Engagements

Owned by Nithin Jois (Unlicensed)
Last updated: Jun 19, 2018
3 min read

The Feature

Engagements are used to identify vulnerabilities at a "point in time". For instance, if you are releasing a version of your product in May 2018. You can create an engagement, which denotes the release, say "May 2018 - <ProductName>". Subsequently, all the scans can be assigned to that engagement, so you can get the vulnerabilities for that particular release or, in this case "Engagement". 

  • You can use the X-Engagement-Id header in Webhooks to directly allocate scans to engagement OR
  • Manually allocate scans to engagements

3.1 List of Engagements

The list of engagements of an Organization is as shown in the figure below. The number of vulnerabilities based on severity can be  found by hovering on the vulnerability bar.

List of Engagements



3.2 Engagement creation

To create an engagement, the 'Create' button has to be clicked in the list of engagements section.

When the 'Create' button is clicked, a form is displayed as shown below.

Details have to be filled in the Create engagement form and the 'Submit' button has to be clicked for the engagement to be created.

Create an engagement


The engagement created will be listed in the list of engagements.


3.3.1 Update an engagement

To update an engagement, the 'Update' button has to be clicked on the individual engagement details page as in Figure 3.14.

When the 'Update' button is clicked on by the user, the 'Update Engagement' form is displayed. 

The user can edit details which have to be changed about the engagement in the 'Update Engagement' page and 'Submit' button has to be clicked. 

Update the details which have to be changed for an engagement


Engagement details updated will be visible in the List of engagements.

3.3.2 Engagement deletion

To delete an engagement, the 'Delete' button has to be clicked.

Delete an engagement


Once the user clicks on the 'Delete' button, the engagement is deleted and the changes are reflected in the List of engagements.

3.3.3 Assigning scans to an engagement

To add scans to an engagement, the user has to go to individual engagement dashboard by clicking on the engagement name.

Individual engagement dashboard


In the 'Assign Scans' section displays the number of unassigned scans available that can be added to the engagement. The user can select the scans he wants to add to the engagement. When the dropdown is clicked, all the unassigned scans are displayed.

Assigning scans to an Engagement


After selecting the scans, the user has to click on the 'Add to Engagement' button to add them to the engagement.

Once the scans have been added to an engagement, changes are reflected in the individual engagement details page.

3.3.4 Individual Engagement Details

To view details of an individual engagement, the user has to click on its name.

Once  the user clicks on an engagement, the user is directed to a page which contains its details of an engagement such as the Engagement name, Application, Start and end dates (the duration for which the engagement is open) are displayed.

Individual engagement dashboard


Severity of vulnerabilities for scans under a particular engagement and scans under a particular engagement are as displayed in the figure below. 

Details of engagement displayed on the engagement details page


Vulnerabilities of a scan by severity under a particular engagement and scans that have been added to it are shown in the individual engagement dashboard.