Account Creation and Attack Surface Setup

Welcome to the Praetorian Guard Platform (PGP)!

This page offers step-by-step instructions to sign up and get started in PGP.

Getting Access to PGP

Important: PGP operates on an invitation-only basis. You cannot create a free account independently - you must be invited by an existing PGP organization to gain access.

Receiving an Invitation

When an existing PGP user invites you to their organization, you will receive a "Welcome to the Praetorian Guard Platform (PGP)!" email from PGP-noreply@praetorian.com. This email contains:

• A personalized signup link for creating your account• Information about the organization that invited you• Instructions for completing your registration

Creating Your Account

Critical Email Requirement: You must use the exact same email address (case-sensitive) that was used when you were invited as a collaborator. Email addresses like "user@example.com" and "User@example.com" are treated as different addresses.

1. Click the signup link in your invitation email2. You'll be taken to the registration page3. Enter the exact email address that received the invitation4. Create a secure password for your account5. Complete any additional required information

Email Verification

After creating your account, you'll receive a verification code via email to confirm your address:

1. Check your email for a verification code from PGP-noreply@praetorian.com2. The email subject will be "Your verification code"3. Enter the code when prompted to complete your registration

Accessing PGP

Once your account is verified, you can sign in at https://PGP.praetorian.com/login using:

• Email and password• Single Sign-On (SSO) if configured by your organization• Google authentication if enabled

Multi-Factor Authentication

• First Login: When you log in to PGP for the first time (and SSO is not enabled), you will be required to set up MFA. The setup process will begin automatically and you must complete it to access your account.

• Follow the On-Screen Instructions: PGP will display a QR code and a manual setup key. Open your authenticator app, scan the QR code (or enter the key), and enter the 6-digit code generated by your app to verify.

• Save Recovery Codes: After successful setup, you will receive recovery codes. Save these codes securely—they are required if you lose access to your authenticator device.

• Access Granted: Once MFA is configured, you will be able to use PGP. You will be prompted for a 6-digit code from your authenticator app each time you log in.

• After setting up MFA, you will be prompted for a 6-digit code from your authenticator app each time you log in.

• Enter the code to complete the login process.

Automatic Organization Access

When you sign in to PGP after being invited as a collaborator, the system automatically places you into the organization that invited you. You will immediately have access to that organization's security data and assets without needing to manually switch accounts.

Multiple Organization Access: If you are a collaborator in multiple organizations, you can navigate between them by clicking the account icon in the top right corner and selecting the desired organization from the dropdown menu.

This marks the beginning of your PGP journey!

Upon accessing PGP for the first time, you will be presented with the Metrics dashboard:

Right now your Metrics dashboard is empty. As PGP finds assets and vulnerabilities associated with your digital domain, this page will provide useful at-a-glance information.

Seeds

To start PGP scans, navigate to the Seeds page by clicking Seeds on the navigation bar on the left side of the screen.

In PGP, a seed is a persistent digital asset owned by your organization. You can input top level domains, fully qualified domain names, CIDR ranges, or IP addresses. These should be stable resources. In other words, an ephemeral IP address managed by a cloud service would not be a good addition as a seed. The domain that IP is tied to, would be a good addition as a seed.

On the top right of the Seeds table, there is an Add Seed button. Click the Add Seed button.

A pop-up will appear. In this pop-up, you can add an individual seed, or add a file with a list of seeds.

You can input any of these as seeds:

- Top-level domains (e.g., example.com)- Fully qualified domain names (e.g., subdomain.example.com)- CIDR ranges (e.g., 192.168.1.0/24)- IP addresses (e.g., 192.168.1.1)

Once you input a seed, another pop-up will ask which type of scanning you want PGP to perform:

Choose one of two scanning options:- Enumerate Assets Only: Identifies all digital assets associated with your seed- Discover Vulnerabilities: First identifies assets, then performs security scans on each one

Assets

After you've added your root domain and other seeds, click Assets on the navigation bar on the left side of the screen.

The Assets page is where you can see your full attack surface in PGP.

You can click on any asset to see more information.

Each asset will have an Overview, Vulnerabilities (if any are found), Domain information, Technologies associated with the asset, Cloud information, and a section to add Notes.

Vulnerabilities

Navigate the to the Vulnerabilities page using the left navigation bar.

Here, you will see a comprehensive list of all the vulnerabilities PGP has found and the asset they were found on.

Users and Collaboration

PGP enables seamless cross-account collaboration through its invitation workflow. By inviting collaborators, you grant other PGP users access to view and work with your account's security data. This feature is essential for organizations that need to share security insights across teams or with external partners.

Invitation Workflow

The invitation process in PGP is designed to be simple and secure:

1. Navigate to the Users PageAccess the Users page from the left navigation menu to manage your account's authorized users and collaboration settings.

2. Add a New UserClick the "Add User" button in the top right of the Authorized Users section. This opens an invitation modal where you can enter the collaborator's details.

3. Enter Email AddressIn the invitation modal, enter the exact email address of the person you want to invite. This must match the email address they used to create their PGP account, as email addresses are case-sensitive.

4. Grant AccessClick "Add" to send the invitation. The system will immediately establish the collaboration relationship between your accounts.

5. Automatic Account LinkingOnce the invitation is processed:• The invited user appears in your "Authorized Users" list• Your account automatically appears in their "Collaborating With" section• Email notifications are automatically sent to inform users of the collaboration

How Collaborators Access Your Account

When someone becomes a collaborator on your account, PGP's frontend automatically handles their account access through intelligent routing:

Automatic Account PlacementWhen collaborators sign in to PGP, the system automatically places them into the most appropriate account based on their access permissions and previous activity. The frontend uses their last visited account or defaults to their primary account if no previous activity exists.

Account Switching for Multiple OrganizationsIf collaborators have access to multiple organizations, they can easily switch between accounts using the account dropdown menu in the top right corner. This dropdown displays all organizations they have access to, showing either the organization's name and logo (if configured) or the organization's email address.

Full Access PermissionsOnce collaborators are in your organization, they have full access to your account's security data, including assets, vulnerabilities, and settings. All users within an organization account share the same permission levels.

Managing Collaborators

The Users page provides comprehensive collaboration management:

Authorized Users Section:• View all users who have access to your account• See when each collaborator was added• Remove access for any collaborator using the "Remove Access" button

Collaborating With Section:• View organizations that have invited you as a collaborator• See security risk summaries for each organization• Export risk data for reporting and analysis• Switch between different organization accounts

Important Security Considerations

When inviting collaborators, keep these security best practices in mind:

• Email Accuracy: Ensure the email address exactly matches the collaborator's PGP account email (case-sensitive)• Full Access: Collaborators receive complete access to your account data - only invite trusted individuals• Regular Review: Periodically review your authorized users list and remove access for users who no longer need it• Organization Accounts: Consider using SSO for larger organizations to centrally manage user access

For detailed instructions on advanced user management features, see Managing Users documentation.

Integrations

To get the most from PGP, we recommend integrating with your existing service providers. PGP offers integrations to applications that provide Breach and Attack Simulation, Cloud Security Posture Management, Cloud Service Providers, Content Delivery Solutions, Cyber Asset Attack Surface Management, Firewall, IT Service Management, Managed Detection and Response, Managed DNS, Passive DNS, Source Code Management, and Vulnerability Management services.

From the Integrations page, you can connect PGP and your existing services. Documentation for each integration can be found in the Integrations section.

Whether you add additional services or not, PGP will find and add assets related to the seeds you provided.

Settings

The Settings page provides comprehensive control over your PGP account configuration, notifications, security features, and appearance preferences.

The Settings page is organized into five main tabs, each providing specific configuration options:

Scan Settings

- Scan Status: View and control the current scanning status (Active/Paused)

- Whitelisting Details: Access your account-unique header for security tool allowlists

- Source IP Configuration: Configure dynamic or static IP addresses for scanning

- Scan Schedule: Set up automated scanning schedules with timezone support

- Scan Levels: Configure global scan intensity and coverage levels

- Rate Limiting: Manage advanced rate limiting settings for scan performance

- PGP Modules: Enable or disable specific PGP capabilities and features

Notification Settings

- Notifications Management: Configure alerts through external integration channels (Slack, Teams, etc.)

- Exposure Alerts: Set up monitoring for externally exposed ports and services

- Webhook URL: Generate and manage unique URLs to push assets and risks to PGP

- Note: Notifications must be configured before adding Exposure Alerts

Organization Settings (Only visible when managing other accounts)

- Organization Details: View and edit organization name and contact information

- Single Sign-On (SSO): Enable and configure SSO authentication for organization users

- Profile Picture: Upload and manage organization logo/profile image

User Settings

- Personal Details: Manage your individual user information

- Authentication Methods: Configure personal authentication preferences

- Interface Theme: Customize application appearance with system, dark, or light mode options

Monitoring

- Asset Statistics: View comprehensive monitoring statistics for your security assets

- Cloud Assets: Monitor cloud infrastructure and services

- Network Assets: Track network-based assets and endpoints

- Code Assets: Oversee code repositories and development assets

Congratulations

You have successfully set up PGP - congratulations! You can now review the remaining documentation to take full advantage of the PGP platform.