Targeting

Review and act on Targets

This guide walks you through reviewing Targets in the funnel, acting on Targets that require input, and closing out findings.

For background on funnel statuses and how Targets advance, see Targeting.

Open the Target tab

From the Targeting application, select the Target tab. The funnel at the top shows a live count of Targets at each status: Potential Targets, Targeted, Validated, Exploitable, Exploited, and Remediated.

Target tab showing the full funnel with counts at each status and In progress targets below
The Target tab showing funnel status counts

The number under Potential Targets reflects every asset that matched a Trigger across your active Packages. As Agents work through them, those counts shift across the funnel in real time.

Review Targeted assets

Click the Targeted status card to see assets currently assigned to an Agent. Select a Target from the list to see its details inline.

Targeted status selected showing an in-progress target with package, trigger, underlying asset, and linked investigation details
A Targeted asset selected in the list

Click the Target to open its full detail view. This shows:

  • The Process pipeline: where the Target currently sits and what steps remain
  • Selected for Targeting: which Package Trigger selected this asset and the applicable Rules of Engagement
  • Sent to Validation Agent: the steps the Agent has taken so far and the outcome of each
Target detail view showing process stages, trigger context, rules of engagement, and Continue options
Target detail view showing the process pipeline and agent steps

If an Agent session is currently running and you want to stop it, select the Target from the list and click Abort.

View linked Objects

Inside the Target detail view, select the Linked Objects tab. This shows all Objects related to the targeted asset, displayed as a graph and a list with last-sighting timestamps. Use this to understand the asset’s context: what it connects to, what type of Object it is, and when it was last observed.

Linked Objects tab showing asset properties and metadata
Linked Objects tab showing related assets and metadata
Graph view of related objects including Web File, URL, and Web Application nodes
Related Objects graph showing asset relationships

Review Validated assets

Click the Validated status card to see assets where Agent validation has completed. Targets in the Required input group are waiting on your approval before the Agent can proceed to pentesting.

Validated status selected showing required input targets with a Proceed and Abort prompt
Validated status showing Targets requiring input

Select a Target to open its detail view. The Process pipeline shows the current status and what the Agent found during validation. The Sent to Validation Agent section shows the completed validation steps and their outcomes.

Target detail showing Validated status pending approval, with Proceed to Pentest Agent and Stop here options
Validated Target detail showing the exploitation path and approval gate

To allow the Agent to continue to pentesting, click Proceed to Pentest Agent. To stop the Agent at this point, click Stop here.

Send to an Agent

From the Continue section at the bottom of any Target detail view, you can send the Target to a specific Agent manually. The options are:

  • Send to Validation Agent: run or re-run validation
  • Send to Pentest Agent: escalate directly to pentesting
  • Send to Exploit Agent: escalate to exploitation
  • Send to Operator: open the Target in Operator for manual investigation
Continue section showing Send to Validation Agent, Send to Pentest Agent, Send to Exploit Agent, and Send to Operator options
Agent options in the Continue section

After clicking Proceed, the Target moves out of Required input and into In progress as the next Agent begins its work.

Target list showing Required input count decremented and In progress count incremented after proceeding
Target moved to In progress after proceeding

Review Exploitable assets

Click the Exploitable status card. The behavior here mirrors Validated: Targets in Required input have hit a Rules of Engagement gate and are waiting on your approval before the Agent proceeds to exploitation.

Exploitable status selected showing a target with Need user input status and Proceed and Abort options
Exploitable status showing Targets pending user input

Select a Target and click Proceed to authorize exploitation, or Abort to stop the Agent.

Understand blocked Targets

A blocked Target is waiting on user input that goes beyond a standard ROE approval. This can mean the Agent lacked enough information to continue, hit an ambiguous finding, or reached a point where it needs human direction on how to proceed.

To understand why a Target is blocked, open its detail view, select the Reports tab, and open the [OUTCOME: BLOCKED] report. This report explains what the Agent found, why it stopped, and what evidence it reviewed.

Reports tab showing an OUTCOME: BLOCKED report with detailed reasoning, evidence reviewed, and narrative stub
Blocked Target report explaining why the Agent stopped

From here you can decide how to proceed. In the example above, the Agent had insufficient pentest context to continue — a reasonable next step would be to send the Target to a Pentest Agent first, then route it to an Exploit Agent once a confirmed exploit path exists.

Mark Targets as Remediated or Deferred

Once a Target’s security concern has been addressed, move it to Remediated to close it out.

If the concern is real but not immediately fixable, move it to Deferred. Common reasons to defer:

  • The asset is owned by a third party and remediation requires external coordination
  • A vendor patch is pending and no workaround is available
  • The risk has been reviewed and consciously accepted for a defined period
  • Operational constraints prevent remediation right now

Deferred Targets remain tracked in the funnel. They are not closed — they are set aside with the expectation of revisiting them. When circumstances change, move a Deferred Target back into the active pipeline or close it as Remediated.

Next steps