Targets#

What Targets Are#

A target in SilentBolt is a domain or web application that your organization wants to scan for security vulnerabilities. Targets are the foundation of everything in the platform — without a properly onboarded and authorized target, no scans can run.

Each target represents a single domain (e.g., example.com, api.staging.example.com) and is owned by a company within the multi-tenant model.

Why Target Onboarding Matters#

SilentBolt scans real infrastructure using real security tools. Scanning a domain you don't own or control is unauthorized and potentially illegal. The target onboarding process exists to:

  1. Verify ownership — prove you control the domain before any scanning starts.
  2. Require authorization — add an explicit admin approval step as a safety gate.
  3. Scope scanning — ensure scans are directed only at approved assets.
  4. Organize assets — tag and classify domains by environment and business context.

Who Uses This#

  • Security analysts — to register new domains for scanning.
  • Admin users — to approve targets and manage access.
  • MSSP operators — to onboard client domains into isolated company workspaces.

How to Add a Target#

Step 1: Navigate to Targets#

Click Targets in the main navigation. You'll see the list of all domains currently registered for your company.

Step 2: Click "Add Target"#

Click the Add Target button to open the target creation form.

Step 3: Enter Domain Information#

Fill in the required fields:

Field Description Example
Domain The fully qualified domain name example.com
Environment Classification of the domain production, staging, or development
Tags (optional) Labels for organizing domains client-a, pci-scope

Step 4: Submit#

Click Save. The domain will be created with:

  • verification_status = pending
  • authorization_status = pending
  • is_allowed = false

The domain cannot be scanned until both verification and authorization are completed.

Domain Verification#

Verification proves that you own or control the domain. SilentBolt supports two methods:

DNS TXT Verification#

  1. SilentBolt generates a unique verification token when the domain is created.
  2. Add a DNS TXT record to your domain with the provided token value: 
    TXT  _silentbolt-verify.example.com  "sb-verify=abc123xyz..."
  3. Return to SilentBolt and click Verify. The platform will query your DNS records.
  4. If the token is found, verification_status is set to verified.

Advantages: Works for any domain. No email infrastructure required.

Timing: DNS propagation may take minutes to hours. If verification fails, wait and try again.

Email Verification#

  1. SilentBolt sends a verification email to a standard admin address on the domain (e.g., admin@example.com, webmaster@example.com).
  2. Click the verification link in the email.
  3. verification_status is set to verified.

Advantages: Faster for domains where you have email access.

Limitation: Requires a working email inbox on the domain.

Authorization and Approval#

Verification proves ownership. Authorization is a separate admin approval step that explicitly permits scanning.

  • After a domain is verified, an admin must approve it for scanning.
  • Once approved, authorization_status = approved and is_allowed = true.
  • This two-step model prevents accidental scanning of verified-but-not-yet-approved domains.

Why the Separation?#

In enterprise environments, the person adding a domain may not be the person authorized to approve scanning. The verification + authorization model supports approval workflows and segregation of duties.

Tagging and Environment Classification#

Environment#

Each domain should be classified by environment:

Environment Typical Use
production Live, user-facing systems
staging Pre-production test systems
development Development and internal test systems

Environment classification helps analysts prioritize findings. A critical finding on a production domain is more urgent than the same finding on a development domain.

Tags#

Tags are free-form labels you can apply to domains for grouping and filtering:

  • client-a, client-b — for MSSP operators managing multiple clients.
  • pci-scope, sox-scope — for compliance tracking.
  • critical-tier, tier-2 — for business criticality classification.

Tags are visible on the Targets list page and can be used to filter scans and findings.

Common Actions#

Action How
Add a new domain Targets → Add Target → fill form → Submit
Verify a domain Targets → select domain → Verify → choose DNS or Email
Authorize a domain Targets → select domain → Approve (admin only)
Add or remove tags Targets → select domain → Tags → edit
Change environment Targets → select domain → Edit → update environment
Delete a domain Targets → select domain → Delete (removes associated data)
View scan history Targets → select domain → Scan History tab

Best Practices#

  • Name domains precisely. Use the exact domain you want scanned, not a parent domain unless you intend to scan all subdomains.
  • Classify environments immediately. This makes it easier to prioritize findings later.
  • Use tags consistently. Agree on a tagging convention with your team before onboarding many domains.
  • Verify via DNS if possible. DNS verification is more reliable and doesn't require email infrastructure.
  • Don't skip authorization. Even in small teams, the authorization step catches mistakes (e.g., adding a domain you don't actually own).
  • Re-verify periodically if you suspect domain ownership has changed (e.g., after acquisitions or domain transfers).

Edge Cases and Warnings#

  • Wildcard domains — SilentBolt does not accept wildcard entries (e.g., *.example.com). Add the base domain, and the Discovery phase will enumerate subdomains automatically.
  • Internal/private domains — SilentBolt scans domains accessible from the internet. Internal-only domains that don't resolve publicly cannot be scanned.
  • DNS propagation delays — if DNS TXT verification fails, wait 15–30 minutes and retry. Some DNS providers are slow to propagate.
  • Deleting a domain removes all associated scans, findings, and reports for that domain. This action is irreversible.
  • Multi-tenant isolation — domains added by one company are invisible to other companies. An MSSP cannot accidentally scan a domain belonging to another tenant.

Related Pages

Getting Started with SilentBoltScansWorkflow: Onboarding a TargetGlossary
PreviousDashboard
NextScans