So you've just signed up for the Intruder service, but what next? This guide is designed to help you get the most out our platform, and avoid any unexpected issues. So let's get going.
In case you're not familiar with what we do already, our service revolves around three key principles:
Simple: We want everything to be as simple as possible, we reduce noise and provide explanations of why the problems we identify could lead to a breach.
Proactive: When new vulnerabilities are discovered we will run proactive emerging threat scans on your systems, looking for those new weaknesses. Where you are affected we will notify you by email and Slack (Pro/Premium/Vanguard plans only).
Perimeter-specific: We've designed our platform to highlight issues that are only important in the context of being exposed to the internet. This includes things like databases, but there are also hundreds of other examples.
Add your targets ๐ฏ
Manually add targets
Assuming you've already managed to log in, the first thing you'll want to do is tell us where your systems are. Simply head to the targets page and add your external systems, either by entering the IP addresses/hostnames, or by uploading a CSV (comma-separated values) file; and add your internal systems by installing an agent onto each machine you wish to scan. You can kick off a scan direct from this screen, if you like?
You can also add API schemas and authentication to web applications that you wish to scan. Once you have added your web application as an external target, you can go to the Target Detail page for this target from the Targets tab.
From here, you can click on the Authentications tab and add your credentials to run authenticated scans against this target. You can also click on the APIs tab and add your API Schema to your target to scan this and also improve your scanning results.
Add from cloud providers
Connect your AWS, Google Cloud or Microsoft Azure accounts to synchronise your external IP addresses and DNS hostnames with the Intruder portal. We monitor your cloud accounts and notify you whenever a cloud IP address or DNS hostname is released, to ensure you never scan any systems that you no longer own. You can also activate CloudBot to automatically add any new external IP addresses or hostnames in your cloud accounts as Intruder targets.
Add authentication ๐
If you want to scan behind the login page, you'll need to add authentication to the target. Instructions on how to do that can be found in the Authentication User Guide.
Manage your targets ๐
You can keep your targets organised by adding tags.
Assessments ๐ต๏ธโโ๏ธ
Scan timings
Scans can take anything from 15 minutes to a few hours to a day or so for web app scans, but if they're running any longer, you might want to check out this help article.
Cancel a scan
You can cancel a scan at any time from the dashboard.
Running new scans on demand
You can also start a new scan whenever you want, by using the scan now feature.
What happens when scans finish
When any of your scans finish, you'll receive a notification, and can log in to view the results and download a report.
Monthly scheduled scans
We run monthly scheduled scans for all Intruder customers looking for the types of weaknesses that hackers could exploit. Your first scan is usually the day after you begin your subscription, and starts at midnight (in your local timezone). You can edit your monthly scheduled scan day and time to whatever suits you best or, if you're on our Pro, Premium or Vanguard plan, create multiple scheduled scans to run against whatever tag(s) or target(s) you like.
See all checks performed
Once your first scan has been completed, you can access and search the full list of external checks we perform by clicking on the checks section of your dashboard.
The Intruder portal ๐พ
Slack and Jira integrationsย
Notify your team about security issues in Slack and push discovered vulnerabilities to Jira for remediation.
Snoozing issuesย
When scanning your systems using automated vulnerability scanners, these scanning engines will sometimes identify issues that are false positives. Similarly, your business might be fine with accepting the risk on an issue, or not see it as a problem because you have added mitigating controls. You can remove such issues from your reports, by snoozing them.ย
Other FAQs ๐ง
Check out our help pages on what our scans test you for, what scanning engine we use, how to add additional users and how the licensing works.
How to contact us ๐
Our team are available Monday thru Friday, 9:30am - 5:30pm GMT via the chat bubble in the corner ๐ and we love feedback, so if you've got any questions or ideas on how we could improve, please do get in touch!