Settings

Settings

Overview

The Settings page provides comprehensive control over your account configuration in the Praetorian Guard Platform (PGP). From here, you can manage how Guard scans your infrastructure, configure notifications, control user access, and view audit logs. The Settings page is organized into tabs, each focused on a specific area of configuration.

Settings management requires the Admin role. Users with the Analyst or Read Only role will not see settings management options.

Scan Settings

The Scan Settings tab controls how Guard scans your attack surface. It contains three sections:

Rate Limiting

Rate limiting gives you control over how aggressively Guard scans your infrastructure, allowing you to balance scan speed against network impact.

  • Maximum simultaneous hosts scanned — Controls how many assets are scanned in parallel at any given time. Range: 30–500 (custom) or System Managed (up to 1,500). Default: System Managed.

  • Maximum rate of requests per host — Controls the maximum rate of requests sent to each individual host during a scan. Range: 25–250 requests/second (custom) or System Managed (up to 300 rq/s). Default: System Managed.

Adjust both settings using the sliders and click Apply. Changes take effect on the next scan cycle. For detailed guidance on choosing rate limits, see the Scan Limits article in the documentation.

Scan Schedule

Scan scheduling lets you define specific time windows during which Guard will perform scanning activities. You can configure:

  • Days of the week — Select which days scanning should occur

  • Time window — Define start and end times in 30-minute increments

  • Timezone — Choose between UTC and ET

Click Save to apply your schedule. To remove a custom schedule and return to default (continuous scanning), click Reset to Default. For more details, see the Scan Windows article in the documentation.

Scan Profiles

Scan profiles let you apply custom rate limit settings to specific assets or groups of assets, overriding the global account settings. Profiles can be more or less restrictive than your account-wide rate limits.

To create a scan profile, use the Scan Settings tab. Once created, you can assign assets to a profile from the asset's detail page by clicking Manage > Change Scan Profile. When an asset is assigned to a profile, that profile also applies to all of its child assets (assets discovered directly from it).

Notification Settings

The Notification Settings tab is where you configure how Guard communicates alerts about new findings and exposures.

Email Notifications

Email notifications deliver security alerts directly to your inbox when Guard discovers new vulnerabilities that meet your configured severity threshold.

  • Click Add Email to create a new email notification

  • Enter the recipient email address

  • Select a severity threshold (Critical, High, Medium, Low, or Info) — the threshold is cumulative, meaning selecting Medium triggers alerts for Medium, High, and Critical findings

  • Each email notification is configured independently, so you can route different severity levels to different teams

For full details on email notification configuration, content, and behavior, see the Email Notifications article in the documentation.

Push Notifications

Push notifications send alerts to external platforms your team already uses. Click Add Notification to see the available integrations, which include Slack, Microsoft Teams, Google Chat, Jira, ServiceNow, and others.

Each push notification integration is configured with its own connection details and severity threshold. For setup instructions for each platform, see the Notifications section of the documentation.

Exposure Alerts

Exposure alerts monitor your attack surface for specific conditions and generate notifications when they are detected. You can toggle alerts for:

  • Port Exposures — Monitor for assets with specific open ports (e.g., SSH on port 22, RDP on port 3389)

  • Protocol Exposures — Monitor for assets using specific protocols (e.g., FTP, HTTP)

  • Cloud Provider Exposures — Monitor for assets discovered on specific cloud platforms (e.g., AWS, Azure, GCP)

  • Surface Exposures — Monitor for assets discovered through specific sources (e.g., GitHub, CrowdStrike)

When a condition is detected, Guard creates an "exposure" type vulnerability and sends a notification through your configured channels. For full details, see the Exposure Notifications article in the documentation.

Organization Settings

The Organization Settings tab manages your organization's identity and authentication configuration.

Organization Details

  • Organization Logo — Upload your organization's logo by clicking the upload area or dragging and dropping an image file. The logo appears across the platform. Use the Remove button to revert to the default avatar.

  • Organization Name — Your organization's name is displayed throughout the platform. Click the field to update it.

Organization Profile

The organization profile display name is used by Guard's automated features — such as the Asset Affiliation Agent — to match your organization against WHOIS registrants, SSL certificate organizations, and web content. Ensure this is set to your organization's official name.

Single Sign-On (SSO)

SSO allows your organization's users to authenticate through your identity provider. Click +Add Provider to begin setup. Guard supports OIDC-based SSO with providers including Azure AD (Entra ID), Okta, and PingID.

SSO configuration requires domain verification through a DNS TXT record. The verification ID is displayed in the SSO setup dialog on this tab. For detailed setup instructions, see the SSO configuration guides for your identity provider in the documentation.

When SSO is configured with RBAC, you can set a default role for SSO users and map roles from your identity provider's token claims. See the Role-Based Access Controls article for details.

User Management

The User Management tab controls who has access to your account and what role they have.

Authorized Users

This section displays a table of all users with access to your account, showing each user's email or display name, role, and date added.

  • Add User — Click to invite a new user by email. Select a role (Admin, Analyst, or Read Only) during the invitation.

  • Change Role — Click the role dropdown next to a user's name to change their role. The change takes effect immediately.

  • Remove Access — Click the Remove button next to a user to revoke their access.

Collaborating With

This section shows other organizations that have invited you to view their data. For each organization, you can see risk severity counts (Info, Low, Medium, High, Critical) and export functionality.

For a full explanation of roles and permissions, see the Role-Based Access Controls article in the documentation.

Scan Header

The Scan Header tab displays your unique scan attribution headers used in all outbound scan traffic from Guard. This information helps your security operations team identify and allowlist Guard scanning activity in your WAF, IDS/IPS, or SIEM.

The tab shows:

  • Chariot HTTP header — A custom header included in scan requests, with the value being an MD5 hash of your account username

  • User-Agent string — A chariot- prefixed user agent included in scan requests

These values are consistent across all scans for your account. For full details on traffic attribution, allowlisting rules, and the out-of-band interaction server, see the Network Traffic Attribution article in the documentation.

Access Logs

The Access Logs tab provides an audit trail showing who is logging into your account and when. Configuration changes — such as modifications to rate limit settings — are also logged here. This gives you visibility into account activity for security monitoring and compliance purposes.

Asset Monitoring

The Asset Monitoring tab provides a visualization of the complete counts of assets that Guard is tracking in your account. This gives you an at-a-glance view of your attack surface size and composition.

Annual Subscription

The Annual Subscription tab provides details about what your subscription to Guard covers.

Support

If you encounter any difficulties or need clarification about any settings, reach out to our support team at support@praetorian.com.