REDVEIL/Docs

Internal Testing

Run internal network security testing from a customer-deployed RedVeil internal agent.

Internal testing lets RedVeil run network security testing from inside an organization's network through a customer-deployed internal agent. The agent receives tasks from RedVeil, executes approved tooling locally, and returns results for the project timeline, findings, and reports.

What internal testing covers

Internal network projects are intended for broad internal penetration testing. They can include:

  • Internal port scanning.
  • Service discovery.
  • Vulnerability discovery.
  • Web service checks on internal hosts.
  • SMB and Active Directory-oriented checks.
  • Credential-aware testing when domain credentials are provided.
  • Agent-led follow-up testing based on discovered services.
  • Durable task history and findings tied back to hosts.

Internal testing is separate from segmentation testing. Internal testing looks for weaknesses inside the environment. Segmentation testing validates reachability between network zones.

Internal agents

An internal agent is a deployment of the RedVeil internal testing runtime inside your network. Agents poll RedVeil for tasks and run tools where they are deployed.

Agents are managed under Settings -> Internal Agents.

The agent list shows:

  • Agent name.
  • Status: pending, online, offline, or error.
  • Last heartbeat.
  • Online-since timestamp.
  • Agent version and update availability.
  • API key prefix.
  • Reported network identity, including self IP addresses when available.

Only organization admins can create, rename, delete, or rotate internal agents.

Agent statuses

Pending

The agent has been created but has not sent its first heartbeat.

Online

The agent has checked in recently and is available for internal or segmentation work.

Offline

The agent has not checked in within the expected heartbeat window.

Error

The agent is reporting errors. Check the deployed agent logs and network connectivity.

Creating an internal agent

  1. Go to Settings -> Internal Agents.
  2. Click Create Agent.
  3. Enter a name, such as HQ Internal Agent.
  4. Copy the generated API key. It is shown only once.
  5. Copy the generated Docker command.
  6. Run the command on a host inside the network location you want RedVeil to test from.

The generated command uses the agent API key and the RedVeil internal agent image:

docker run --rm --pull always --privileged --network host \
  -e REDVEIL_API_KEY=<api_key> \
  docker.redveil.ai/internal-agent:latest

The container requires privileged and host-network access so it can run network tooling from the host's network position.

Rotating an agent API key

Use Rotate when an agent API key may have been exposed or when your key rotation policy requires it.

Rotating a key:

  • Immediately invalidates the current key.
  • Generates a new one-time visible key.
  • Requires updating the deployed agent with the new key.

Renaming an agent

Click the agent name to rename it. Renaming does not affect the API key, deployment, project assignment, or history.

Deleting an agent

Deleting an agent removes it from the organization and cancels pending tasks assigned to it. Running deployments that still use the deleted key will no longer be able to claim tasks.

Before deleting an agent, check whether active internal network or segmentation projects are using it.

Creating an internal network project

  1. Go to Projects.
  2. Select New Project.
  3. Choose Internal Network.
  4. Enter project details.
  5. Add scope manually or choose Asset Inventory if you want the scan to resolve targets from the organization inventory at scan start.
  6. In settings, select an internal agent.
  7. Choose port scan mode.
  8. Optionally provide domain credentials.
  9. Review and submit the project.

Internal network projects require a selected internal agent. If no agent is registered or selected, the project creation flow prevents submission.

Scope options

Internal network projects support:

  • Domains.
  • URLs.
  • IP addresses.
  • CIDR ranges.
  • Uploaded .csv or .txt scope files.
  • Organization Asset Inventory scope.

When Asset Inventory scope is selected, RedVeil resolves the current internal inventory and exclusions when the scan starts. This means inventory updates and exclusions made after project creation can still affect the actual scan scope.

Port scan mode

Internal testing supports two port scan modes:

  • Fast: Scans the top 1000 common ports.
  • Full: Scans all 65,535 ports.

Fast mode is appropriate for quicker coverage. Full mode provides broader service discovery but can take materially longer.

Domain credentials

You can enable Domain credentials provided and enter a domain username and password.

Credentials allow authenticated internal testing such as:

  • Authenticated service checks.
  • Privilege and access validation.
  • Active Directory-oriented checks.
  • Credential-aware discovery.

Credentials are treated as sensitive project settings. In the review UI, password values are not displayed in plaintext.

How internal scans run

When an internal scan starts, RedVeil:

  1. Verifies that the project has an internal agent.
  2. Checks the selected agent's current status.
  3. Creates or reuses an internal testing session for the project.
  4. Runs initial port discovery from the agent.
  5. Runs internal recon tooling against the configured scope.
  6. Starts the internal testing agent workflow with the recon output as context.
  7. Queues follow-up commands to the internal agent as the testing agent investigates services.
  8. Stores task output, findings, and host status updates.
  9. Queues cleanup for the internal test session when the scan finishes or is cancelled.

The internal workflow uses a persistent project test session so tools can share context while the project is active. Cleanup closes that session when testing ends.

Agent self-IP protection

Internal agents report their own network addresses. RedVeil excludes those addresses from internal and segmentation scan commands when possible, reducing the chance that the agent identifies itself as an in-scope target.

Monitoring internal testing

Use the project Hosts view to track:

  • Hosts discovered from the internal scope.
  • Current scan status.
  • Services and host details.
  • Task timeline entries.
  • Agent steps and tool outputs.
  • Findings created during testing.

If the internal agent goes offline during a scan, RedVeil records the issue and prevents the testing workflow from continuing without the required agent.

Pausing, resuming, cancelling, and retrying

Internal projects use the standard scan controls.

  • Pause: Stops progress at a safe workflow boundary and marks hosts as paused.
  • Resume: Continues the internal workflow when the selected agent is available.
  • Cancel: Stops queued work and starts cleanup.
  • Retry: Starts testing again using the project configuration and current resolved scope.

For internal network projects, RedVeil checks the selected agent before resuming.

Reporting

After internal testing has run, the Reports page can generate standard RedVeil reports and CSV exports, including:

  • Executive Report.
  • Technical Report.
  • Full Report.
  • Letter of Attestation.
  • Letter of Engagement.
  • Testing Certificate when eligible.
  • Issues CSV.
  • Compliance Mapping CSV.

PDF reports are generally available after scans complete. CSV exports remain available in more scan states, depending on report type and project status.

Best practices

  • Deploy agents close to the network segment being tested.
  • Use clear names that describe agent location, such as HQ VLAN 20 or AWS VPN Agent.
  • Keep agents online for the full scan window.
  • Rotate keys after personnel changes, suspected exposure, or test completion if required by policy.
  • Use Full port mode when service coverage matters more than runtime.
  • Provide domain credentials only when authenticated testing is authorized.
  • Use Asset Inventory and exclusions for recurring internal testing programs.

What Happens After Starting a Test

Explaining what happens after hitting "Start Test"

Segmentation Testing

Validate network segmentation reachability from a deployed RedVeil internal agent.

On this page

What internal testing coversInternal agentsAgent statusesPendingOnlineOfflineErrorCreating an internal agentRotating an agent API keyRenaming an agentDeleting an agentCreating an internal network projectScope optionsPort scan modeDomain credentialsHow internal scans runAgent self-IP protectionMonitoring internal testingPausing, resuming, cancelling, and retryingReportingBest practices