Discover agent/skill artifacts via RTR (configurable regex patterns), scan content for prompt-injection phrases, and review malicious skills.
Worker: 2026-05-21T21:37:41.236344+00:00
· Endpoints sync: —
Saved scan definitions (endpoints, folder, artifact patterns). Use Run to start a scan run.
| Request | Description | Created | Hosts | Patterns | Offline backoff | Scan root | Latest run | |
|---|---|---|---|---|---|---|---|---|
| No scan requests yet. Create one below. | ||||||||
Pipeline executions (discovery → queue → content scan).
| Run | Request | Status | Created | Started | Finished | Hosts | Artifacts | Queue | Errors | Scan root | Endpoints |
|---|---|---|---|---|---|---|---|---|---|---|---|
| No scan runs yet. | |||||||||||
CrowdStrike / RTR failures and timeouts from mvp_logs. scan_run_id is set for scan pipeline steps; List endpoints uses null.
| Time | Phase | Scan run | Endpoint | Path / queue | Message | HTTP | CrowdStrike body |
|---|---|---|---|---|---|---|---|
| No operation logs yet. | |||||||
Populated when Start scan runs ls -R. Malicious is pending until the scheduler finishes content analysis.
| Remote path | Endpoint UID | sha256 | Malicious | Discovered at | Content scanned |
|---|---|---|---|---|---|
| No skills discovered yet. Run Start scan. | |||||
Select at most one row, then display file contents via RTR get.
No endpoints in database. Click List endpoints to sync from Falcon.