Signing Up For the First Time

Welcome to the Praetorian Guard Platform (PGP)!

This page offers step-by-step instructions to sign up and get started in PGP.

Sign up

1. Navigate to https://guard.praetorian.com/login

2. On your first visit, you'll see several options:

- Sign in with email/password
- Sign in with Single Sign-On (SSO)
- Sign in with Google
- Sign up (for new users)

Once invited to the Guard platform, you will be able to sign up with the email that received the welcome email.

Enter your email and create a password on the Sign Up page. You'll receive a verification code via email within a few minutes to confirm your address.

When you click Continue you will be prompted for the code that was sent to the email you used to Sign Up.

Your verification email will come from guard-noreply@praetorian.com with the subject "Your verification code".

When you enter the code into the boxes provided, you will be authenticated into PGP.

On your first sign-in, you will be prompted to set up multi-factor authentication (MFA). Guard supports most major MFA applications. All users that do not access Guard through SSO are required to sign in with MFA.

This marks the beginning of your PGP journey!

Seeds

To start PGP scans, navigate to the Seeds page by clicking Seeds on the navigation bar on the left side of the screen.

In PGP, a seed is a persistent digital asset owned by your organization. You can input top level domains, fully qualified domain names, CIDR ranges, IP addresses, GitHub organizations, or GitHub repositories. These should be stable resources. In other words, an ephemeral IP address managed by a cloud service would not be a good addition as a seed. The domain that IP is tied to, would be a good addition as a seed.

On the action bar of the Seeds table, there is an Add Seed button. Click the Add Seed button.

You can add Network Assets, Web Applications, or Web Services.

When chosing Network Assets you can add an individual seed, or add a file with a list of seeds.

You can input any of these as network asset seeds:

- Top-level domains (e.g., example.com)
- Fully qualified domain names (e.g., subdomain.example.com)
- CIDR ranges (e.g., 192.168.1.0/24)
- IP addresses (e.g., 192.168.1.1)
- GitHub organizations (https://github.com/praetorian-inc)
- GitHub repositories (https://github.com/praetorian-inc/noseyparker)

For web application or web service seeds, you can enter enter fully qualified domain names (FQDNs) directly or upload a list.

Assets

After you've added your root domain and other seeds, click Assets on the navigation bar on the left side of the screen.

The Assets page is where you can see your full attack surface in PGP.

You can click on any asset to see more information.

Each asset will have an Overview, Vulnerabilities (if any are found), Domain information, Technologies associated with the asset, Cloud information, and a section to add Notes.

Technologies

Navigate to the Technologies using the left navigation bar.

Here you will see a comprehensive list of the technologies that PGP has identified within your attack surface.

Vulnerabilities

Navigate the to the Vulnerabilities page using the left navigation bar.

Here, you will see a comprehensive list of all the vulnerabilities PGP has found and the asset they were found on.

Integrations

To get the most from PGP, we recommend integrating with your existing service providers. PGP offers a wide variety of integrations. You can look for integrations by category or by searching directly for an intended integration.

From the Integrations page, you can connect PGP and your existing services.

Whether you add additional services or not, PGP will find and add assets related to the seeds you provided.

Settings

The Settings page provides comprehensive control over your PGP account configuration, notifications, security features, and appearance preferences.

On the Settings page, you can manage:

-Scan Settings; Configure how Guard scans your attack surface.

- Notifications; Configure alerts through external integration channels. Set up Exposure Alerts to monitor externally exposed ports and services. Note that Notifications must be configured before adding Exposure Alerts.

- Organization Details; View and edit your organization name and contact email or set up SSO.

- User Management; Control and see details about who has access to your account.

-Access Logs; View who is logging into the account and when.

- Asset Monitoring; Visualize complete counts of the assets that Guard is tracking in your account.

- Annual Subscription; Get details about what your subscription to Guard covers.

Congratulations

You have successfully set up the Praetorian Guard Platform - congratulations! You can now review the remaining documentation to take full advantage of the PGP platform.