So you've just signed up for the Intruder service, but what next? This guide is designed to help you get the most out our platform, and avoid any unexpected issues. So let's get going.
In case you're not familiar with what we do already, our service revolves around three key principles:
Simple: We want everything to be as simple as possible, we reduce noise and provide explanations of why the problems we identify could lead to a breach.
Proactive: When new vulnerabilities are discovered we will run proactive emerging threat scans on your systems, looking for those new weaknesses. Where you are affected we will notify you by email and Slack (Pro/Vanguard plans only).
Perimeter-specific: We've designed our platform to highlight issues that are only important in the context of being exposed to the internet. This includes things like databases, but there are also hundreds of other examples.
Add your targets 🎯
Manually add targets
Assuming you've already managed to log in, the first thing you'll want to do is tell us where your systems are. Simply head to the targets page and add your external systems, either by entering the IP addresses/hostnames, or by uploading a CSV (comma-separated values) file; and add your internal systems by installing an agent onto each machine you wish to scan.
Add from cloud providers
Connect your AWS, Google Cloud or Microsoft Azure accounts to synchronise your external IP addresses and DNS hostnames with the Intruder portal. We monitor your cloud accounts and notify you whenever a cloud IP address or DNS hostname is released, to ensure you never scan any systems that you no longer own. You can also activate CloudBot to automatically add any new external IP addresses or hostnames in your cloud accounts as Intruder targets.
Add authentication 🔑
If you want to scan behind the login page, you'll need to add authentication to the target. Instructions on how to do that can be found in the Authentication User Guide.
Manage your targets 🔎
You can keep your targets organised by adding tags.
Scans can take anything from 15 minutes to a few hours, but if they're running any longer, you might want to check out this help article.
Cancel a scan
You can cancel a scan at any time from the dashboard.
Running new scans on demand
You can also start a new scan whenever you want, by using the scan now feature.
What happens when scans finish
When any of your scans finish, you'll receive a notification, and can log in to view the results and download a report.
Monthly scheduled scans
We run monthly scheduled scans for all Intruder customers looking for the types of weaknesses that hackers could exploit. Your first scan is usually the day after you begin your subscription, and starts at midnight (in your local timezone). You can edit your monthly scheduled scan day and time to whatever suits you best or, if you're on our Pro plan, create multiple scheduled scans to run against whatever tag(s) or target(s) you like.
See all checks performed
Once your first scan has been completed, you can access and search the full list of external checks we perform by clicking on the checks section of your dashboard.
The Intruder portal 👾
Slack and Jira integrations
When scanning your systems using automated vulnerability scanners, these scanning engines will sometimes identify issues that are false positives. Similarly, your business might be fine with accepting the risk on an issue, or not see it as a problem because you have added mitigating controls. You can remove such issues from your reports, by snoozing them.
Other FAQs 🧐
How to contact us 👋
We're always available in the chat bubble in the corner 👉 and we love feedback, so if you've got any questions or ideas on how we could improve, please do get in touch!