Overview

In Chariot, a seed is a persistent digital asset owned by your organization. Seeds serve as the foundation for asset discovery and management within the platform. This section will help you understand what seeds are, why they matter, and how they work within Chariot.

Valid Seed Types

You can add the following types of seeds:
- Top-level domains
- Fully qualified domain names (FQDNs)
- CIDR ranges
- IP addresses
- GitHub organizations
- GitHub repositories

Note: When selecting seeds, focus on stable resources. For example, avoid ephemeral IP addresses managed by cloud services. Instead, use the associated domain name as a seed.

Seeds Management Interface

Main Table Columns

- Domain/FQDN: The domain name or fully qualified domain name of the seed
- Status: Current state of the seed (pending, approved, frozen, or deleted)
- Registrant Organization: Organization that registered the domain
- Registrant Email: Email address of the domain registrant
- Register: Registrant organization field from WHOIS data
- Added By: User or Chariot capability that added the seed

Adding Seeds

You can add seeds to Chariot either individually or in bulk.

Manual Addition

1. Click the "Add Seed" button in the top right corner
2. A popup window will appear
3. Enter your seed information
4. Choose the appropriate seed type

Bulk Upload

1. Click the "Add Seed" button
2. Select the file upload option
3. Upload a file containing a newline-separated list of seeds

Note: Seeds you manually add are automatically approved. However, seeds discovered by Chariot require approval to verify organizational ownership.

Filtering and Search

Available Filters

- Status: Filter by seed status (pending, approved, frozen, deleted)
- Registrant Organization: Filter by the organization that registered the domain
- Registrant Email: Filter by the registrant's email address
- Register: Filter by the WHOIS registrant organization
- Added By: Filter by the user or capability that added the seed

A search bar is available for quick lookups across all fields.

Individual Seed Information

When you select a seed from the main table, Chariot displays detailed information about that specific asset. This view helps you understand the seed's history, current status, and relationship to your organization.

Overview Panel

At the top of the individual seed view, you'll find key information about the selected seed:

  • The seed's name and type
  • Additional Chariot capabilities used to discovered or confirm this seed
  • First detection 
  • Most recent detection 

Detailed Information Tabs

Domain Details

The Domain Details tab presents comprehensive WHOIS information about the domain, including registrar details, registration dates, and current domain status flags. This information helps verify ownership and maintain accurate records of your digital assets.

Domain History

In the Domain History tab, you can track how the domain's information has changed over time. This includes changes to registrant information, nameservers, and status flags. The historical data helps identify ownership transfers, configuration changes, and potential security concerns.

Chariot History

The History tab maintains a chronological record of all interactions with the seed within Chariot:

  • Initial addition date and source
  • Status changes (e.g., from pending to approved)
  • User actions and modifications
  • Time and user identification for each change

This audit trail provides accountability and helps track the seed's lifecycle in your organization.

Notes

The Notes tab allows team members to add and view annotations about the seed. You can use this feature to:

  • Document ownership verification steps
  • Record relevant security findings
  • Share important context with team members
  • Track investigation results
  • Document reasons for status changes

All notes include time and user attribution to maintain a clear record of communications about the seed.

This detailed view ensures you have comprehensive information about each seed in your inventory, helping maintain accurate records and facilitate collaboration across your security team.

Best Practices

Maintaining your seeds requires regular attention to detail. Review pending seeds discovered by Chariot regularly, and whenever possible, use domains rather than IP addresses. Always verify ownership before approving discovered seeds, and consistently maintain currency of your approved seeds.