FAQs

General

Q. What is SecApps Scout?

SecApps Scout is an automated public assets discovery service specifically designed to help you enumerate domains, IP address, ports, services, web applications and common security vulnerabilities across public infrastructure. SecApps Scout can be configured to continuously monitor for changes in your public infrastructure, automatically identify potential weaknesses and notify when change occurs.

Q. What can I do with SecApps Scout?

SecApps Scout provides a service that you can use to automatically discover new domains, web applications, ports and services. This information can be used to from the basis of your asset catalog or your 24/7 security monitoring practices. SecApps Scout is also very effective at discovering potentially vulnerable applications and services which should not be exposed to the public. Because scouts can be configured to run automatically at scheduled interval you can be sure that you get notified as soon as a change occurs and as a result security misconfiguration problems and other unsupervised changes can be quickly discovered and mitigated.

Q. Who are the main users of SecApps Scout?

SecApps Scout is designed to be used by small and large enterprises. In practice, tis service is an excellent fit for any organization that is concerned about their public security posture. IT support teams can also benefit from using SecApps Scout to help them define and build up their public asset catalog.

Q. What kind of output I can get with SecApps Scout that I could not get with any other solution?

Although similar results can be achieved with some open source tools, SecApps Scout is designed with scalability and cost-effectiveness in mind. You don't need to provision additional networking and CPU resources, deal with and pay for licensing to a dozen of data sources and notify various entities about scanning activities. All of this is handled for you automatically by our internal team in a cost-effective manner. A home-grown solution will take a significantly longer time to build and will take many hours per month to maintain by a skillfully engineer.

Q. How do I interface with SecApps Scout?

SecApps Scout can be accessed by the Scout application part of your Launchpad.

Q. How do I get started using SecApps Scout?

It is very easy to get started. All related resources and help materials are available online and as part of the tool's built-in documentation.

Billing

Q. How much does SecApps Scout cost?

Creating a scout does not cost anything. You pay only what you use. Therefore the cost of SecApps Scout largely depends on the type of utilization you require. An example cost breakdown can be found at SecApps Scout's pricing page.

Q. How will I be charged and billed for my use of SecApps Scout?

You get charged every time your scouts are executed. All executions are accumulated in your monthly invoice. The invoice is billed against your credit card at the end of the month. It is also possible to pre-pay a credit which will be used for executing your scouts. Contact us for more information.

Q. Do your price include taxes?

Unless otherwise specified all prices are exclusive of taxes.

Scout

Q. What is a scout?

The scout is a single instance of our internal automatic discovery engine. The engine is executed to discover various related resources and perform checks. All discovered resources are automatically enumerated, analyzed and summarized.

Q. How many scouts can I create?

You can create up-to 1000 scouts per account. This limit can be extended per request.

Although it is possible to use a single scout for all work across several unrelated domains/organizations, you may want to use multiple scouts in order to extract more meaningful and specific information without filtering the output noise.

Q. What does SecApps do with my scouts?

SecApps is responsible for maintaining and running your scouts per the defined schedule and configuration. SecApps does not use the data to form or influence other service offerings.

Q. How reliable are my scouts?

Your scouts are ultra-reliable and guaranteed to always run as per the defined scheduled interval and configuration. Your scouts are also continuously maintained and updated with more capabilities to reflect the ever-growing list of new discovery techniques and vulnerabilities.

Q. How often my scouts are executed?

By default your scouts are run weekly as this provides the most value at minimal cost. You can change the execution interval upon scout creation or edit. The execution interval can be also set to "never" in order to stop the scout running automatically. In this instance, you will need to start the scout manually.

Q. For how long my scouts are executed?

Scouts are optimized to complete within 30 minutes window. However, in some circumstances the volume of data would require significantly longer time. Therefore all scouts have a hard limit of 12h per execution. Any scout running longer than 12 hours will be terminated but you may still get charged. However, it is very unlikely that a scout will exceed the 12h threshold.

Security

Q. How secure is my data in SecApps Scout?

SecApps takes data security very seriously and this is why we have baked in hard security controls around your data. Your data has encryption at rest and in transit. Data is not persisted for longer than 3 months (90 days). This means that any data older than this period is automatically removed. This data is not archived so once removed it cannot be recovered.

Q. How long my data is retained by SecApps Scout?

Your data is retained for up-to 90 days from the time it is stored.

Q. What options do I hve for encrypting data stored on SecApps Scout?

Your data is automatically encrypted with the highest possible standard. SecApps does not need to access your data accept for executing your scouts and providing you access to read the data.

Q. Who can access my data?

You can access scout data from the Scout app from your Launchpad. In addition you can export your data in multiple formats including CSV, JSON, XML and BSON. Your data will be available for up-to 90 days from the time it is created.