Quick Start Guide

This quick-start guide will walk you through setting up NordStellar in minutes. Follow these simple steps to quickly uncover and prioritize your biggest external threats.

Step 1: Add Your Domain(s)

Your first and most crucial step is to add your company's domain(s) to initiate continuous leaked data and attack surface monitoring.

1. Go to Assets > Add Asset > Domain.
2. Enter your company's domain(s) (e.g., example.com). If adding multiple, click Add next after each entry, then click Add asset when finished.

• Optional: You can add additional IP addresses for Attack Surface Management and emails or phone numbers for targeted dark web protection (e.g., of executives).

Step 2: Add Custom Keywords for Monitoring

Go beyond your default domain coverage. Use custom Dark Web Monitoring (DWM) rules to track high-risk third parties and key personnel.

1. Create Filter: Go to Dark Web Search, enter your desired keyword (e.g., a vendor name) or an advanced Lucene query, and click Save filter.
2. Activate Rule: Go to Assets > Add Asset > DWM rule.
3. Give the rule a clear name and select the Filter you just created.

We recommend monitoring:

• Supply Chain/Vendors: Track partners whose breaches could directly affect your organization.
• Executives: Monitor the full names of VIPs to identify potential targeted attacks on ransomware forums.
• Other Key Terms: Any specific project names, code words, or critical assets important to your organization’s security.

Step 3: Run External Attack Surface Scans

Discover your external attack surface assets, such as web applications and network services, and their vulnerabilities.

1. Go to the Scans tab.
2. Click on one of the three default scan profiles, and then click the Run scan button in the upper-right corner.
3. A confirmation box will appear. Repeat this process for the other two scan profiles to ensure full initial coverage.

Step 4: Review and Resolve Recent Events

Understand your existing exposure and prioritize remediation of high-risk vulnerabilities.

1. Navigate to the Events tab.
2. Focus on the biggest threats first: Click on the Risk Level column to sort and bring Critical events to the top.
3. Set a Date Filter: We recommend setting the filter range to the past 6–12 months to understand your recent exposure.
4. Click Resolve on any past events already handled to keep your dashboard clean and actionable.

Step 5: Set up Real-Time Threat Alerts

Transition from manual checks to real-time notifications. Receive instant alerts the moment a critical threat or leaked data related to your assets is discovered.

1. Go to Settings > Emails for email alerts, or Settings > Webhooks for Slack, Microsoft Teams, or custom alerts.
2. Enter the necessary information.

Optional: Advanced Optimization and Team Setup

Once the core monitoring features are active, use these final steps to organize the platform, clean up data, and onboard your team.

Step 6: Connect Your Identity Provider (IdP)

IdP integration ensures that the platform only alerts about compromises of current email addresses, ignoring former employees.

1. Go to Settings > Integrations.
2. Select your provider (Microsoft Azure Entra ID, Google Workspace, or Okta) and enter the connection details.

Step 7: Create Separate Monitoring Spaces (Projects)

This is useful for tracking different organizations, sub-organizations, or security domains.

1. Go to Settings > Your Organization.
2. Click Add Project to create separate monitoring spaces.

Step 8: Add Additional Users

Delegate tasks and foster collaborative risk management by quickly adding your team members.

1. Go to Settings > Your Organization > Users.
2. Click Invite new user and enter their details.
3. Grant Access: Go to Projects, select the relevant project, and click Add to Project and assign a role (Regular or View-Only) to the new user.