Seeds

Overview

The Seeds page is where you define the scope of your attack surface. In the Praetorian Guard Platform (PGP), a seed is a persistent digital asset owned by your organization. Seeds serve as the foundation for asset discovery and management within the platform. This section will help you understand what seeds are, why they matter, and how they work within PGP.

Valid Seed Types

Guard supports three categories of seeds you can add, plus a fourth auto-discovered type:

Network Assets - Network Assets cover the broadest scope. Enter domain names and Guard will enumerate subdomains, resolve DNS records, and map out everything beneath them. Enter IP addresses or CIDR ranges and Guard will scan for open ports and running services across the entire range.

Web Applications - Web Applications target specific web-facing applications for deeper security testing, including crawling, authentication testing, and web vulnerability scanning. This seed type may require an upgraded subscription tier.

Web Services - Web Services target API endpoints for service-level security testing.

Preseeds - Preseeds are not added manually — they are security attributes Guard discovers during reconnaissance (such as TLS certificates, favicons, WHOIS registration patterns, and EDGAR company filings) that may indicate additional assets belonging to your organization. You review and approve or reject them to expand your scope.

When selecting seeds, focus on stable resources. For example, avoid ephemeral IP addresses managed by cloud services. Instead, use the associated domain name as a seed.

The Main Seeds Page

The seeds page is organized around four tabs along the top: Domain, IP, Web Application, and Preseed. Each tab shows only seeds of that type, keeping your view focused.

Table Columns: Each tab displays a table with columns relevant to that seed type:

Seed Statuses: Each seed has a status indicating its current lifecycle state:

• Approved — Actively being scanned and monitored

• Pending — Awaiting review and approval before scanning begins

• Active Passive — Approved for passive monitoring only

• Frozen — Temporarily paused from scanning

• Rejected — Declined and excluded from scanning

• Deleted — Removed from the platform

Filters: A filters sidebar lets you narrow results by status, origin, tags, and type-specific fields like registrant (domains), country (IPs), or registrar.

Bulk Actions: Select one or more seeds to access bulk actions — approve, reject, delete, freeze, scan, tag, add a note, or share. Preseed seeds only support approve and reject actions.

Adding Seeds

To add seeds, click the Add Seeds button at the top of the page. A two-step wizard guides you through the process:

Step 1 — Select Seed Type: Choose between Network Assets, Web Applications, or Web Services.

Step 2 — Enter Your Seeds: Paste seed values directly into the text area — one per line. You can enter multiple seeds at once. For bulk imports, click the Import button to upload an XLSX, CSV, or TXT file containing your seeds.

Guard validates your input on submission. If any entries are malformed, you will see error messages indicating which values failed and why.

Individual Seed Information

Clicking any seed row opens a detail drawer on the right side of the page. The drawer header shows the seed's identifier and current status. Below the header, a set of tabs provides deeper information. The available tabs depend on the seed type:

Domain Seeds have four tabs:

• Domain Details — WHOIS registration data including registrant, registrar, and contact email, plus information about how the seed was originally discovered (its origin source)

• Domain History — A timeline of historical WHOIS record changes, showing how registration data has evolved over time

• History — The seed's lifecycle timeline showing when it was added, who added it, and every status change (approved, frozen, rejected, etc.) with timestamps

IP Seeds have three tabs:

• IP Address Details — Geolocation data, ASN (Autonomous System Number) information, and registrant details, plus origin/discovery information

• History — The seed's lifecycle timeline showing creation and all status transitions

• Notes — User-added notes and comments

Web Application Seeds have four tabs:

• Authentication — Configured authentication methods and credentials for the web application, allowing Guard to test authenticated areas

• Sitemap — Discovered URL structure and endpoints found during crawling, showing the pages and paths Guard has mapped

• History — The seed's lifecycle timeline

• Notes — User-added notes and comments

Preseed Seeds have three tabs:

• Details — The preseed type (TLS certificate, favicon, WHOIS pattern, etc.), the matching pattern, its value, and how many existing assets match it

• History — Lifecycle events including creation and approval/rejection status changes

• Notes — User-added notes and comments

The drawer also provides action buttons to approve, reject, delete, freeze, scan, tag, or add notes to the selected seed directly from the detail view.

This detailed view ensures you have comprehensive information about each seed in your inventory, helping maintain accurate records and facilitate collaboration across your security team.

Best Practices

Maintaining your seeds requires regular attention to detail. Review pending seeds discovered by PGP regularly, and whenever possible, use domains rather than IP addresses. Always verify ownership before approving discovered seeds, and consistently maintain currency of your approved seeds.

You can now review the remaining documentation to take full advantage of the PGP platform.