# How to Trigger an External Scan

### 1. Navigate to Target Asset Page

* Go to **Attack Surface → Target Asset**.

<figure><img src="/files/JhvcN8v9F8Urj5e7dbHL" alt="" width="563"><figcaption></figcaption></figure>

### 2. Add an Asset

* Choose the asset type based on the scan:
  * **Domain** → for web applications.
  * **APKFile** → for Android applications.
* Enter the domain name (e.g., `example.com`).
* *(Optional)* IIf you have specific starting URLs for authenticated and unauthenticated sessions, such as `/login` for unauthenticated sessions and `/dashboard` for authenticated sessions, please add them in the fields for **Starting Path for authenticated sessions** and **Starting Path for unauthenticated sessions**.

<figure><img src="/files/n7QTKnyzCqInRD40XpPL" alt=""><figcaption></figcaption></figure>

### 3. Verify Sandbox and Cloud Agent Connections

* Ensure that the **Sandbox Agent** is connected and ready.

<figure><img src="/files/PoNmy3IFK1pP7Cb5yaEs" alt=""><figcaption></figcaption></figure>

### 4. Open Discovery Module

* Navigate to **Modules → External Assessment → Discovery**.

<figure><img src="/files/htPat0JnEwMQnLhCsYFt" alt=""><figcaption></figcaption></figure>

### 5. Select the Target

* Choose the **Target Domain** you just added.

<figure><img src="/files/nXHnQROrzFd1Awtfo6Vk" alt=""><figcaption></figcaption></figure>

### 6. Configure Scan Settings

Configure scan settings for External Assessment to control how scans run, including authentication, browser sessions, rate limits, and manual crawling. Click the **Settings** icon (on the right side of the target asset) to configure.

{% content-ref url="/pages/JqTFyGv6qHEq1MBlbEzs" %}
[Configure Scan Settings for External Assessment](/enterprise/how-to-trigger-an-external-scan/configure-scan-settings-for-external-assessment.md)
{% endcontent-ref %}

### 7. Review final configuration

* Click **Run Assessment**.
* Two options will appear:

  1. **Run Discovery first, then the main module** (manually start second step).
  2. **Trigger External Scan automatically after Discovery** (recommended).

  <figure><img src="/files/VbPmPVcUBLhK3GYUOaHT" alt="" width="563"><figcaption></figcaption></figure>

### 8. Select Scan Categories

* If you chose *Trigger External Scan*, a list of **Scan Categories** will appear.
* Select **specific categories** or **leave empty** for all vulnerability categories to be tested
* Save the configuration.

<figure><img src="/files/ivknZFzIVDVnCvrrhgK8" alt="" width="563"><figcaption></figcaption></figure>

### 9. Run the Assessment

* Click **Run Assessment** to begin the scan.

{% hint style="info" %}
Make sure to configure the domain settings properly before running the assessment [Settings](/enterprise/settings.md#domains)
{% endhint %}

<figure><img src="/files/X7u55ZtayWKfluSAEAvd" alt=""><figcaption></figcaption></figure>

* Track scan status / activity on the Activity page

{% content-ref url="/pages/QJ9ahgjtOWQNnN87Ivzs" %}
[Activity](/enterprise/activity.md)
{% endcontent-ref %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://copilot-docs.bugbase.ai/enterprise/how-to-trigger-an-external-scan.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.