Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Support
Agent Groups

Assigning agents to teams

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

Assigning agents to teams is a feature designed for customers with many teams and internal agents in their Invicti Enterprise configuration. When this feature is disabled, all members and teams have access to all internal agents, which in the case of some large organizations can cause scanning delays when multiple scans are queued to use the same internal agent at the same time. By assigning internal agents to specific teams, you can use your resources more efficiently and avoid operational conflicts.

This document describes how to set up and use this feature by first configuring the assignment of agents to specific teams in your Invicti Enterprise instance and then configuring a scan using assigned agents.

NOTE: This feature only applies to internal agents. Cloud agents operate as usual.

How to configure the assignment of agents to specific teams

To assign internal agents to specific teams within your Invicti Enterprise instance, first, ensure you have established the prerequisites listed below. Then, follow the steps in this section to enable the setting and create an agent group with assigned teams.

PREREQUISITES:

  • Account Owner or Account Administrator role to enable the setting and to add and edit agent groups.
  • Your Invicti Enterprise account members organized into teams. For information about adding and editing teams, refer to Managing teams in Invicti Enterprise.

Step 1: Enable the setting

  1. Select Settings > General from the left-side menu. 
  2. In the Advanced Settings section, click the checkbox next to Allow assignment of agents to specific teams to enable the setting.
  3. Scroll to the bottom of the page and click Save.

Step 2: Create an agent group with assigned teams

  1. Select Agents > Manage Groups from the left-side menu.
  2. Click + New Agent Group. Alternatively, if you want to assign teams to an existing agent group, click Edit next to the relevant agent group.

  1. Enter a Name for the agent group.
  2. Click in the Agents field to display a list of your active internal agents and select the agent(s) you want to assign to this agent group.

IMPORTANT: Once an agent is assigned to an agent group with assigned teams, that agent is no longer available to any user outside of the assigned team.

  1. Click in the Teams field to display a list of your teams and select the team(s) you want to assign to this agent group.

TIP: Each of your teams can be assigned to multiple agent groups. 

  1. Click Save.

Members of the selected team(s) can now run scans using only the internal agent(s) selected for the agent group or any available 'pool agents'. Any other teams or users in your environment no longer have access to the internal agents you assigned to the agent group.

The newly created agent group is now visible on the Agent Groups page (Agents > Manage Groups). From this page, you can edit or delete your agent groups. For more information, refer to Managing Agent Groups.

Pool agents

Pool agents are internal agents that have not been assigned to any agent group. They can also be internal agents that have been assigned to an agent group, but the agent group does not have any team assigned to it. Pool agents are available to all users in your environment.

IMPORTANT: If you assign all your internal agents to agent groups, you will not have any pool agents, and therefore, your team members will be restricted to using only the internal agents in their assigned agent group. This could become problematic depending on the ratio of teams to internal agents and the volume of scans they need to run.

Another important consideration is if not all teams are assigned to agent groups, then assigning all internal agents to agent groups could result in some team members being unable to run any scans because no internal agents are available.

Therefore, we recommend ensuring a balanced assignment of agents to teams to avoid under or overutilization of resources.

Illustrative example

In the example image below, we have created three agent groups. Each agent group provides access to different internal agents and teams.

  • AgentGroup1: Members of Team1 can run scans using Agent1 or any 'pool agents' (including AgentPool-NoTeam). They cannot run scans using Agent2.
  • AgentGroup2: Members of Team2 can run scans using Agent2 or any 'pool agents' (including AgentPool-NoTeam). They cannot run scans using Agent1.
  • AgentGroup-NoTeam: Members of Team1 and Team2 and any other members (whether assigned to a team or not) can run scans using AgentPool-NoTeam.

How to configure a scan using assigned agents

  1. Select Scans > New Scan from the left-side menu.
  2. Select an internal target to set the Target URL.
  3. In the Scan Settings > General > Agent Selection section, select either Dedicated or Group.
  • Dedicated allows you to select an internal agent that has been assigned to the team you are a member of or any available 'pool agents'.
  • Group allows you to select an agent group that has either been assigned to your team or has no team assigned to the group.

  1. If you selected Dedicated for Agent Selection, use the Preferred Agent drop-down to select the agent you want the scanner to use. Selecting Any of the available agents will allow the scanner to choose an available agent from the pool agents and the agents assigned to your team.

  1. If you selected Group for Agent Selection, use the Preferred Agent Group drop-down to select an agent group. This allows the scanner to select any of the available agents assigned to the agent group you select.

  1. Complete the remaining scan settings as usual. For information about the other scan settings, refer to Creating a New Scan.
  2. Click Launch to run the scan or Save Profile to save the configuration as a new scan profile for future scans.

NOTE: If you schedule a scan and lose access to the selected internal agent prior to the scan commencing, the scan will fail. For example, if the team you are assigned to changes or the selected internal agent is moved to a different agent group, this would cause the scan to fail, and you would need to edit the scan settings to ensure an available internal agent is selected.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports