Getting Started

New to the Intruder platform? This guide will help you get going and answer some frequently asked questions

Chris Wallis avatar
Written by Chris Wallis
Updated over a week ago

So you've just signed up for the Intruder service, but what next? This guide is designed to help you get the most out of our platform, and avoid any unexpected issues. So let's get going.

In case you're not familiar with what we do already, our service revolves around three key principles:

  • Simple: We want everything to be as simple as possible, we reduce noise and provide explanations of why the problems we identify could lead to a breach.

  • Proactive: When new vulnerabilities are discovered we will run proactive emerging threat scans on your systems, looking for those new weaknesses. Where you are affected we will notify you by email and Slack (Pro/Premium/Vanguard plans only).

  • Perimeter-specific: We've designed our platform to highlight issues that are only important in the context of being exposed to the internet. This includes things like databases, but there are also hundreds of other examples.

Add your targets ๐ŸŽฏ

Manually add targets

After logging in, the first thing you'll want to do is tell us where your systems are. Simply head to the targets page, click the Add Targets button and add the assets you wish to scan. You can choose from:

  • External infrastructure - add each IP/domain name or upload a CSV (comma-separated values) file listing all of your external assets:
    โ€‹

  • External web applications - by selecting the appropriate option and entering the details below:
    โ€‹

You can also control which targets you wish for licences to be assigned to by taking a look at our Managing Your Licences article.

Add from cloud providers

  • Connect your AWS, Microsoft Azure or Google Cloud accounts to synchronise your external IP addresses and DNS hostnames with the Intruder portal.
    โ€‹

  • We monitor your cloud accounts, add your scannable new cloud assets and notify you whenever a cloud IP address or DNS hostname is no longer present, to ensure you never scan any systems that you no longer own.
    โ€‹

  • You can also activate CloudBot to automatically add any new external IP addresses or hostnames in your cloud accounts as Intruder targets.

Add authentication ๐Ÿ”‘

You can also add API schemas and authentication to web applications that you wish to scan. For example, if you want to scan behind the login page, you'll need to add authentication to the target. Instructions on how to do that can be found in the Authentication User Guide.

Whilst adding targets of the External web application type, you can add an authentication method or an API Schema.

You can also add authentication to a pre-existing target - from the Targets page, click on the desired Target to view its detail page.

From here, you can click on the Authentications tab and add your credentials to run authenticated scans against this target. You can also click on the APIs tab and add your API Schema to improve your scanning results.

Manage your targets ๐Ÿ”Ž

You can keep your targets organised by adding tags and managing these tags from the tag management page.

Assessments ๐Ÿ•ต๏ธโ€โ™‚๏ธ

Scan timings and priority

Scans can take anything from 15 minutes to a few hours to a day or so for web app scans, but if they're running any longer, you might want to check out this help article.

You can also define the Scan Priority that you wish for all scans to use. This is configured on the scan settings page (accessible via Account > Settings > Scans) - you can read more about this here.

Specifying scan region

It is also possible to specify the IP Ranges from which you'd like a scan to run. You can do this from the scan settings tab - accessible via Account > Settings > Scans.

You can read more about our Scanner IPs here.

Cancel a scan

You can cancel a scan at any time from the Scans Page.

Running new scans on demand

You can also start a new scan whenever you want, by using the scan now feature.

Viewing completed scans

From the Scans Page, you can view all of the different types of scan that have been run on your account - One-off scans, Scheduled scans, New service scans (premium only), Cloudbot scans and Remediation scans

Monthly scheduled scans

We run monthly scheduled scans for all Intruder customers looking for the types of weaknesses that hackers could exploit. Your first scan is usually the day after you begin your subscription, and starts at midnight (in your local timezone).

You can edit your monthly scheduled scan day and time to whatever suits you best or, if you're on our Pro, Premium or Vanguard plan, create multiple scheduled scans to run against whatever tag(s) or target(s) you like.

Scheduled Scans can run Quarterly, Monthly, Weekly (or Daily on our Premium or Vanugard Plans). You can find more details on Scheduled Scans here.

Issues ๐Ÿšจ

See if we found any Issues

When any of your scans finish, you'll receive a notification and can log in to view the results and download a report. You can find a list of the issues we found on the Issues page and view more details by clicking on the Scanner Ouput button next to the occurrence

See all checks performed

Once your first scan has been completed, you can access and search the full list of external checks we perform by clicking on the checks section of your dashboard, or visiting https://portal.intruder.io/checks.
โ€‹

Snoozing your issues

When scanning your systems using automated vulnerability scanners, these scanning engines will sometimes identify issues that are false positives. Similarly, your business might be fine with accepting the risk of an issue, or not see it as a problem because you have added mitigating controls. You can snooze these issues, removing them from the current issues section in the portal and in your reports.

Reporting ๐Ÿ“–

Analytics tab

Once you have a few scans under your belt, you will be able to

Generating a PDF/CSV report

Once your first scan has been completed, you can access and search the full list of external checks we perform by clicking on the checks section of your dashboard, or visiting https://portal.intruder.io/checks.

Integrating with your platforms ๐Ÿ”—

Cloud Integrations โ˜๏ธ

The Intruder platform integrates with the most commonly used Cloud Platforms platforms including AWS, GCP and Azure. As mentioned above, this allows the syncing of assets from your AWS accounts (or AWS organisation on our Premium plan), GCP accounts and Azure accounts.

Issue Tracking Integrations ๐Ÿ“ˆ

We also provide integrations with several Issue Tracking tools including Azure DevOps, GitHub, GitLab, Jira and ServiceNow. Integrating with these platforms will allow you to send your issues directly to these platforms to allow you to seamlessly create issues on these platforms from Intruder, either automatically or manually.

Compliance Integrations ๐Ÿ‘ฎโ€โ™‚๏ธ

To make the compliance process as easy as possible, we integrate with two common compliance platforms - Drata and Vanta. You can then send scan evidence straight across to these platforms either automatically or manually from the Scans page.

You can read more about these integrations here:

You can read more about the variety of platforms with which we integrate here.

Other FAQs ๐Ÿง

How to contact us ๐Ÿ‘‹

Our team are available Monday through Friday, 9:30 am - 5:30 pm GMT via the chat bubble in the corner ๐Ÿ‘‰ and we love feedback, so if you've got any questions or ideas on how we could improve, please do get in touch!

Did this answer your question?