Resolve is commonly used for both executing and delivering penetration tests. This guide will focus on the customer aspect and walk you through how to interact with team members when receiving a penetration test and how to review results during and after the engagement. If you are unfamiliar with Resolve it is encouraged to read through the Introduction and Using the Resolve Interface articles to familiarize yourself.
When receiving your first penetration test through Resolve there are a couple important concepts to understand:
Resolve is made up of 3 modules, Track, Workbench, and Administration. The Track module is used for the delivery of vulnerabilities, while the Workbench module is used for the creation of vulnerabilities. You will be receiving your pen test results in the Track module.
Projects represent unique engagements performed against your environment. A project will warehouse all communication and vulnerabilities for that specific engagement. The project interface exposes a lot of information to you. At a glance Recent Activity, Recent Comments, all project dates, as well as all team members are available.
Assets are anywhere that a vulnerability can be found, they may be an IP address, URL, or even a building. You can view assets by selecting the Assets tab from the above screenshot.
Findings are vulnerabilities discovered during your engagement. A finding is a combination of a master finding and an asset. A finding can have multiple instances, each instance representing a unique location on that asset the finding was discovered. You can view findings and instances by selecting the Assets tab from the above screenshot.
Before the test begins you can view your project and begin communicating with the project team. You can access your project by going to Track > Projects and selecting the project from the projects grid. To begin talking with the project team you can leave a comment by clicking the plus sign in the Recent Comments box.
You are also able to upload documents by selecting the Documents tab across the top and clicking the Add document button.
During your test
You can continue communicating with the team throughout the test and for certain engagements you are even able to view vulnerabilities as they're discovered. By selecting the Findings or Instances tab on the top of the project you can begin exploring vulnerabilities as the team publishes them. To learn more about these features, select the info icon ( ) in the bottom right to begin a guided tour.
After your test
Once your test is complete the vulnerabilities will all be published and available underneath the findings and instances tabs. Depending on your engagement, PDF, CSV, and other report types may be uploaded to the Documents tab and will be available for download.