Operations¶
Manage campaigns, engagements, and organizations for structured security testing.
Overview¶
The Operations section helps you organize and manage your security testing work:
- Campaigns: High-level initiatives spanning multiple engagements
- Engagements: Specific testing activities with defined scope
- Organizations: Client or business unit management
Campaigns¶
What are Campaigns?¶
Campaigns are high-level initiatives that group related engagements together.
Use Cases: - Annual security program - Client relationship management - Multi-phase projects - Compliance programs
Campaign Features: - Multiple engagements - Aggregate reporting - Progress tracking - Resource allocation - Timeline management
Example Campaigns: - "2024 Security Program" - "Acme Corp - Annual Assessment" - "PCI DSS Compliance 2024" - "Red Team Exercise Q4"
Creating Campaigns¶
Steps: 1. Navigate to Operations → Campaigns 2. Click Create Campaign 3. Configure: - Name - Description - Organization - Start/end dates - Objectives 4. Click Create
Campaign Management: - View all campaigns - Track progress - Manage engagements - Generate reports - Archive completed
Engagements¶
What are Engagements?¶
Engagements are specific security testing activities with defined scope and objectives.
Engagement Components: - Scope: What you're authorized to test - Timeline: When testing occurs - Objectives: What you're trying to achieve - Team: Who is involved - Rules of Engagement: Testing constraints
Example Engagements: - "Web Application Penetration Test" - "External Network Assessment" - "Continuous Monitoring - Q4" - "Red Team Operation - Phase 1"
Creating Engagements¶
Steps: 1. Navigate to Operations → Engagements 2. Click Create Engagement 3. Configure: - Name and description - Organization - Campaign (optional) - Scope definition - Testing windows - Team members 4. Click Create
Scope Definition:
In Scope:
Out of Scope:
Testing Windows:
Rate Limits:
Engagement Tracking¶
Track Progress: - Scans completed - Assets discovered - Vulnerabilities found - Findings documented - Reports generated
Status Indicators: - Not Started - In Progress - On Hold - Completed - Archived
Organizations¶
What are Organizations?¶
Organizations represent clients, business units, or entities you're testing.
Organization Features: - Multiple campaigns - Multiple engagements - Team members - Scope definitions - Contact information - Billing/licensing
Example Organizations: - "Acme Corporation" - "Internal IT Department" - "Partner Company XYZ" - "Subsidiary - EMEA"
Managing Organizations¶
Organization Management: 1. Navigate to Operations → Organizations 2. View all organizations 3. Select organization 4. Manage: - Details - Members - Campaigns - Engagements - Scope
Organization Details: - Name and description - Contact information - Industry/sector - Size/scope - Licensing info
Hierarchy¶
Organizational Structure¶
graph TD
A[Organization] --> B[Campaign 1]
A --> C[Campaign 2]
B --> D[Engagement 1.1]
B --> E[Engagement 1.2]
C --> F[Engagement 2.1]
D --> G[Scans]
E --> H[Scans]
F --> I[Scans]
Levels: 1. Organization: Top-level entity 2. Campaign: Group of related engagements 3. Engagement: Specific testing activity 4. Scans: Individual security tests
Data Inheritance¶
Scope Inheritance: - Organization defines global scope - Campaign can restrict scope - Engagement further restricts - Scans must be within engagement scope
Team Inheritance: - Organization members - Campaign team - Engagement team - Scan executors
Workflows¶
Typical Workflow¶
1. Create Organization:
2. Create Campaign:
3. Create Engagements:
Engagement 1: Q1 External Assessment
Engagement 2: Q2 Web App Testing
Engagement 3: Q3 Internal Network
Engagement 4: Q4 Red Team Exercise
4. Execute Scans:
For each engagement:
- Define specific scope
- Run security scans
- Document findings
- Generate reports
5. Track Progress:
Best Practices¶
Organization Management¶
✅ Clear Naming: Use descriptive names
✅ Accurate Scope: Define scope precisely
✅ Contact Info: Keep contacts current
✅ Regular Review: Update periodically
✅ Archive Old: Clean up completed work
Campaign Planning¶
✅ Clear Objectives: Define goals upfront
✅ Realistic Timeline: Allow adequate time
✅ Resource Planning: Allocate resources
✅ Progress Tracking: Monitor regularly
✅ Documentation: Document decisions
Engagement Execution¶
✅ Authorization: Get written permission
✅ Scope Verification: Confirm scope
✅ Communication: Keep stakeholders informed
✅ Documentation: Record everything
✅ Reporting: Deliver timely reports
Reporting¶
Campaign Reports¶
Aggregate Reporting: - All engagements in campaign - Overall progress - Combined findings - Trend analysis - Executive summary
Generate Campaign Report: 1. Navigate to campaign 2. Click Generate Report 3. Select report type 4. Configure options 5. Generate and download
Engagement Reports¶
Per-Engagement Reporting: - Engagement-specific findings - Detailed technical data - Evidence and screenshots - Remediation guidance - Appendices
Generate Engagement Report: 1. Navigate to engagement 2. Click Generate Report 3. Select template 4. Customize content 5. Generate and download
See Reporting Engine
Integration¶
With APHIDS CLI¶
Associate scans with engagements:
aphids-cli \
--api-key $API_KEY \
--runbook RUNBOOK_ID \
--target-url https://example.com \
--engagement ENGAGEMENT_ID
Via API¶
Programmatic management:
# Create engagement
curl -X POST \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Web App Test",
"organizationId": "ORG_ID",
"scope": ["*.example.com"]
}' \
https://api.hive.darksidesecurity.io/engagements
Troubleshooting¶
Can't Create Engagement¶
Check: - Organization exists - Permissions sufficient - Scope is valid - Required fields filled
Scope Validation Errors¶
Verify: - Scope format correct - CIDR notation valid - No overlapping ranges - Exclusions properly defined
Can't Access Organization¶
Confirm: - You're a member - Permissions assigned - Organization is active - Not archived
Related: Creating Engagements | Scope Definition | Reporting