So you've just signed up for the Intruder service, but what next? This guide is designed to help you get the most out of our platform, and avoid any unexpected issues. So let's get going.
In case you're not familiar with what we do already, our service revolves around three key principles:
Simple: We want everything to be as simple as possible, we reduce noise and provide explanations of why the problems we identify could lead to a breach.
Proactive: When new vulnerabilities are discovered we will run proactive emerging threat scans on your systems, looking for those new weaknesses. Where you are affected we will notify you by email and Slack (Cloud/Pro/Enterprise/Vanguard plans only).
Perimeter-specific: We've designed our platform to highlight issues that are only important in the context of being exposed to the internet. This includes things like databases, but there are also hundreds of other examples.
Add your targets ๐ฏ
Manually add targets
After logging in, the first thing you'll want to do is tell us where your systems are. Simply head to the targets page, click the Add Targets button and add the assets you wish to scan. You can choose from:
External infrastructure- add each IP/domain name or upload a CSV (comma-separated values) file listing all of your external assets:
โ
โ
Internal targets- by installing an agent onto each machine you wish to scan.
โ
โ
External web applications- by selecting the appropriate option and entering the details below:
โ
You can also control which targets you wish for licences to be assigned to by taking a look at our Managing Your Licences article.
Add from cloud providers
Connect your AWS, Microsoft Azure or Google Cloud accounts to synchronise your external IP addresses and DNS hostnames with the Intruder portal.
โ
We monitor your cloud accounts, add your scannable new cloud assets and notify you whenever a cloud IP address or DNS hostname is no longer present, to ensure you never scan any systems that you no longer own.
โYou can also activate Cloud to automatically add any new external IP addresses or hostnames in your cloud accounts as Intruder targets.
Add authentication ๐
You can also add API schemas and authentication to web applications that you wish to scan. For example, if you want to scan behind the login page, you'll need to add authentication to the target. Instructions on how to do that can be found in the Authentication User Guide.
Whilst adding targets of the External web application type, you can add an authentication method or an API Schema.
You can also add authentication to a pre-existing target - from the Targets page, click on the desired Target to view its detail page.
From here, you can click on the Authentications tab and add your credentials to run authenticated scans against this target. You can also click on the APIs tab and add your API Schema to improve your scanning results.
Manage your targets ๐
You can keep your targets organised by adding tags and managing these tags from the tag management page.
Assessments ๐ต๏ธโโ๏ธ
Scan timings and priority
Scans can take anything from 15 minutes to a few hours to a day or so for web app scans, but if they're running any longer, you might want to check out this help article.
You can also define the Scan Priority that you wish for all scans to use. This is configured on the scan settings page (accessible via Account > Settings > Scans) - you can read more about this here.
Specifying scan region
It is also possible to specify the IP Ranges from which you'd like a scan to run. You can do this from the scan settings tab - accessible via Account > Settings > Scans.
You can read more about our Scanner IPs here.
Running new scans on demand
You can also start a new scan whenever you want, by using the Scan Now feature.
Viewing completed scans
From the Scans Page, you can view all of the different types of scan that have been run on your account - One-off scans, Scheduled scans, New service scans (Enterprise only), Cloud sync scans and Remediation scans:
โ
Monthly scheduled scans
We run monthly scheduled scans for all Intruder customers looking for the types of weaknesses that hackers could exploit. Your first scan is usually the day after you begin your subscription, and starts at midnight (in your local timezone).
You can edit your monthly scheduled scan day and time to whatever suits you best or, if you're on our Cloud, Pro, Enterprise or Vanguard plan, create multiple scheduled scans to run against whatever tag(s) or target(s) you like.
Scheduled Scans can run Quarterly, Monthly, Weekly (or Daily on our Enterprise or Vanugard Plans). You can find more details on Scheduled Scans here.
Issues ๐จ
See if we found any Issues
When any of your scans finish, you'll receive a notification and can log in to view the results and download a report. You can find a list of the issues we found on the Issues page. You can view more details by clicking on the issue or the occurrence, which will populate the section on the right with further information.
See all checks performed
Once your first scan has been completed, you can access and search the full list of external checks we perform by clicking on the checks section of your dashboard, or visiting https://portal.intruder.io/checks.
โ
Snoozing your issues
When scanning your systems using automated vulnerability scanners, these scanning engines will sometimes identify issues that are false positives. Similarly, your business might be fine with accepting the risk of an issue, or not see it as a problem because you have added mitigating controls. You can snooze these issues, removing them from the current issues section in the portal and in your reports.
Reporting ๐
Reports page
Once you have a few scans under your belt, you will be able to view your account analytics which provides insight into your scans including issues and emerging threats.
โ
Generating a PDF/CSV report
Once your first scan has been completed, you can choose to download a PDF or CSV report which can then be used for compliance purposes. For full details on downloading a report, take a look at the How do I download a report? article.
โ
Integrating with your platforms ๐
Cloud Integrations โ๏ธ
The Intruder platform integrates with the most commonly used Cloud Platforms platforms including AWS, GCP and Azure. As mentioned above, this allows the syncing of assets from your AWS accounts (or AWS organisation on our Enterprise plan), GCP accounts and Azure accounts.
Issue Tracking Integrations ๐
We also provide integrations with several Issue Tracking tools including Azure DevOps, GitHub, GitLab, Jira and ServiceNow. Integrating with these platforms will allow you to send your issues directly to these platforms to allow you to seamlessly create issues on these platforms from Intruder, either automatically or manually.
Compliance Integrations ๐ฎโโ๏ธ
To make the compliance process as easy as possible, we integrate with two common compliance platforms - Drata and Vanta. You can then send scan evidence straight across to these platforms either automatically or manually from the Scans page.
You can read more about these integrations here:
You can read more about the variety of platforms with which we integrate here.
Other FAQs ๐ง
Check out our help pages on what our scans test you for, what scanning engine we use, how to add additional users and how the licensing works.
How to contact us ๐
Our team are available Monday through Friday, 9:30 am - 5:30 pm GMT/BST via the chat bubble in the corner ๐ and we love feedback, so if you've got any questions or ideas on how we could improve, please do get in touch!