Skip to content

Automation Engine

Schedule, execute, and monitor security scans with powerful automation.

Overview

The Automation Engine manages all security testing execution in Hive:

  • Scan Executions: Run and monitor active scans
  • Scan History: Review past scan results
  • Module Sources: Manage security testing tools
  • Scheduling: Automate recurring scans
  • Monitoring: Track scan progress and health

Scan Executions

Active Scans

View and manage currently running scans:

Information Displayed: - Scan name and ID - Target being scanned - Progress percentage - Modules completed - Estimated time remaining - Assets discovered - Vulnerabilities found

Actions Available: - View details - Monitor progress - Cancel scan (if needed) - View logs

Executing Scans

From Web UI: 1. Navigate to Automation Engine → Attack Platform 2. Select runbook or attack tree 3. Configure target and parameters 4. Click Execute 5. Scan appears in Scan Executions

From CLI: 

aphids-cli \
  --api-key $API_KEY \
  --runbook RUNBOOK_ID \
  --target-url https://example.com \
  --engagement ENGAGEMENT_ID

Via API: 

curl -X POST \
  -H "X-Api-Key: $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "runbookId": "RUNBOOK_ID",
    "target": "https://example.com",
    "engagementId": "ENGAGEMENT_ID"
  }' \
  https://api.hive.darksidesecurity.io/executions-cli/executions

Scan History

Viewing Past Scans

Access historical scan data:

Filters Available: - Date range - Engagement - Status (success/failed) - Runbook/attack tree - Target

Information Shown: - Execution ID - Start/end time - Duration - Status - Assets discovered - Vulnerabilities found - Scan type

Analyzing Results

Per-Scan View: 1. Click scan in history 2. View execution details 3. See module results 4. Review discovered assets 5. Check vulnerabilities 6. Download reports

Comparative Analysis: - Compare scan results over time - Track asset changes - Monitor vulnerability trends - Identify patterns

Module Sources

Available Modules

Hive includes 30+ security testing modules:

Categories: - Network scanning - Web application testing - Subdomain enumeration - Vulnerability scanning - SSL/TLS testing - Information gathering - DNS reconnaissance

Module Management: - View available modules - Check module versions - See module documentation - Test module connectivity

See APHIDS Modules for complete list.

Scheduling

Automated Scans

Schedule recurring security scans:

Schedule Types: - One-time (future execution) - Daily - Weekly - Monthly - Custom cron expression

Configuration: 1. Navigate to Automation Engine → Scheduling 2. Click Create Schedule 3. Select runbook/attack tree 4. Configure target 5. Set schedule 6. Set notification preferences 7. Save schedule

Example Schedules:

Daily Monitoring: 

Schedule: Daily at 2:00 AM
Runbook: Quick Web Scan
Target: https://example.com
Notifications: On failure or new critical vulns

Weekly Deep Scan: 

Schedule: Every Sunday at 1:00 AM
Runbook: Comprehensive Security Audit
Target: *.example.com
Notifications: Always

Monthly Compliance: 

Schedule: 1st of each month
Runbook: PCI DSS Scan
Target: Payment processing systems
Notifications: Always, with report

See Scheduling Scans for detailed guide.

Monitoring

Real-Time Monitoring

Track scan execution in real-time:

Dashboard Widgets: - Active scans count - Scan queue depth - Success rate - Average duration - Resource utilization

Scan Progress: - Current module executing - Modules completed - Progress percentage - Time elapsed - Estimated time remaining

Alerts and Notifications

Notification Types: - Scan started - Scan completed - Scan failed - Critical vulnerability found - Asset discovered - Threshold exceeded

Notification Channels: - Email - In-app notifications - Webhooks - Slack/Teams (via webhook)

Configuration: 1. Go to Profile → Notifications 2. Enable desired notifications 3. Configure channels 4. Set thresholds 5. Save preferences

Scan Queue

Queue Management

Queue Information: - Pending scans - Queue position - Estimated start time - Priority level

Queue Actions: - View queue - Reprioritize scans - Cancel queued scans - Adjust concurrency limits

Concurrency Limits

Default Limits: - Max concurrent scans: 5 - Max scans per engagement: 3 - Max scans per user: 2

Admin Configuration: - Adjust global limits - Set per-user limits - Set per-engagement limits - Configure resource allocation

Execution Logs

Viewing Logs

Access detailed execution logs:

Log Levels: - INFO: Normal operations - WARN: Warnings and issues - ERROR: Errors and failures - DEBUG: Detailed diagnostic info

Log Contents: - Module execution details - Network requests/responses - Error messages - Timing information - Resource usage

Accessing Logs: 1. Navigate to scan execution 2. Click View Logs 3. Filter by level 4. Search log content 5. Download logs

Best Practices

Execution

✅ Verify Scope: Always confirm target authorization
✅ Test First: Run manual before scheduling
✅ Monitor Initially: Watch first few executions
✅ Set Alerts: Configure failure notifications
✅ Review Regularly: Check scan results

Scheduling

✅ Off-Peak Hours: Schedule during low-traffic times
✅ Stagger Scans: Don't run all at once
✅ Allow Buffer: Time between scans
✅ Test Schedules: Verify before enabling
✅ Document Purpose: Note why scheduled

Monitoring

✅ Check Dashboard: Review daily
✅ Investigate Failures: Don't ignore errors
✅ Track Trends: Monitor over time
✅ Optimize Performance: Adjust based on data
✅ Clean Up: Remove old/unused schedules

Integration

With APHIDS CLI

Execute and monitor via CLI:

# Execute scan
aphids-cli --api-key $API_KEY --runbook RUNBOOK_ID --target-url https://example.com

# Check execution status
curl -H "X-Api-Key: $API_KEY" \
  https://api.hive.darksidesecurity.io/executions-cli/executions/EXECUTION_ID

With CI/CD

Integrate into pipelines:

GitHub Actions: 

- name: Security Scan
  run: |
    aphids-cli \
      --api-key ${{ secrets.HIVE_API_KEY }} \
      --runbook security-scan \
      --target-url https://staging.example.com

Jenkins: 

stage('Security Scan') {
    steps {
        sh 'aphids-cli --api-key ${HIVE_API_KEY} --runbook security-scan --target-url https://staging.example.com'
    }
}

See CI/CD Integration

Troubleshooting

Scan Won't Start

Check: - Queue not full - Concurrency limit not reached - Target reachable - Permissions sufficient - Engagement active

Scan Keeps Failing

Investigate: - Check execution logs - Verify target accessibility - Review module configuration - Check network connectivity - Validate credentials (if needed)

Slow Execution

Optimize: - Reduce scope - Adjust module timeouts - Check network latency - Review resource allocation - Stagger concurrent scans

Related: Scheduling Scans | Attack Platform | Intelligence