Acitivity > Tasks is where you can manually kick off any of the available background tasks that run in DeepSurface. This is also a helpful area to trouble shoot any tasks that have run and get information about what happened during a particular task and when it was last run. At present, the five task types are available and each will be covered in its own detailed section.
Each of the available tasks do very different things within the application, but each shares a lot of similar DNA. When first visiting this interface, you will be greeted with something that looks like the following:
Each available task is represented by a card. The name of a task is in the top left (along with a handy contextual help icon). Below the name of the task will be any available information about the most recent time this task ran in the system. Scheduled task and job history will also be shown for a given task if available (not all tasks have the ability to be scheduled or keep track of job history).
The far right for each task is a button that allows you to manually start any of the available tasks. Each task will have different follow-up information needed in order to run the task. The information needed is different for each task and will be covered in greater detail in the documentation for that task. One constant, however, is the option to automatically "Run next task in sequence when finished?".
This option is checked by default for each task. It is helpful to think of the tasks as a sequential series of tasks that naturally flow into the next one. The order of the available tasks on this page are no accident. One task naturally leads to the next one and is necessary for subsequent tasks to be run. Therefore, if left checked, kicking off any of the tasks on the page will automatically start the next task below it and so on, until the bottom task (Risk Analysis and Prioritization) has run. Some users find it useful to uncheck this box if they really just want to do one specific task in the system, without having to wait for everything else that follows in the sequence.
The status of a given task is shown to the immediate right of the task name if available. If a task has not been run, then no status will be shown. Possible status options are:
Sometimes a task will also have error messages to show you about the most recent job that had an error. To view the message, click on the alert notification icon to the right of the button to kick off the task. A task in an error state will look something like this:
The Credentialed Scan and Import Vulnerability Source Data tasks have the ability to view historical information about tasks that have been run. This can be useful for determining when a given task succeeded or failed. To view the history for either of these tasks, click on the "View History" button and you will see something like this:
The rule engine and data feed fetches the latest data on patches, known vulnerabilities, and "rules" (which allow DeepSurface to associate identified vulnerabilities with specific aspects of your architecture). This happens daily in the system and is necessary for the DeepSurface product to have the latest information available to you. Like any other tasks, this can be kicked off manually within this interface, but can also be configured to happen at a particular time every day.
To configure the specific time of day that this task runs, head to Setup > General Settings > Admin in the application menu and change the time entered in TIME OF DAY FOR RULE FEED UPDATE field.
An credentialed scan collects information from each domain and host identified in the reconnaissance phase. This is the most intensive data collection scan performed by DeepSurface. When performin an credentialed scan, you can have it run for any number of Scan Groups. If no scan groups have been configured, then this task is not yet available.
Aside from selected which scan groups are to be included in this credentialed scan, you also have the option to tell DeepSurface to "Force re-scan of recently scanned hosts?". By default, this option is unchecked to avoid unnecessary scanning but some customers find it useful to check this option if they know something has changed that DeepSurface needs to be aware of.
Like the rule feed, this task can also be scheduled to happen automatically. These scans can be configured to happen on a per scan group basis. You can have multiple scheduled scans happen at any interval you like (daily, weekly, monthly) and can even have multiple schedule scans happen for a single scan group. To schedule a scan for a scan group, head to scanning > Credentialed > Scan Groups and edit any of your configured scan groups. While editing, click on the second tab of the edit modal and add as many schedules as you want for a scan group. Once scheduled, the schedule will be visible in the scan group and in the card for this task.
If you manually stopped an credentialed scan early, or want to manually sync any outstanding scan information from deployed agents, you can choose to process that queue of hosts manually. There are no additional options needed other than unchecking the option to run the next task in the sequence.
The import vulnerability source data task imports data from one or more third-party vulnerability sources and merges this information into the DeepSurface threat model. The only additional information needed to kick off this task is letting DeepSurface know which vulnerability sources you would like to import data from. As long as your vulnerability sources are configured correctly, DeepSurface will then import the vulnerability data through the API using the credentials provided.
Finally, the risk analysis and prioritization task is the deep offline analysis phase which finds all scenarios where an attacker could leverage identified vulnerabilities in realistic attacks. This information is then used to prioritize risks and generate multiple reports and views. This analysis is what powers most of the DeepSurface interface. The only additional information needed is to know if you want to "Re-run analysis on models even if no underlying changes have occured?" This option is unchecked by default, but can be checked if you want to force the system to run a full analysis on aspects that you know may have changed.