Workflow: Launching an Attack Session#
Goal#
Create and execute an AI-driven penetration test orchestration session based on a completed scan's results.
Prerequisites#
- At least one scan with status
done. - A configured AI provider (in Settings) or an available system default provider.
- Understanding of what Attack Orchestration does.
Steps#
1. Navigate to a Completed Scan#
Go to Scans and open a completed scan that you want to extend with deeper testing.
2. Launch Orchestration#
Click Launch Orchestration on the scan detail page. This creates a new orchestration session in draft status, linked to the scan.
Alternatively: Navigate to Attack Orchestration → New Session → select the scan from the dropdown.
3. Request AI Suggestions#
On the session detail page, click Get Suggestions.
SilentBolt sends a summary of your scan context (hosts, endpoints, technologies, findings) to the AI provider. The AI returns recommended test types:
| Returned Field | What It Means |
|---|---|
| Test type | The category of pentest (e.g., web_app_pentest, api_pentest) |
| Rationale | Why the AI recommends this type for your specific target |
| Confidence | How confident the AI is (only ≥ 0.6 shown) |
4. Select Test Types#
Review each suggestion. Check the boxes for the test types you want to execute. Deselect any that are irrelevant to your target or out of scope.
You can also select test types the AI didn't suggest, if you know they're relevant.
5. Prepare the Workflow#
Click Prepare. The session transitions to preparing.
During preparation:
- The AI generates tool-specific parameters for each tool in your selected test types.
- Parameters are merged with safe base defaults (AI cannot override base arguments).
- Orchestration steps are created in execution order.
- A visual workflow graph is generated.
Once preparation completes, the session transitions to ready.
6. Review the Workflow#
Before starting, review:
- The workflow graph showing the sequence of tools.
- Each step's configuration (target, tool, arguments).
- The total number of steps and estimated execution time.
7. Start Execution#
Click Start. The session transitions to running.
Each step executes sequentially:
- A container is launched for the tool.
- Live output is streamed to the UI (updated every 2 seconds).
- Each step transitions to
completedorfailed.
Monitor the live output to ensure tools are running correctly and producing expected results.
8. Review Session Results#
Once the session reaches completed:
- Review each step's output on the session detail page.
- Download per-test-type reports (JSON format) from the Reports section of the session.
- Correlate orchestration findings with the original scan findings for a comprehensive view.
9. (Optional) Cancel a Running Session#
If you need to stop execution:
- Click Cancel on the session detail page.
- The session transitions to
canceled. Completed steps retain their output.
Expected Outcome#
A completed orchestration session with:
- All selected test type steps executed.
- Per-step output visible in the session detail.
- Per-test-type reports available for download.
- Deeper penetration testing results that complement the automated scan findings.
Common Issues#
| Issue | Cause | Resolution |
|---|---|---|
| AI suggestions are empty | Scan has very few findings or assets | Consider running orchestration with manually selected test types |
| Preparation fails | AI provider API error or timeout | Retry; check AI provider settings |
| Step fails during execution | Tool error or target unreachable | Review step output for error details |
Session stuck in preparing |
AI configuration generation taking long | Wait a few minutes; check session status |
| No AI provider configured | Settings → AI Provider not set up | Configure an AI provider with your API key |
| Container errors | Container service not running or resource limits | Contact your platform administrator |