Products / Exposure Intelligence / Scope Management
Scope

Scope Management

Define exactly what ThreatCanary is authorised to discover, test and validate.

Book a demo Explore the platform
Deterministic evidenceScope-aware executionAdaptive capability
Capability architecture

Scope Management: context, validation and evidence.

This capability contributes to the same platform outcome: understanding realistic attacker exposure and proving what matters.

01

Why it matters

  • Offensive automation without strong scope controls creates risk.
  • Teams need clear inclusion, exclusion and environment boundaries before scans or tests run.
  • Scope decisions should be auditable and easy to update.
02

ThreatCanary approach

  • Support domains, wildcards, IPs, CIDR ranges, subdomains, exclusions and imported scope where appropriate.
  • Evaluate scope before discovery, scanning and validation actions.
  • Log scope changes and enforce boundaries across workflows.
03

What it validates or reveals

  • Authorised targets.
  • Out-of-scope exclusions.
  • Scope drift, conflicts and approval requirements.
04

Evidence and outputs

  • A clear explanation of the exposure, affected assets and likely attack path.
  • Reproducible evidence suitable for analysts, developers and risk owners.
  • Prioritisation based on exploitability, business impact, sensitive data and chainability.
  • Owner, remediation and workflow context that can move into Jira, Slack, SIEM or reporting.

See ThreatCanary in action

Stop counting vulnerabilities. Start proving compromise paths.

Book a technical demo