Configuration
This page covers the technical configuration needed to ensure Surface Monitoring can reach your assets and integrate with your existing tools and workflows.
Scanner IP Addresses
Surface Monitoring scans originate from specific IP addresses. If your infrastructure uses firewalls, WAFs, or IP-based access controls, you must allowlist these addresses to ensure accurate scanning results.
EU Scanner IPs
| IP Address |
|---|
| 52.17.98.131 |
Contact Detectify support for the complete and current list of scanner IPs, as addresses may be added over time.
User Agent
Surface Monitoring identifies itself with the following user agent string when making HTTP requests:
Mozilla/5.0 (compatible; Detectify)You can use this user agent string to identify Surface Monitoring traffic in your web server logs, WAF rules, and analytics filters.
WAF and Firewall Allowlisting
To ensure accurate scan results, configure your WAF and firewall to allow traffic from Detectify’s scanner IPs. Blocked requests lead to incomplete assessments and may cause false negatives (missed vulnerabilities).
Recommended Configuration
- Allowlist scanner IPs: Add the scanner IP addresses listed above to your WAF and firewall allowlists
- Bypass rate limiting: Ensure Detectify traffic is not subject to rate limiting rules that could throttle or block scan requests
- Disable bot detection: If your WAF has bot detection features, add an exception for the Detectify user agent or scanner IPs
- Verify access: After configuration, check the findings view for your assets. If findings show connection errors or blocked requests, review your allowlisting rules
Provider-Specific Guides
- AWS WAF: Create an IP set with Detectify scanner IPs and add a rule to allow traffic from that IP set
- Cloudflare: Add scanner IPs to your IP Access Rules with an “Allow” action, or create a WAF custom rule
- Azure Front Door / Application Gateway: Add scanner IPs to your WAF policy’s exclusion list
Integrations
Surface Monitoring integrates with your existing tools for alerting, ticketing, and workflow automation.
Notification Integrations
| Integration | Description |
|---|---|
| Slack | Send findings and policy alerts to Slack channels |
| Microsoft Teams | Send findings and policy alerts to Teams channels |
| OpsGenie | Create alerts in OpsGenie for critical findings |
| PagerDuty | Trigger incidents in PagerDuty for high-severity findings |
Ticketing and Workflow
| Integration | Description |
|---|---|
| Jira | Automatically create Jira issues for new findings |
| ServiceNow | Create incidents or change requests in ServiceNow |
| Splunk | Forward findings data to Splunk for SIEM correlation |
| Webhooks | Send finding data to any HTTP endpoint |
| Workato | Connect to Workato for custom workflow automation |
Setting Up Integrations
- Navigate to Settings > Integrations
- Select the integration you want to configure
- Follow the provider-specific setup instructions
- Test the connection to verify it is working
- Configure which events trigger notifications (new findings, policy alerts, status changes)
API Access
The Detectify API (v3) provides programmatic access to Surface Monitoring data, including assets, findings, and policies. Use the API to build custom integrations, export data to other systems, or automate workflows.
Authentication
API requests are authenticated using API tokens. Generate a token from Settings > API in your Detectify dashboard.
Common API Operations
- List discovered assets and their properties
- Retrieve findings with filtering by severity, status, and asset
- Export asset and finding data for reporting
- Manage policies programmatically
Refer to the Detectify API documentation for complete endpoint reference and code examples.
Next Steps
- Troubleshooting — Resolve common configuration issues
- Results — Review findings after configuration
- Policies — Set up automated alerting rules