Creating and managing organizations
What is an organization?
An organization is essentially your client that you want to run an assessment for. For example, if you're an MSP and you want to run an assessment for a client of yours called ABC Client, then you will need to create an organization within the vPenTest portal for this organization.
Creating an organization
IMPORTANT When creating a organization, it’s important to fill out as many details as possible. Details such as the organization’s domain name can be used for open source intelligence (OSINT) gathering.
Follow these steps to create an organization:
-
Click the New Organization button.
-
Fill out the New Organization pop-up modal. The following options are presented in three tabs in the following order:
Tab Field Description Details Full Name The full name of the organization Industry Provide your client's industry category. Short Name The organization's abbreviation if any. If none exists, you can use the organization's full name. Time Zone Provide the organization's time zone. Domain This is used for open source intelligence gathering (OSINT). This text box should contain the the domain name of the organization. Additional Options: Set auto purge policy This is an optional field. Enter a number here. For example, 15 or 30. If you mention 15, the purge of reports will happen after 15 days. Additional Options: Apply to existing reports Click the toggle button to make it active. This will apply the above rule to existing reports as well. Authorized vPenTest Agent Emails Add organization email An email to associate an agent to this organization profile. Read the note that is given under this tab. This is the authorized vPenTest agent email for internal assessments. Remove Click the Remove button if you want to dissociate an agent with this organization profile anytime. Permissions Select the radio buttons according to your preferences. -
Click Save. The organization is created.
NOTE If you are conducting an internal security assessment, such as a penetration test or vulnerability assessment, then you can provide an email address to "attach" for an agent. In other words, when you use this email address for option 2 in the vPenTest Agent menu's registration process, it will automatically associate that agent with this organization. It should also be noted that this email address should be unique per organization. If you have the same email associated to multiple organizations, you will experience issues registering an agent to the correct organization.
Once you've completed this step, you'll be taken to the organization's profile page, which you can find more details on in the next section.
Managing organization profile
To manage an organization, you can use the Organization Profile page, which shows you everything about a particular organization, including their users, scheduled/in-progress assessments, agents, as well as comparison data.
To manage an organization's settings, perform the following steps:
- Click Organizations in the left navigation menu.
- Click on any organization name from the list of companies to view its Organization Profile page.
- When you click on an organization name, the organization's profile page appears, which is shown below. Using the Organization Profile page, you have the ability to manage several areas in the platform.
Here's a brief overview of the sections you'll run across in the organization profile sections:
Profile Details tab
The Profile Details tab is where you can access the profile of the organization and information about agents, reports and assessments. The Profile Details tab is divided into five sections - Details for <xyz>, Internal Agents, Reports, List of Previous Assessments, and Assessment Stats.
- Details for <xyz>: This section allows you to see information about the organization such as full name, short name, industry, domain, time zone, whether there are any vPenTest agent authorized emails, and whether reports can be released directly.
- Internal Agents: This section allows you to manage any agents by the organization, including viewing their UUID. You can also edit and delete an agent.
- Reports: This section allows you to review reports that belong to that organization.
- List of Previous Assessments: This section allows you to see previously run assessments for this organization. The details in the table are updated after every assessment.
- Assessment Stats: This section gives you an idea about the many assessments of certain types that you've run for this organization.
Users tab
The Users tab allows you to manage the users that can be created for this particular organization. When you create an organization member, you're essentially giving that user read-only abilities for that organization. When they log in, they'll be able to see the following information:
- Available reports
- In-progress and upcoming scheduled assessments
- Trending data for recurring security assessments
Information in the Users tab includes their full name, email, number of sign-in counts, last sign-in IP, and last sign-in time.
You can take the following actions:
-
Invite a new user to the organization fold
-
Edit user details
-
Show user details
-
Send reset password link
-
Suspend user
-
Delete user
When a new user accepts your invite, the user's name will be reflected under the Users tab after the user accepts the invite.
The names of users and their information can span many pages, and you can control the number of entries per page by selecting an appropriate number from the Show <number> entries dropdown. In case of multiple pages of entries, you can navigate between the pages using the various buttons available below the grid.
Locations tab
The Locations tab allow you to add locations so that you can tie certain IPs and agents to that location which in turn will then become part of the assessment whenever you select a particular location.
You can take the following actions:
-
Create a new location
-
Edit a location
-
Delete a location
NOTE You cannot delete a default location
Fore more information, see Creating and managing locations.
Manage IPs
The Manage IPs tab lists different types of IP addresses used by the organization. These IPs are tied to different locations.
You can take the following actions:
-
Add new IPs
-
Edit an IP
-
Delete an IP
The IP information can span many pages, and you can control the number of entries per page by selecting an appropriate number from the Show <number> entries dropdown. In case of multiple pages of entries, you can navigate between the pages using the various buttons available below the grid.
List of Agents tab
The List of Agents tab lists agents that belongs to the organization. You can use this tab to manage these agents.
You can take the following actions:
-
Viewing an agent
-
Modifying an agent
-
Deleting an agent
Additionally, you can also view the UUID that can be used to register a new agent to this particular organization.
Assessments tab
In the Assessments tab, you'll be able to see in-progress assessments in the Running tab, upcoming assessments in the Scheduled tab, and completed assessments in the Completed tab.
-
The Running tab lists assessments that are currently run by different organizations.
-
The Scheduled tab lists assessments that are upcoming and which will be run by different organizations.
-
The Completed tab lists assessments that are completed by different organizations.
-
The Calendar tab lists assessments done and upcoming for a period. The Calendar tab gives you Month, Week and Day views. Additionally, you can schedule an assessment and launch IP Estimator from the same tab.
Comparison Data tab
The Comparison Data tab is divided into two tabs - History of PenTest Findings and History of Vulnerabilities. The tab shows comparison data between history of pentest findings and history of vulnerabilities.
The History of PenTest Findings tab shows a history of pentest findings from the past. If there is no enough data under the History of PenTest Findings tab, you can schedule an assessment by clicking the Schedule Assessment button.
The History of Vulnerabilities tab shows a history of vulnerability findings from the past.
Reports tab
The Reports tab shows you the list of reports that have been generated for this organization. You can search assessments for viewing reports belonging to each assessment. The table in this section shows details such as name of the assessment, auto-purge date, date of release, and various actions that can be taken on the reports. In case of multiple pages of entries, you can navigate between the pages using the various buttons available below the grid.