Scan Executions#
Scan executions are pre-configured, reusable scan jobs managed in the Hive platform.
Overview#
Instead of maintaining local YAML files, you can create scan execution configurations in the Hive UI and trigger them from the CLI by ID:
Creating Executions#
In the Hive UI, navigate to Attack Platform > Scan Executions:
- Click New Execution
- Select a Runbook or Attack Tree as the base
- Configure targets and parameters
- Optionally link to an engagement
- Save the execution
The execution stores the complete configuration — target, modules, arguments, and metadata.
Running Executions#
From CLI#
# Execute by ID
aphids-cli -se EXECUTION_ID
# With explicit API key
APHIDS_API_KEY="your-key" aphids-cli -se EXECUTION_ID
From Hive UI#
- Navigate to Attack Platform > Scan Executions
- Select the execution
- Click Run to dispatch to an available agent
From Agent Mode#
Agents receive execution commands automatically via WebSocket when dispatched from the Hive UI.
Execution Lifecycle#
| Status | Description |
|---|---|
| Pending | Created, not yet started |
| Running | Actively executing modules |
| Paused | Interrupted, can be resumed |
| Completed | All modules finished |
| Failed | Error during execution |
Execution History#
All executions are tracked with:
- Start and end timestamps
- Module completion progress
- Result summaries
- Error logs
- Linked engagement and campaign
View history in Attack Platform > Scan Executions or query via the Hive API.
Comparing Executions#
Run the same execution against a target over time to track changes:
- New assets discovered
- Resolved vs. persistent findings
- Vulnerability trend analysis
- Drift detection
The Hive Scans > Compare feature enables side-by-side execution comparison.