Here, you can manage all of your targets on the account - including viewing, filtering, and adding to the target list, as well as modifying the configuration on your targets.

Filters Explained

Host status

Status	External target	Internal target
Active	Target has at least one open port and/or responds to ping traffic	An agent has been installed on the device, and it is linked successfully
Not scanned	The target has not yet been scanned	The target has not yet been scanned
Unresponsive	We couldn't find any open ports or services	The agent is not reporting back to the scanner
Unlinked	N/A	The agent you installed has unlinked and needs to be relinked/reinstalled

Alerts

Requires attention	What does it mean?
Login interference	We have detected what we think is a login page, and you may need to add authentication. If you have an app license available, you can do this immediately; if you don't, you'll need to purchase one.
API detected	We have detected an API in your AWS account and believe that the addition of an API schema could improve scan coverage.
Web interference	We have detected a WAF that we believe could be adversely impacting your scans. To ensure full scanning, you'll need to add our scanning ranges (for your chosen region) to your allowlist.
Permissions missing:	We have detected an authentication issue. To enable authenticated scanning, please verify your target's authentication credentials.

If you filter by 'Requires attention' and roll your mouse over the information icon, you'll see what the alert refers to.

Login form detected - may require an authentication to be fully scanned:

Requires an API schema to be fully scanned:

Web Application Firewall (WAF) detected:

Permissions missing:

If you click on the target and navigate to:

The Authentications tab: you'll be shown the evidence and will have the option to either 'Add authentication' or Ignore recommendation'.

The APIs tab: you'll be shown the evidence and will have the option to either 'Add API Schema' or Ignore recommendation'

The first page: you'll see the banner at the top of the page:

If you choose to ignore the recommendation, you're prompted to add details and submit:

Once that's done, it'll show up under:

The Authentications tab, as shown below.
(You can always Undo ignore recommendation and add authentication at a later date – if you wish.)

The APIs tab, as shown below.
(You can always Undo ignore recommendation and add authentication at a later date – if you wish.)

Target type

Target type	Description
External	Any target that has a public-facing IP address, domain, or subdomain
Internal	Any device supporting Windows, Linux, or macOS.
Web app	Any target added as an external web application.
Cloud account	Any AWS, GCP, or Azure cloud account.

Web app

Authentication/API	Description
Authenticated	Any external web application target that has an authentication method. (If a target is added as an external web application without any credentials, we'll automatically add some dummy credentials!)
Unauthenticated	Any external web application target that does *not* have an authentication method.
Has API	Any web application that has an API schema applied.

Licenses

License type	Description
Infrastructure	Allows users to conduct external scanning on IP addresses, domains, and subdomains; as well as internal scanning on devices supporting Windows, Linux, or macOS.
Application	The Application license covers infrastructure scanning, enhanced web-app scanning of unauthenticated pages, authenticated web-app scanning (pages behind the login), as well as API scanning (where users have uploaded a schema file).
Not Assigned	This will only apply to external infrastructure targets, as application licenses are assigned as soon as the web app is added, and infrastructure licenses are assigned as soon as internal targets are linked.

Cloud monitoring

Monitoring status	Description
Monitored	Cloud security scans have been enabled, and the cloud account is being monitored for security risks and vulnerabilities.
Unmonitored	Cloud security scans have *not* been enabled, and the cloud account is not being monitored for security risks and vulnerabilities.

FAQs

How do I trigger login detection?

This check is run as part of the first scan kicked off on a target after it's been added, so you can't trigger it per se.

Can I get a second login detection if I delete the target and re-add?

Unfortunately not. When you re-add a previously deleted target, the scan history will be reinstated, which will include the scan where we checked the target for a login page.