Engagements
The Feature
Engagements are used to identify vulnerabilities at a "point in time". For instance, if you are releasing a version of your product in May 2018. You can create an engagement, which denotes the release, say "May 2018 - <ProductName>". Subsequently, all the scans can be assigned to that engagement, so you can get the vulnerabilities for that particular release or, in this case "Engagement".
- You can use the
X-Engagement-Id
header in Webhooks to directly allocate scans to engagement OR - Manually allocate scans to engagements
3.1 List of Engagements
The list of engagements of an Organization is as shown in the figure below. The number of vulnerabilities based on severity can be found by hovering on the vulnerability bar.
List of Engagements
3.2 Engagement creation
To create an engagement, the 'Create' button has to be clicked in the list of engagements section.
When the 'Create' button is clicked, a form is displayed as shown below.
Details have to be filled in the Create engagement form and the 'Submit' button has to be clicked for the engagement to be created.
Create an engagement
The engagement created will be listed in the list of engagements.
3.3.1 Update an engagement
To update an engagement, the 'Update' button has to be clicked on the individual engagement details page as in Figure 3.14.
When the 'Update' button is clicked on by the user, the 'Update Engagement' form is displayed.
The user can edit details which have to be changed about the engagement in the 'Update Engagement' page and 'Submit' button has to be clicked.
Update the details which have to be changed for an engagement
Engagement details updated will be visible in the List of engagements.
3.3.2 Engagement deletion
To delete an engagement, the 'Delete' button has to be clicked.
Delete an engagement
Once the user clicks on the 'Delete' button, the engagement is deleted and the changes are reflected in the List of engagements.
3.3.3 Assigning scans to an engagement
To add scans to an engagement, the user has to go to individual engagement dashboard by clicking on the engagement name.
Individual engagement dashboard
In the 'Assign Scans' section displays the number of unassigned scans available that can be added to the engagement. The user can select the scans he wants to add to the engagement. When the dropdown is clicked, all the unassigned scans are displayed.
Assigning scans to an Engagement
After selecting the scans, the user has to click on the 'Add to Engagement' button to add them to the engagement.
Once the scans have been added to an engagement, changes are reflected in the individual engagement details page.
3.3.4 Individual Engagement Details
To view details of an individual engagement, the user has to click on its name.
Once the user clicks on an engagement, the user is directed to a page which contains its details of an engagement such as the Engagement name, Application, Start and end dates (the duration for which the engagement is open) are displayed.
Individual engagement dashboard
Severity of vulnerabilities for scans under a particular engagement and scans under a particular engagement are as displayed in the figure below.
Details of engagement displayed on the engagement details page
Vulnerabilities of a scan by severity under a particular engagement and scans that have been added to it are shown in the individual engagement dashboard.