Engagement Scope and Rewards

Set clearly defined scope and rewards to enable researchers to focus their testing efforts.

Specifying Scope and Rewards

In the Scope & Rewards tab, you can configure the following:

Target Overview

To specify the target overview for the engagement, follow these steps:

  1. On the dashboard page, select an engagement from the Go to Security Program or Engagement drop-down.

    go to security program or engagement

  2. Go to the engagement’s Settings tab and then click Scope & Rewards.

    engagement settings scope and rewards

  3. The Target overview page is displayed. Here you can provide specific details about your targets and their rewards. You can also provide broader details about your engagement’s overview.

    engagement target overview

    You can style your text using the Markdown syntax and embed images. You can embed files by dragging and dropping or pasting them. For more information about the Markdown formatting syntax, see Markdown Syntax Guide.

  4. Click Save.

Target Groups

To specify the target overview for the engagement, follow these steps:

  1. On the dashboard page, select an engagement from the Go to Security Program or Engagement drop-down.

    go to security program or engagement

  2. Go to the engagement’s Settings tab and then click Scope & Rewards.

    engagement settings scope and rewards

  3. Click the Target groups tab.

    engagement target group

  4. On the Target groups page, click Add group.

    click-add-group

  5. On the Add new target group page, add Details like Title and Description of the new target group.

    details description

  6. Scroll down the page, and check the box This target group is In scope if you want the target group to be tested by researchers in your engagement. If you want a group of targets to be listed as Out of scope on your engagement, do not check the box This target group is In Scope.

  7. If you want to offer rewards for a target group, check the box This target group pays monetary rewards. Set the reward range from the recommend ranges or you can set a custom reward range.

    scope reward create group

  8. Click Create group.

    For more information on targets, see managing engagement targets.

Viewing Target Flags

On the Engagement brief, target flags are utilized to easily indicate target changes to hackers. There are three types of target flags:

  • New: This flag is displayed when a new target is added.
  • Now OOS: This flag is displayed when a target is transitioned from in scope to out of scope.
  • Now in-scope: This flag is displayed when a target is transitioned from out of scope to in scope.

The target flags will display for four weeks from the day the target is added or its state is changed.

To view target flags added to an engagement, follow these steps:

  1. On the engagement Brief page, click Review changes.

    review changes

    The changelog page is displayed.

  2. On the Changelog page, click Preview.

    changelog preview

    A drawer with all brief details will appear. Scroll down to view the Targets section.

    • A New flag is displayed adjacent to a new target added.

    new target

    • A Now OOS flag is displayed adjacent to a target moved out of scope.

    out of scope target

    • A Now in-scope flag is displayed adjacent to a target marked in scope.

    in scope target