up (for new users)

Click Sign Up to create a free account. You'll be taken to the registration page, which displays "Sign Up for a Free Account" at the top.

Enter your email and create a password on the Sign Up page. You'll receive a verification code via email within a few minutes to confirm your address.

When you click Continue you will be prompted for the code that was sent to the email you used to Sign Up.

Your verification email will come from chariot-noreply@praetorian.com with the subject "Your verification code".

When you enter the code into the boxes provided, you will be authenticated into Chariot.

This marks the beginning of your Chariot journey!

Upon accessing Chariot for the first time, you will be presented with the Metrics dashboard:

Right now your Metrics dashboard is empty. As Chariot finds assets and vulnerabilities associated with your digital domain, this page will provide useful at-a-glance information.

Seeds

To start Chariot scans, navigate to the Seeds page by clicking Seeds on the navigation bar on the left side of the screen. 

In Chariot, a seed is a persistent digital asset owned by your organization. You can input top level domains, fully qualified domain names, CIDR ranges, IP addresses, GitHub organizations, or GitHub repositories. These should be stable resources. In other words, an ephemeral IP address managed by a cloud service would not be a good addition as a seed. The domain that IP is tied to, would be a good addition as a seed.

On the top right of the Seeds table, there is an Add Seed button. Click the Add Seed button.

A pop-up will appear. In this pop-up, you can add an individual seed, or add a file with a list of seeds.

You can input any of these as seeds:

- Top-level domains (e.g., example.com)
- Fully qualified domain names (e.g., subdomain.example.com)
- CIDR ranges (e.g., 192.168.1.0/24)
- IP addresses (e.g., 192.168.1.1)
- GitHub organizations (https://github.com/praetorian-inc)
- GitHub repositories (https://github.com/praetorian-inc/noseyparker)

Once you input a seed, another pop-up will ask which type of scanning you want Chariot to perform:

Choose one of two scanning options:
- Enumerate Assets Only: Identifies all digital assets associated with your seed 
- Discover Vulnerabilities: First identifies assets, then performs security scans on each one 

 

Assets

After you've added your root domain and other seeds, click Assets on the navigation bar on the left side of the screen.

The Assets page is where you can see your full attack surface in Chariot. 

You can click on any asset to see more information.

Each asset will have an Overview, Vulnerabilities (if any are found), Domain information, Technologies associated with the asset, Cloud information, and a section to add Notes.

Vulnerabilities

Navigate the to the Vulnerabilities page using the left navigation bar. 

Here, you will see a comprehensive list of all the vulnerabilities Chariot has found and the asset they were found on. 

Clicking on a risk in the table will pull up more detailed information about the risk.

Users

Chariot allows cross-account collaboration. By adding a collaborator, you are enabling another Chariot user access to your account. This is useful when setting up an organization account with employees as collaborators. For detailed instructions on collaborator management, see this documentation. When authorized users and collaborators are set, the Users page is where you can manage access.

Integrations

To get the most from Chariot, we recommend integrating with your existing service providers. Chariot offers integrations to applications that provide Breach and Attack Simulation, Cloud Security Posture Management, Cloud Service Providers, Content Delivery Solutions, Cyber Asset Attack Surface Management, Firewall, IT Service Management, Managed Detection and Response, Managed DNS, Passive DNS, Source Code Management, and Vulnerability Management services.

From the Integrations page, you can connect Chariot and your existing services. Documentation for each integration can be found in the Integrations section

Whether you add additional services or not, Chariot will find and add assets related to the seeds you provided. 

Settings 

The Settings page provides comprehensive control over your Chariot account configuration, notifications, security features, and appearance preferences.

On the Settings page, you can manage:

- Organization Details; View and edit your organization name and contact email.

- Notifications; Configure alerts through external integration channels. Set up Exposure Alerts to monitor externally exposed ports and services. Note that Notifications must be configured before adding Exposure Alerts.

- Single Sign-On; Enable and configure Single Sign-On (SSO) authentication for your organization's users.

- Webhook URL; Generate a unique URL to push assets and risks to Chariot.

- Whitelisting Details; Each scan includes your account-unique header that can be added to your security tools' allowlist to prevent scanning disruptions.

- Interface Theme; Customize your application appearance with system, dark, or light mode options.

Congratulations

You have successfully set up Chariot - congratulations! You can now review the remaining documentation to take full advantage of the Chariot platform.