If you’re seeing traffic on your server or unexpected requests coming to your website, infra or SaaS application and suspect that it might be from a Pentest or a DAST scanner, Astra provides an easy way to verify this. Follow these steps to determine if the traffic is coming from Astra's scanner.
Log in to your Astra platform using your credentials. Once you’re in the dashboard, proceed with the steps below:
Go to the Continuous Scan tab in your Astra platform. Look for any ongoing vulnerability scan. If a scan is in progress, there's a chance the traffic you're seeing is being generated by Astra's scanner.
Similarly, check if there’s any Pentest in progress, as pentest can also generate traffic that might appear suspicious.
If you want to be double sure, you can check if the incoming traffic matches Astra’s IP ranges. Astra provides a list of IP ranges used by its scanners.
Search your server's access logs for any IP addresses that match Astra's IP ranges.
If you see requests from these IPs, it confirms that the traffic is coming from Astra, not malicious actors.
If you'd like to distinguish Astra's traffic more clearly in the future, you can configure custom HTTP headers for requests made by Astra’s DAST scanner. This option is not available for pentest, but for DAST scans, you can easily add headers to identify the requests.
Click on the target to go to the Settings page.
Navigate to Advanced Settings.
Add the custom Header Name and Header Value you want Astra’s scanner requests to have.