# How to Trigger an Internal Scan

### 1. Connect the Agent

* Connect an **Agent** with a **Custom Agent ID** to Pentest Copilot.
* Ensure the agent has a **network route** to the infrastructure you want to test.

{% content-ref url="/pages/BCrViIyemF6yKw4wr7k9" %}
[Agents](/enterprise/attack-surface/agents.md)
{% endcontent-ref %}

### 2. Open Discovery Module

* Navigate to **Modules → Internal Assessment → Discovery**.

### 3. Select the Agent

* Choose the **Agent ID** that is connected to your internal network.

<figure><img src="/files/EpeOmtuNF78TNI1Rd2qn" alt=""><figcaption></figcaption></figure>

### 4. Define the Scope

* A list of available **subnets** will be displayed.
* Provide:

  * A **list of IP addresses**, **or**
  * A **CIDR range** within the displayed subnets.

  <figure><img src="/files/VXbVtRxWjhg7NjdU7Ww1" alt=""><figcaption></figcaption></figure>

### 5. Run or Schedule Discovery

* Either **Run Discovery** immediately or **Schedule** it for later.

<figure><img src="/files/vprwNsxwMxKbn5ZiE4ec" alt="" width="373"><figcaption></figcaption></figure>

### 6. Launch the Main Module

* Navigate to **Modules → Internal Assessment → Module**.

### 7. Select Subnets for Assessment

1. **View Available Subnets**: The module displays a table of all available subnets discovered in your network, showing:
   * Subnet CIDR (e.g., `192.168.1.0/24`)
   * Subnet name
2. **Select Subnets**:
   * Use the checkbox in the first column to select individual subnets
   * Use the header checkbox to select/deselect all subnets at once
   * You can select multiple subnets to run assessments in parallel
3. **Configure Each Selected Subnet**: For each selected subnet, configure the following:

   **Agent Selection**:

   * Choose which agent will run the assessment for that subnet
   * Agents that are in the same subnet are automatically prioritized and marked with "(Same Subnet)"
   * The system automatically selects the best agent if one is available in the subnet

   **Confidence Level**:

   * Set the confidence level (0.00 to 1.00) for the assessment
   * This determines how aggressive the assessment will be
   * Higher values indicate higher confidence in findings

   **Exploit Mode**:

   * **Enabled**: The assessment will run exploit submodules during the assessment
   * **Disabled**: The assessment will only perform enumeration and discovery without attempting exploits

<figure><img src="/files/33UUYdHvOSClZQC8cUpF" alt=""><figcaption></figcaption></figure>

### 8. Configure Entity Exclusion List

After selecting subnets, the module automatically displays all entities directly connected to the selected subnets:

1. **View Subnet Entities**:
   * A table appears showing all entities (Hosts, Users, Groups) connected to your selected subnets
   * Each entity displays:
     * **Type**: Host, User, or Group
     * **Name**: Entity identifier (hostname/IP for hosts, username for users, group name for groups)
     * **Incoming Relation**: How the entity is connected to the subnet
2. **Exclude Entities**:
   * **By default, all entities are included** in the assessment
   * To exclude an entity, **uncheck the checkbox** next to it
   * You can exclude multiple entities across different subnets
   * The exclusion count is displayed at the top of the entity table

<figure><img src="/files/UxOO9pRntymMo7BBZgHA" alt=""><figcaption></figcaption></figure>

### 9. Review Configuration (Optional)&#x20;

Before running the assessment, you can review your configuration:

1. Click **"Run Assessment"** button
2. A review drawer opens showing:
   * All selected subnets with their configurations
   * Confidence level for each subnet
   * Exploit mode status (Enabled/Disabled)
   * Agent assigned to each subnet
   * Number of excluded entities per subnet
3. Review the summary and either:
   * Click **"Cancel"** to go back and make changes
   * Click **"Run assessment"** to proceed with the assessment

<figure><img src="/files/2tZfDAXppQQlWRq87KrW" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://copilot-docs.bugbase.ai/enterprise/how-to-trigger-an-internal-scan.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.