Similar Domains and Reports

Curated lookalike monitoring and ways to communicate the current picture.

This page explains two important parts of Asset Intelligence: similar-domain monitoring and reports.

Similar-domain intelligence

Similar-domain intelligence helps surface lookalike and adjacent-domain activity around a monitored domain.

This is useful for phishing, impersonation, and brand-adjacent monitoring, especially when the question is not just whether a similar name exists but whether a newly observed candidate deserves review.

Why the view is curated

Not every vaguely similar domain is useful. A useful similar-domain view should help you focus on candidates that are relevant enough to support monitoring and decision-making while reducing low-signal noise.

In practice:

  • the Similar Domains view is intended to be curated intelligence, not an unfiltered list
  • similar-domain events explain when relevant candidates are newly observed
  • similar-domain activity is intentionally easier to review as curated discovery history rather than as a stream of low-value alerts

This makes Similar Domains a decision-support surface, not just a list of names that happen to resemble one another.

In the product, this kind of discovery can also be separated from the main operational timeline so teams can review it without crowding higher-signal asset, TLS, DNS, or page-change activity.

Reports

Reports package the current picture into an exportable form that can be shared with others when posture needs to be communicated outside the live product views.

A report is useful when you need to:

  • communicate the current state of an asset
  • summarize recent change for stakeholders
  • share posture context without walking through the live product
  • preserve a point-in-time picture for review
  • hand off the current picture to colleagues, leadership, or customers without walking them through the live UI

Depending on the asset, that shared picture can include not only core posture evidence such as ports, pages, DNS, and certificates, but also higher-level change context such as page-service changes and curated similar-domain activity.

When to use reports

Reports are most useful after the current asset picture has already been reviewed in the live views.

A good pattern is:

  1. start from the asset overview
  2. inspect relevant events and findings
  3. review supporting evidence in pages, DNS, certificates, or similar domains
  4. generate a report once the current picture is ready to be communicated