This page walks through the end-to-end S4E workflow - from onboarding your first asset to continuous, automated security monitoring.
The S4E Workflow
Stage 1: Add Assets
Everything in S4E starts with assets. Before you can scan anything, you need to tell the platform what you want to protect.
You can add assets in several ways:
- Manual entry - Add individual domains, IPs, or URLs through the web interface.
- Bulk import - Upload a CSV or use the API to import a large asset inventory at once.
- Automated discovery - S4E can discover related assets (subdomains, linked applications) through crawling and DNS enumeration once you provide a root domain.
When adding assets, you can assign tags (e.g., production, staging, payment-system) and criticality levels to help prioritize findings later.
Asset Service Tracking
If advanced security is enabled, S4E discovers open services and ports on your assets and automatically tracks and monitors them. When a new service or port is detected, S4E automatically triggers a scan for that service. This means you do not need to manually initiate scans every time your infrastructure changes - the platform keeps up with your attack surface in real time.
Tip
Start with your most critical, internet-facing assets. You can expand your inventory over time as you become familiar with the platform.
Stage 2: Verify Ownership
Before any scan can run against an asset, S4E requires ownership verification. This ensures that you are authorized to test the target and prevents unauthorized scanning of third-party infrastructure.
Verification methods include:
- DNS TXT record - Add a specific TXT record to your domain's DNS configuration.
- HTML meta tag - Place a meta tag in the root page of your web application.
- File upload - Host a verification file at a specific path on your web server.
Verification is a one-time step per asset. Once verified, the asset remains verified unless ownership is explicitly revoked.
Stage 3: Run Scans & Crawler
With verified assets in place, you can begin scanning. S4E provides multiple scanning modes:
On-Demand Scans
Trigger a scan immediately from the web interface or API. Select the scan type (or multiple types), choose the target assets, and start the scan. Results begin appearing as the scan progresses.
Scheduled Scans
Set up recurring scans to run automatically at defined intervals - daily, weekly, or on a custom cron schedule. Scheduled scans ensure continuous coverage without manual intervention.
Crawler
You can also start the Crawler on any verified asset. The crawler navigates through your web application like a real user, discovering pages, endpoints, hidden paths, API routes, and dynamically generated content. Crawler results are automatically fed into the scanning pipeline, expanding the scope of your security assessments without manual configuration.
Enrichment
After scans and crawling complete, S4E enriches the collected data with additional context - technology stack detection, known CVE mappings, geolocation, WHOIS data, certificate details, and third-party threat intelligence feeds. This turns raw scan output into actionable, context-rich findings.
AI-Created Scans
Describe what you want to test in plain English, and the AI generates and executes the scan code for you. No coding required.
Stage 4: Review Findings
Once scans complete, findings appear in the Findings dashboard. Each finding represents a specific security issue discovered on a specific asset.
The findings view provides:
- Filtering and search - Filter by severity, asset, scan type, status, tags, or date range.
- Detailed view - Drill into any finding to see full technical details, evidence, and remediation guidance.
- Security scoring - Findings are ranked by composite security score, helping you focus on what matters most. Lower security score means higher risk.
- Status management - Mark findings as Confirmed, Resolved, False Positive, or Accepted Risk.
- Trend tracking - See how findings evolve over time - new issues, recurring issues, and resolved issues.
Stage 5: Take Actions
When a finding requires a response, you can execute actions directly from the findings interface.
Choose from the Action Library
S4E provides a built-in Action Library with pre-built actions you can use immediately:
- Notify - Send alerts via email, Slack, Microsoft Teams, or webhook.
- Create ticket - Open an issue in Jira, ServiceNow, or another issue tracker with pre-populated finding details.
- Remediate - Execute a script or API call to apply a fix, update a configuration, or deploy a patch.
- Mitigate - Apply a temporary mitigation such as enabling a WAF rule or blocking traffic.
Set Up Integrations
Connect S4E with your existing tools to automate your workflow:
- Issue trackers - Jira, ServiceNow, Asana, Linear
- Communication - Slack, Microsoft Teams, email
- SIEM - Splunk, ELK, QRadar
- Webhooks - Send finding data to any custom endpoint
Automation Rules
Define rules that trigger actions automatically when findings match specific criteria. For example: "auto-create a Jira ticket for all Critical findings on production assets."
AI-Suggested Actions
S4E's AI engine can suggest appropriate actions based on the finding type, asset context, and historical remediation patterns.
Every action execution is logged with timestamps, initiator information, and outcome status for audit and compliance purposes.
Stage 6: Monitor Continuously
S4E is designed for continuous operation, not one-time assessments. Once your workflow is established, the platform runs autonomously:
- Scheduled scans run on their defined cadence, continuously checking for new vulnerabilities and verifying that resolved issues stay fixed.
- Asset service tracking detects new services and ports and triggers scans automatically.
- Automated actions respond to new findings without manual intervention.
- Dashboards and KPIs track your security posture over time, showing trends in finding counts, remediation velocity, and overall security score.
- Reports can be generated on demand or scheduled for automatic delivery to stakeholders.
- Alerts notify your team when significant events occur - new critical findings, scan failures, or security score changes.
Tip
Start with manual scans and actions to build confidence, then gradually introduce scheduling and automation rules.
What's Next
- S4E Cloud - Getting Started - Set up your account and run your first scan.
- S4E On-Prem - Deployment - Install S4E in your own infrastructure.
- Core Concepts - Review detailed definitions of assets, scans, findings, and other platform objects.
- API Reference - Integrate S4E into your existing toolchain programmatically.