Detectify surface monitoring tool

The Government Digital Service (GDS) uses Detectify to monitor for dangling resources and lame delegations for all .gov.uk domains and sub domains.

Detectify is a commercial tool that exposes how attackers could exploit an organisation’s internet-facing applications.

What we monitor

As well as monitoring .gov.uk domains and their subdomains, we can add .org, .com, or other domains if you have these. We will always prioritise .gov.uk domains if we run out of room.

We operate two configurations in Detectify, one for basic monitoring and one for extended monitoring.

Detectify operates basic monitoring on these domains every 8 hours:

gov.uk
gov.wales
llyw.cymru
nhs.uk
nhs.net
nhs.wales
nhs.scot

Detectify operates extended monitoring on a large number of public sector domains where authorisation has been provided by the domain holder.

Monitoring and frequency

Monitoring runs daily every 8 hours and only takes a few seconds.

Where Detectify stores data

Detectify runs in AWS in the Republic of Ireland. For more information visit their Trust Center.

How Detectify works

All Detectify traffic originates from scanner.detectify.com with dedicated IP addresses 52.17.9.21 and 52.17.98.131.

The monitoring can result in a high number of connection requests but this should have no impact on a domain or its services. You can ask us to turn it on and off for a short period to enable testing, but we cannot do this on a regular basis.

Detectify has more information on the details of ports and domains used.

You can read more about the types of monitoring involved on the Detectify website.

Contact

If you need more information email support@domains.gov.uk