FAQ

General

Q. What is SecApps Scout?

SecApps Scout is an automated public assets discovery service specifically designed to help you enumerate domains, IP address, ports, services, web applications and common security vulnerabilities across the Internet (public infrastructure). SecApps Scout can be configured to continuously monitor changes, automatically identify potential weaknesses and notify when security regressions occur.

Q. What can I do with SecApps Scout?

SecApps Scout provides a service that you can use to automatically discover new domains, web applications, ports and services. Security and IT teams can use this information to form the basis of your asset catalogue or your 24/7 security monitoring practices. SecApps Scout is also very effective at discovering potentially vulnerable applications and services which should not be exposed to the public. Because Scout can be configured to run automatically at the scheduled interval, you can be sure that you get notified as soon as a change occurs. As a result, security misconfiguration problems and other unsupervised changes can be quickly discovered and mitigated.

Q. Who are the main users of SecApps Scout?

SecApps Scout is designed to be used by small and large enterprises, security consultancies, vulnerability researchers and bug bounty hunters. In practice, this service is an excellent fit for any organization concerned about its public security posture. IT support teams can also benefit from using SecApps Scout to help them define and build up their public asset catalogue.

Q. What kind of output I can get with SecApps Scout that I could not get with any other solution?

SecApps Scout is designed with scalability and cost-effectiveness in mind. You don't need to provision additional networking and CPU resources, deal with and pay for licensing to a dozen data sources, and notify various entities about scanning activities. All of this is handled for you automatically by us in a cost-effective manner. A home-grown solution will take a significantly longer time to build and will take many hours per month to maintain by skilful engineers.

Q. How does SecApps Scout compare to Shodan, Spyse, ZoomEye, Censys, etc?

SecApps Scout provides better results then all of these search engines combined. Not only we aggregate the output of these search engines, including many other data sources, but we also perform further filtration, classification using a unique, graph-based data structure. With Scout, you get a snapshot of the state of the target at the point in time when the data was collected and processed, and this makes the tool produce more relevant results.

Q. How do I interface with SecApps Scout?

SecApps Scout can be accessed by the Scout application app of your Launchpad.

Q. How do I get started using SecApps Scout?

It is straightforward to get started. All related resources and help materials are available online and as part of the tool's documentation.

Billing

Q. How much does SecApps Scout cost?

Creating a scout does not cost anything. You pay only what you use. Therefore the cost of SecApps Scout largely depends on the type of utilization you require. You can find an example cost breakdown at SecApps Scout's pricing page.

Q. How will I be charged and billed for my use of SecApps Scout?

You get charged every time your Scout instances are executed. All executions are accumulated in your monthly invoice. The invoice is billed against your credit card or account balance at the end of the month. Contact us for more information.

Q. Do your price include taxes?

Unless otherwise specified all prices are exclusive of taxes.

Scout

Q. What is a scout?

The scout is a single instance of our internal automatic discovery engine. The engine is executed to discover various related resources and perform numerious checks. All discovered resources are automatically enumerated, analyzed and summarized.

Q. How many Scout instances can I create?

You can create up to 1000 Scout instances per account. We can extend this limit per request.

Although it is possible to use a single scout for all work across several unrelated domains/organizations, you may want to use multiple Scout instances to extract more meaningful and specific information without filtering the output noise.

Q. What does SecApps do with my Scout instances?

SecApps is responsible for maintaining and running your Scout instances per the defined schedule and configuration. SecApps does not use the data to form or influence other service offerings.

Q. How reliable are my Scout instances?

Your Scout instances are ultra-reliable and guaranteed to always run as per the defined scheduled interval and configuration. Your Scout instances are also continuously maintained and updated with more capabilities to reflect the ever-growing list of discovery techniques and vulnerabilities.

Q. How often my Scout instances are executed?

By default, your Scout instances are run weekly as this provides the most value at a minimal cost. You can change the execution interval. The execution interval can also be set to "never" to stop the scout running automatically. In this case, you will need to start the your Scout instance manually.

Q. For how long my Scout instances are executed?

Scout instances are optimized to complete within 30 minutes window. However, in some circumstances, the volume of data would require a significantly longer time. Therefore all Scout instances have a hard limit of 12h per execution. Any scout running longer than 12 hours will be terminated, but you may still get charged. However, it is very unlikely that a scout will exceed the 12h threshold.

Security

Q. How secure is my data in SecApps Scout?

SecApps takes data security very seriously, and this is why we have baked in hard security controls around your data. Your data has encryption at rest and in transit. Data is not persisted for longer than 3 months (90 days). This means that any data older than this period is automatically removed. This data is not archived, so once removed, we cannot recover it.

Q. How long SecApps Scout retains my data?

Your data is retained for up to 90 days from the time it is stored.

Q. What options do I have for encrypting data stored on SecApps Scout?

Your data is automatically encrypted with the highest possible standard. SecApps does not need to access your data except to execute your Scout instances and provide you access to read the data.

Q. Who can access my data?

You can access scout data from the Scout app from your Launchpad. Also, you can export your data in multiple formats including CSV, JSON, XML and BSON. Your data will be available for up to 90 days from the time it is created.

We hope this FAQ has answered some of your questions about SecApps Scout. If you have any other questions, please feel free to contact us.