Getting Started after Installation
There are several things you may choose to do after you have logged in for the first time. These include:
- Onboard users: If you are a small security team, go ahead and add each user manually, otherwise, consider integrating the backend PostgreSQL database with a central IAM platform which can be responsible for provisioning access. Support for such an integration is provided for tier 3 and 4 monthly sponsors, and ad-hoc support is provided based on the relevant time-limit. For more details, you can contact us via the sponsors page.
- Change the admin password: While the admin password is generated using a secure random generator, it is still a good idea to change the password after first login.
- Enable MFA: Multi-Factor authentication is available for both admin and non-admin users. In both cases go to "SETTINGS" in the menu at the top, and then select "Enable MFA", which for admin users is at the bottom of the list of functions on the left-hand side, and for non-admin users is in the toolbar above the password change form.
Limits
Most tasks have a limit option available, except for the following:
- BSB Search
- Blockchain Monero Transaction Search
- Certificate Transparency
- Doing Business Search
- Domain Fuzzer - All Extensions
- Domain Fuzzer - Punycode (Condensed)
- Domain Fuzzer - Punycode (Comprehensive)
- Domain Fuzzer - Global Domain Suffixes
- Domain Fuzzer - Regular Domain Suffixes
- DNS Reconnaissance Search
- Have I Been Pwned - Email Search
- Have I Been Pwned - Breach Search
- Have I Been Pwned - Password Search
- Pinterest Pin Search
- Vehicle Registration Search
All tasks that have a limit have their default limit set to 10; therefore, if you don’t specify a limit it’ll be autoset to 10.
Frequency / Cron Jobs
Frequency has been provided as an option when creating a task. The syntax for frequency is exactly the same as Linux cron jobs and this is verified on input. When a frequency is added or updated, a cronjob will appear when you check crontab. Furthermore, it will be removed if the user updates the task to not use a frequency or deletes the task. The cron service will need to be running for these tasks to be executed according to the schedule. You can verify your cronjobs with crontab.guru.
Please note as part of the release of version 3.6, an efficiency checker has been included for cron jobs. This is to increase they efficiency of cron jobs used by the Scrummage platform. For example, if a user supplies the cron job */5 1-2,3-4 * * *, the cron checker will merge the 2 hour segments (separated by a comma), as this will run every hour between hours 1 and 4. The output will look like */5 1-4 * * *.
Creating a task with a frequency:
Verifying the task has been created:
Verifying the cronjob has been created:
API Verification
This simple feature displays either a green tick or a red cross when creating a task that relies on an API. It is verifying that the user has provided API information to the config.json file. An error will appear if you attempt to run the plugin without fulfilling the API requirements:
