# Table of Contents - [Method Platform Docs | Method Platform | Documentation](#method-platform-docs-method-platform-documentation) - [What is Method? | Method Platform | Documentation](#what-is-method-method-platform-documentation) - [Products | Method Platform | Documentation](#products-method-platform-documentation) - [Bastion | Method Platform | Documentation](#bastion-method-platform-documentation) - [FAQs | Method Platform | Documentation](#faqs-method-platform-documentation) - [Reaper | Method Platform | Documentation](#reaper-method-platform-documentation) - [Concepts | Method Platform | Documentation](#concepts-method-platform-documentation) - [Administration | Method Platform | Documentation](#administration-method-platform-documentation) - [Operator | Method Platform | Documentation](#operator-method-platform-documentation) - [Automator | Method Platform | Documentation](#automator-method-platform-documentation) - [Issues | Method Platform | Documentation](#issues-method-platform-documentation) - [Explorer | Method Platform | Documentation](#explorer-method-platform-documentation) - [Tools | Method Platform | Documentation](#tools-method-platform-documentation) - [Applications | Method Platform | Documentation](#applications-method-platform-documentation) - [Release Notes | Method Platform | Documentation](#release-notes-method-platform-documentation) - [Using the Method SDK | Method Platform | Documentation](#using-the-method-sdk-method-platform-documentation) - [Get Token With Client Credentials | Method Platform | Documentation](#get-token-with-client-credentials-method-platform-documentation) - [Primitives | Method Platform | Documentation](#primitives-method-platform-documentation) - [Architecture Overview | Method Platform | Documentation](#architecture-overview-method-platform-documentation) - [System Architecture | Method Platform | Documentation](#system-architecture-method-platform-documentation) - [Data Architecture | Method Platform | Documentation](#data-architecture-method-platform-documentation) - [Jackal C2 | Method Platform | Documentation](#jackal-c2-method-platform-documentation) - [Create a new Environment | Method Platform | Documentation](#create-a-new-environment-method-platform-documentation) - [Getting started with Guides | Method Platform | Documentation](#getting-started-with-guides-method-platform-documentation) - [Create an Adversary | Method Platform | Documentation](#create-an-adversary-method-platform-documentation) - [Product Architecture | Method Platform | Documentation](#product-architecture-method-platform-documentation) - [Start an Operation from Explorer | Method Platform | Documentation](#start-an-operation-from-explorer-method-platform-documentation) - [Operation Notes | Method Platform | Documentation](#operation-notes-method-platform-documentation) - [Using Filters to query data in Explorer | Method Platform | Documentation](#using-filters-to-query-data-in-explorer-method-platform-documentation) - [Your first Operation | Method Platform | Documentation](#your-first-operation-method-platform-documentation) - [Investigating Risk Types | Method Platform | Documentation](#investigating-risk-types-method-platform-documentation) - [Living off the Land | Method Platform | Documentation](#living-off-the-land-method-platform-documentation) - [Issue Triage and Resolution | Method Platform | Documentation](#issue-triage-and-resolution-method-platform-documentation) - [Running a Task. | Method Platform | Documentation](#running-a-task-method-platform-documentation) - [Configure Issue Severity Overrides | Method Platform | Documentation](#configure-issue-severity-overrides-method-platform-documentation) - [Create your first Task | Method Platform | Documentation](#create-your-first-task-method-platform-documentation) - [Creating a Test Case | Method Platform | Documentation](#creating-a-test-case-method-platform-documentation) - [Use Entra ID for SSO | Method Platform | Documentation](#use-entra-id-for-sso-method-platform-documentation) - [AWS Integration | Method Platform | Documentation](#aws-integration-method-platform-documentation) - [AWS Integration - Manual | Method Platform | Documentation](#aws-integration-manual-method-platform-documentation) - [AWS Integration - CloudFormation | Method Platform | Documentation](#aws-integration-cloudformation-method-platform-documentation) - [Create Powerful Automations | Method Platform | Documentation](#create-powerful-automations-method-platform-documentation) - [Use Okta for SSO | Method Platform | Documentation](#use-okta-for-sso-method-platform-documentation) - [Understand your organization's risks | Method Platform | Documentation](#understand-your-organization-s-risks-method-platform-documentation) - [Leveraging the Scorecard | Method Platform | Documentation](#leveraging-the-scorecard-method-platform-documentation) - [Integrate with Kubernetes | Method Platform | Documentation](#integrate-with-kubernetes-method-platform-documentation) - [Integrate with Okta | Method Platform | Documentation](#integrate-with-okta-method-platform-documentation) - [AWS Integration - Terraform | Method Platform | Documentation](#aws-integration-terraform-method-platform-documentation) - [Understand your organization's risks | Method Platform | Documentation](#understand-your-organization-s-risks-method-platform-documentation) - [Install and Configure a Jackal | Method Platform | Documentation](#install-and-configure-a-jackal-method-platform-documentation) - [Single Sign-On (SSO) Overview | Method Platform | Documentation](#single-sign-on-sso-overview-method-platform-documentation) - [Get Token With Client Credentials | Method Platform | Documentation](#get-token-with-client-credentials-method-platform-documentation) --- # Method Platform Docs | Method Platform | Documentation ![](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/pages/home/images/cyber-layer-1.gif) Method Platform =================== Method is a full-spectrum, defense and offense, security platform designed to deliver resilience to critical institutions. [Platform Overview](https://docs.method.security/platform) Learn about the functions and architecture of Method Platform. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fhome%2Fimages%2FProductArchDetailed.png&w=3840&q=75) [What is Method?](https://docs.method.security/platform/overview/what-is-method) [Products](https://docs.method.security/platform/products) [Architecture](https://docs.method.security/platform/architecture) [Guides](https://docs.method.security/docs/getting-started/overview) Step-by-step user and administrator guides on getting stuff done. [Get started with Guides](https://docs.method.security/guides/overview/getting-started) [Bastion](https://docs.method.security/guides/bastion/defend-your-organization) [Reaper](https://docs.method.security/guides/reaper/your-first-operation) [Explorer](https://docs.method.security/guides/explorer/filtering-data) [Issues](https://docs.method.security/guides/issues/filter-and-close-issues) [Automator](https://docs.method.security/guides/automator/primitives) [Jackal Agents](https://docs.method.security/guides/agents/install/install) [Integrations](https://docs.method.security/guides/integrations/cloud/aws/overview) [Developer & API](https://docs.method.security/developer) Use the Method SDK or API to query and control the platform. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fhome%2Fimages%2FApiExample.png&w=3840&q=75) [SDK](https://docs.method.security/developer) [API](https://docs.method.security/api) Connect ### Support Find us in your dedicated chat channel or connect over email. [Send Support Email](mailto:support@method.security) ### Demo Request a demo to see Method in action. [Request Demo](mailto:sales@method.security) ### GitHub Check out or contribute to open source tools. [View](https://github.com/method-security) ### X Connect on Twitter / X for company updates. [View](https://x.com/method_security) * * * [Built with](https://buildwithfern.com/?utm_campaign=buildWith&utm_medium=docs&utm_source=docs.method.security) [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # What is Method? | Method Platform | Documentation The Method Platform is a full spectrum security platform, spanning defensive and offensive capabilities, designed for all domains - cloud, on-premise, edge, apps, identity, endpoint, and more. * * * Accelerate the scale and speed of your security program through a continuous combination of defense and offense --------------------------------------------------------------------------------------------------------------- The Method Platform is a full spectrum security platform combining autonomy, data, tooling, and command & control (C2) to power defensive and offensive products. It is architected around two point of views regarding the future of security: * In order to win, teams must **safely** harness **autonomy** at **scale** * The most valuable outcomes are naturally cross-category, cross-domain, and cross-workflow In essence, the Method Platform is the ultimate infrastructure for proactive security agents optimized for any environment. The platform is organized around two Products that capture large and distinct areas of security: * **Bastion** - Digital-twin driven exposure management * Map, validate, and control the totality of resources and possible attack paths in the context of your business * **Reaper** - Software-defined offensive operations * Plan and execute red team operations and adversary emulation exercises on top of robust autonomy and software defined C2 infrastructure ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Foverview%2Fwhat-is-method%2Fbastion.png&w=3840&q=75) Bastion ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Foverview%2Fwhat-is-method%2Freaper.png&w=3840&q=75) Reaper How is Method different? ------------------------ The Method Platform is a new kind of security platform built to be more integrated, cross-domain, and AI-enabled than existing point solutions. ### Built on a Data Ledger and Ontology Almost every security workflow hits data roadblocks in the form of not connecting the dots across controls, environments, and organizational context. Method Platform is built on a Ledger which tracks security data temporally as well as by source. This Ledger feeds an Ontology, or security Digital Twin, consisting of objects (e.g. Host, User) and links (e.g. Is Administrator Of, Group Contains). Every Tool operated feeds the Ledger and then Ontology, for continuous understanding. This rigorous data approach enables several outcomes: * **Cross control / domain workflows** become possible where point products fall short; connect code, cloud, web, network, etc. inspection in a single workflow * **Streamlined analysis & reporting** given a standard API for security data that is abstracted from underlying sources * **Change detection** is possible with complete tracking of object changes over time * **Effective AI Agents** is possible given this continuous mapping, similar to other forms of robotic autonomy ### Deploy Any Tool, Everywhere Method Platform is built on a Tool and security agent (codename: Jackal) framework that can functionally control any API, scanner, or custom CLI in the cloud or on-premise. This allows it to get both authenticated and unauthenticated sources to populate the Ontology and assume both defender and attacker perspectives. This also allows the platform to execute workflows in any environment for complete visibility across complex, multi-domain workflows. ### Humans in control of AI AI acts as a powerful enabler and force multiplier. In the high-stakes security domain, you must retain full control over AI agents for effective operational deployment. Method Platform incorporates rigorous guardrails and architectural safeguards to ensure you maintain complete authority over AI behavior and decision-making. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Products | Method Platform | Documentation Overview of Products in Method Platform. * * * Bastion ------- Bastion is an OS for exposure management. Bastion enumerates and assesses complex environments across cloud, on premises, and internet facing assets to identify potential attack paths. Its findings can be used directly or passed to Reaper to validate risks through simulated offensive action. Reaper ------ Reaper is an OS for offensive operations. Reaper is an autonomous platform for executing offensive cyber operations—supporting workflows like red teaming, adversary emulation, and mission rehearsal. It combines automated reasoning, dynamic tooling, and defined guardrails to help operators simulate real-world threats and run complex campaigns. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Bastion | Method Platform | Documentation An operating system for exposure management. * * * Overview -------- ![Bastion architecture](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/pages/platform/products/bastion/bastion2.png) Bastion Bastion enumerates and assesses complex environments across cloud, on premises, and internet facing assets to identify potential attack paths. Its findings can be used directly or passed to Reaper to validate risks through simulated offensive actions. It builds a dynamic understanding of assets and risk by structuring environmental data into an ontology linking hosts, applications, and vulnerabilities. At its core, it uses Method’s data knowledge graph of interconnected objects and links, enabling contextual risk assessment and attack path discovery. Navigating Bastion ------------------ ### The Bastion Dashboard The Bastion dashboard provides an overview of your organization’s overall security posture categorized by Scorecards. These Scorecards rank environments by their overall riskiness, health, number of most issues, closed issues, and other important metrics. The `Risk types` tab gives you visibility into Issues across different risk categories and trends overtime. You can also view `All environments` to see and filter all of your environments. ![](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/pages/platform/products/bastion/method_risktypes.png) Explore Environments by Risk Types ![](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/pages/platform/products/bastion/all_environments.png) Sort your Environments ### Explorer Explorer enables flexible search and filtering across environments and object types, to make it easy for you to identify and investigate specific assets in your environment. [Learn more about Explorer](https://docs.method.security/platform/applications/explorer) . ![](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/pages/platform/products/bastion/explorer.gif) Discover assets and issues in Explorer ### Automator The Automator app lets you create, monitor, and run scheduled tasks and tests in an environment. You can view your surfaced Issues by severity, family, type, status, or environment. [Learn more about Automator](https://docs.method.security/platform/applications/automator) . ![](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/pages/platform/products/bastion/golden_tasks.png) Use Method's Golden Tasks to schedule task runs ### Issues Select an Issue to further investigate, explored linked Objects, view Issue history, change status, generate a report for external stakeholders, or perform active validation of the Issue in [Operator](https://docs.method.security/platform/applications/operator) . ![](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/pages/platform/products/bastion/issue_view.png) Investigate and triage Issues [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # FAQs | Method Platform | Documentation Overview of Frequently Asked Questions about Method Platform. * * * What deployment models does Method support? ------------------------------------------- Method supports multiple deployment options to meet diverse security and infrastructure requirements: * **Cloud Deployments**: * SaaS - hosted in any region * **Self-Hosted Deployments**: * Private Cloud - requires managed Kubernetes and object storage * Virtualized Infrastructure - requires a more substantial install * On-premise - delivered on dedicated hardware; air-gap optional How does Method use AI? ----------------------- * **Data Integration**: The majority of Method’s tool are deterministic, however, certain tools that generate unstructured output, such as Living off the Land tools, use AI to extract and normalize details that regex can’t reliably handle. AI is also used to analyze web resources to identify sensitive data at scale. * **Operator Co-Pilot**: AI dynamically adjusts tool parameters based on data in the environment and only suggests executable actions based on what’s discovered. Tool recommendations are based on discovered data, the environment, and uploaded threat intelligence, such as supplemented adversary profiles or organizational context. * **Operator Chat**: Operators can chat in the Cockpit in natural language to ask about issues, tools, objects, or next actions. Trust and operational controls ------------------------------ The Method platform provides multiple layers of controls that combines technical guardrails, and operational controls. * **Guardrails** * **Open-sourced tools**: All tools are designed as atomic, focused functions to ensure reliability and trusted execution. All of Method’s security tool binaries are [open-sourced](https://github.com/Method-Security) to provide complete visibility into what’s executing in customer environments. * **Configurable risk frameworks**: Operators can define comprehensive rules of engagement, such no-strike lists and restricted tool executions based on risk controls defined in each operation. * **Transparency in architecture** * **Strongly typed interfaces**: Method’s strongly-typed data model (the Ontology) and atomic tool design create a reliable agent-security-stack interface that fundamentally constrains what AI can do. The Ontology uses strongly-typed objects (like Host, User, Cloud Account) and defined relationships (like “Is Administrator Of”), preventing AI from operating on ambiguous or unstructured data that could lead to unpredictable behavior.⁠ This architecture ensures that while AI can be intelligent about what to do and how to configure tools, it cannot operate outside the safe, pre-defined boundaries of Method’s security framework. Do we have any accreditations? ------------------------------ We are actively pursuing additional accreditations, including SOC 2 Type 2. Method’s architecture and security practices are being built with federal compliance requirements in mind and we intend to pursue a FedRAMP certification. Access and permissions ---------------------- Method currently supports authentication via local credentials as well as integration with enterprise identity providers. Platform updates ---------------- Product release notes are published regularly and cover product improvements, bug fixes, and new feature releases. These are automatically emailed to all user accounts in Method. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Reaper | Method Platform | Documentation An operating system for offensive operations. * * * Overview -------- ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fproducts%2Freaper%2FReaper.png&w=3840&q=75) Reaper Reaper is an autonomous platform for executing offensive cyber [operations](https://docs.method.security/platform/primitives#operations) —supporting workflows like red teaming, adversary emulation, and mission rehearsal. It combines automated reasoning, dynamic tooling, and defined guardrails to help operators simulate real-world threats and run complex campaigns. Reaper integrates closely with [Operator](https://docs.method.security/platform/applications/operator) , a workspace for running operations, and Adversary Profiles for realistic and dynamic adversary emulation. Configuring an Operation ------------------------ Define the scope, adversary, targets, and rules of engagement of your operation. ### Defining the Entry Point Reaper lets you initiate an operation from either the internet or an installed Jackal within the target perimeter. Internet-based operations are limited to internet-facing assets, while Jackal-initiated operations provide an assumed breach perspective from the host where the Jackal is intalled. ### Adversary Intelligence Upload an adversary profile to receive AI-suggestions in Co-pilot based on the target adversary. See [Create an Adversary](https://docs.method.security/guides/reaper/create-an-adversary) , for a guide on creating a new adversary. In Reaper, you can: * **Simulate cyber threats**: Launch [operations](https://docs.method.security/platform/primitives#operations) that mirror how real adversaries behave in the wild. You can emulate threat actors across several stages of the kill chain, such as reconnaissance, lateral movement, and exploitation. * **Validate exposure**: Determine whether exposures discovered in Bastion are truly exploitable. * **Train and test teams**: Simulate realistic adversary behavior to evaluate team readiness, test detections, or benchmark controls. * **Operate with automation**: Toggle between Manual and Co-Pilot mode to enable AI suggestions during an operation. * **Interact with the system**: Use the Cockpit to communicate with Reaper during operations. Ask questions about Tools, Issues, Objects, and other details about the workspace. * **Replay missions**: Return to any session to review what actions were taken, which Objects were created, and what Issues were surfaced. See [Operator](https://docs.method.security/platform/applications/operator) for more details, or read [Your First Operation](https://docs.method.security/guides/reaper/your-first-operation) for a guide on how to begin your first operation. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Concepts | Method Platform | Documentation Get a basic understanding of Method Platform’s core concepts. * * * Products -------- [Products](https://docs.method.security/platform/products) are complete, end-to-end workflows built for specific security outcomes. Method currently offers two products: [Bastion](https://docs.method.security/platform/products/bastion) and [Reaper](https://docs.method.security/platform/products/reaper) . Each Product includes one or more Applications and uses different types of Primitives to power its functionality. Applications ------------ [Applications](https://docs.method.security/platform/applications) are the key user facing front end experiences that allows you to perform a variety of workflows on top of different Primitives. Primitives ---------- [Primitives](https://docs.method.security/platform/primitives) are the building blocks of the platform. They’re the file types that Applications work with—like operations, tools, tasks, or any other structured object. Primitives are modular and reusable across Products and Applications. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Administration | Method Platform | Documentation Configure your Method Platform. * * * Overview -------- ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fapplications%2Fadministration%2Fadmin_dashboard.png&w=3840&q=75) Configure your Method platform in the Administration app Use the Administration app to manage your Method platform: * Create, view, and delete the [Environments](https://docs.method.security/platform/primitives#environment) on your platform * Create and manage tags to group your Environments * Onboard new Environments and kick off onboarding tasks * Create and manage your [Jackal](https://docs.method.security/platform/architecture/jackal-c-2) agents * Manage cloud provider integrations * Configure alerts to channels in Teams or Slack * Manage Task labels * Configure additional platform settings [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Operator | Method Platform | Documentation Perform live [operations](https://docs.method.security/platform/primitives#operations) against your environments. * * * ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fapplications%2Foperator%2Foperator.png&w=3840&q=75) Overview -------- Operator is an application that serves as an IDE (Integrated Development Environment) for Security Engineering and Offensive Engineering workflows. Tools, Ontology, and AI is at the user’s fingertips to conduct live [operations](https://docs.method.security/platform/primitives#operations) against environments much faster and more effectively. The Operator workspace is comprised of a large graph canvas for running operations. Setting up a new Operation -------------------------- ### Set the Objective The Objective tab lets you add a title, describe the objective, set the starting points and environment, and other optional parameters such as rules of engagement. ### Adversary Emulation With [Reaper](https://docs.method.security/platform/products/reaper) , you can create Adversary Profiles using PDFs of adversary intelligence. These can be added to your Operation as context for the AI for adversary emulation exercises. ### Configure Rules of Engagement You have the option to configure operational risk controls and set No Strike lists that enforce operational safety guardrails and limit what Tools can run on targets. ### Watch an Object Object Watch allows you to declare specific Object Types of interest. The system will passively watch for these Objects and alert you when Method discovers them in an operation. You can revisit the operation objectives by clicking on the left pane in the workspace. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fapplications%2Foperator%2Foperation_tab.png&w=1920&q=75) Click the left pane to review your operation objectives The left panel includes: * Operation Cockpit * Operation details * Rules of Engagement (if configured) * Supplemented Adversary Intelligence (if provided) * Complete Tool Library Navigate the Workspace ---------------------- Throughout your operation, you can use the chat cockpit to ask questions about Issues, data collected, or what Tools to run next. Operator’s AI co-pilot has a deep understanding of security and of the Method Platform: the Tools, data, adversary profiles, and more that are contained therein. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fapplications%2Foperator%2Foperator_chat.png&w=1920&q=75) Ask questions in the Operator Cockpit The central graph shows you the steps taken in your operation so far. Nodes represent Tools that have run, and the edges between Tool nodes show the data types that are flowing through the operation. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fapplications%2Foperator%2Foperator_nodes.png&w=3840&q=75) Graph nodes represent a single tool execution in the operation The right panels show the Objects and Issues found in your operation. If a node is selected, you will only see the Objects and Issues found for that tool execution. If you de-select the node, you will see all of the objects found in the lineage of your operation. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fapplications%2Foperator%2Fright_pane.png&w=1080&q=75) Use the right pane to explore Objects found and Issues Co-pilot Mode and Manual Mode ----------------------------- Operator offers two modes: Co-pilot mode and Manual mode. Co-pilot mode is a human-in-the-loop, AI-assisted operating mode. When running in Co-pilot, you will receive AI-suggested tool recommendations based on the current mission objective, recent system findings, environmental context, and adversary intelligence. You can accept or decline these recommendations before tool execution. Manual mode is a fully operator-driven operation, where there are no AI suggestions for tool executions. You can still chat with the AI in the Cockpit. In the future, you will be able to operate in Auto mode, where the system will run completely autonomously within pre-defined guardrails set by the operator. Utilize Method’s Tools ---------------------- Operator has easy access to Method’s full suite of powerful tools. You can explore the tools in the Tool Library panel to learn about each. As you progress through your operation, only the tools that are applicable to the data you have discovered are suggested. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fapplications%2Foperator%2Ftool_library.png&w=3840&q=75) Explore the complete arsenal of tools available in the Method platform [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Automator | Method Platform | Documentation Automator allows you to create, modify, and view your live automations. * * * Overview -------- ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fapplications%2Fautomator%2Fautomator-activity.png&w=3840&q=75) Activity Tab ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fapplications%2Fautomator%2Fautomator-tasks.png&w=3840&q=75) Tasks Tab Automator is the home for creating, monitoring, and managing automations in Method. Automator Primitives -------------------- The primary automation in Method is a [Test Case](https://docs.method.security/platform/primitives/overview#testcases) . A Test Case allows you to choose a [Task](https://docs.method.security/platform/primitives/overview#task) , run it against specified target objects on a fixed schedule, and to assess that the output looks as expected using assertions. A [Task](https://docs.method.security/platform/primitives/overview#task) is a a discrete workflow performable in Method Platform. It allows you to orchestrate and execute [Tools](https://docs.method.security/platform/primitives/tools) to assess an asset or accomplish a security goal. When a Task is configured to run on a set of objects at a particular time, it is called a Task Run. To create a new Test Case, first confirm whether the Task you wish to automate exists. If not, start by creating a New Task from the top-right corner of the application. Once you have a Task you’re ready to automate, create a new Test Case to choose the target, schedule, and assertions for your automation. Monitoring Automations ---------------------- Use the Activity tab to understand what is happening live on your Method instance. Monitor your running, scheduled, and recently completed Tests and Task Runs. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Issues | Method Platform | Documentation Understand the risks in your environments. * * * Overview -------- The Issues app is where you can explore, investigate, triage, and close Issues across your environments. Understand and Triage Issues ---------------------------- ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fapplications%2Fissues%2Fissues_dashboard.png&w=3840&q=75) View Issues across your environments ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fapplications%2Fissues%2Fissue_investigate.png&w=3840&q=75) Investigate an Issue Filter your Issues by family, type, severity, environment, or tag. Every Issue comes with a dedicated Issue View which shows you a description of the Issue, linked assets with a graph showing the relatonships between the impacted assets, a tab to generate reports, and Issue history. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fapplications%2Fissues%2Fissue_view.png&w=3840&q=75) Issue view Issues are Open by default, but can be marked Assigned or Closed once triaged and resolved. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fapplications%2Fissues%2Fissues.png&w=3840&q=75) Issues Application * * * Configure --------- The Issues app allows you to configure and specify severity overrides for various Issue Types. These overrides can be applied globally for a specific Issue Type or configured at the Environment level. Issue severity overrides will not be automatically applied to existing Issues. The severity will be updated upon the next discovery of existing Issues or when a new Issue is discovered. For a walkthrough on how to configure Issue Types, refer to the following user guide: [Configure Issue Severity Overrides](https://docs.method.security/guides/issues/configure-issue-severity-overrides) [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Explorer | Method Platform | Documentation Discover and investigate your environment. * * * Overview -------- ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fapplications%2Fexplorer%2Fexplorer.png&w=3840&q=75) Explorer Home Page ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fapplications%2Fexplorer%2Fexplorer2.png&w=3840&q=75) Surfaced Network Applications Explorer is Bastion’s powerful search and investigation view for your environments. Browse and filter across object types, then inspect specific assets using tabular and graph-based views to examine infrastructure details or pivot across related objects to understand broader patterns of exposure. Navigating Explorer ------------------- Filter your search by tag or environment, Object or Issues, and data types. You can use additional filter groups to further narrow your search results. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fapplications%2Fexplorer%2Fexplorer_filtered_search.png&w=3840&q=75) Use Explorer filters to focus on high priority Objects and Issues Click a row to open the Object View and inspect details, links, provenance, and to pivot to related entities. Explorer enables you to: * **Investigate assets and issues across environments**: Search across thousands of objects with flexible filters to locate high-risk assets, surface unresolved issues, and trace exposure across environments. * **Pivot through related objects**: Move from a single FQDN to its associated services, applications, and known issues to build a mental model of the asset’s context and exposure. * **Visualize connections**: Reference the relationship graph to see how assets are linked. This is helpful for understanding blast radius, dependencies, or the chain of exposure tied to a misconfiguration. * **Track historical trends**: View changes over time, such as how many new assets are discovered and how frequently an object-type is assessed. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Tools | Method Platform | Documentation Atomic, executable actions that power analysis, enumeration, and collection across Method’s platform. * * * Overview -------- ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fprimitives%2Ftools%2Ftools.png&w=3840&q=75) Tool Catalog ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Fprimitives%2Ftools%2Ftools2.png&w=3840&q=75) Tool Details A Tool is an atomic security action in the Method Platform. That security action may wrap an API (e.g. AWS) or a scanner (e.g. Nessus) or some custom security CLI. Each Tool is designed to perform a technical task, such as scanning a target, retrieving cloud configuration data, or enumerating network resources and can be used independently or as part of a larger workflow. Tools are organized by families (like Collection, Reconnaissance, or Exploitation) and executed through available runtimes. Users can click into a Tool to view details about its purpose, parameters, required inputs, associated links, and the types of Objects it creates. The Examples tab provides sample use cases and representative executions that show how the Tool is used in operations. The Tasks tab displays all existing Tasks that use the selected Tool. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Applications | Method Platform | Documentation Overview of Applications in Method Platform. * * * ### Operator Operator is an application that serves as an IDE (Integrated Development Environment) for Security Engineering and Offensive Engineering workflows. Tools, Ontology, and AI is at the user’s fingertips to conduct live work against environments much faster and more effectively. ### Explorer Explorer is an application to search and understand collected security data. It lets you find and investigate Objects across your environments with flexible filters that helps you understand context, dependencies, and exposure patterns. ### Issues Issues is where Method aggregates and prioritizes all detected Issues so teams can triage, investigate, and take action in one place. ### Automator Automator is the home for creating, monitoring, and managing automations, like [Tests](https://docs.method.security/platform/applications/automator#automator-primitives) and [Tasks](https://docs.method.security/platform/primitives) , in Method. ### Administration Administration is the one-stop-shop for configuring and managing your Method platform. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Release Notes | Method Platform | Documentation The latest releases to the Method platform. * * * ### October 6, 2025 **Operator can now watch for specific objects** to help identify valuable assets within discovered data. During Operation setup, configure Object Watch to look for object types or object property values that align with the Operation’s objectives – for example, configure Operator to indicate when a Credential has been discovered. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-10-06b.png&w=3840&q=75) Object Watch helps identify important object types or property values. **Operators can now visually explore linked Object discoveries** using the graph view that shows related objects. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-10-06c.png&w=1920&q=75) Objects in Operator can now be explored using a graph of linked objects. **Method has an improved AWS integration** to provide a comprehensive inventory of accounts, services, and resources. It covers all major AWS primitives, including identities, networks, and cloud assets, through safe, read-only API calls. With this foundation, users can leverage Method’s blackbox tools and now enumerate Cloud Objects to gain a deeper, end-to-end understanding of their cloud footprint. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-10-06a.png&w=3840&q=75) Breakdown of the Cloud Enumerate AWS task in Method. 15 updated tools have been released. You can view them in the `Tools` app in Method. 1. Updated: **AWS API Gateway Enumerate** enumerates all the API Gateway instances of an AWS account. This tool is useful for understanding the security rules, policies, and configurations of API Gateway instances in AWS. 2. Updated: **AWS CloudFront Enumerate** enumerates all the CloudFront resources of an AWS account. This tool is useful for understanding the content delivery networks, distributions, and caching configurations of CloudFront in AWS. 3. Updated: **AWS EC2 Enumerate** enumerates all the EC2 resources of an AWS account. This tool is useful for understanding the compute instances, volumes, and networking configurations of EC2 resources in AWS. 4. Updated: **AWS EKS Creds** retrieves the credentials for an EKS cluster. This tool is useful for retrieving the credentials for an EKS cluster in AWS. 5. Updated: **AWS EKS Enumerate** enumerates all the EKS clusters of an AWS account. This tool is useful for understanding the security rules, policies, and configurations of EKS clusters in AWS. 6. Updated: **AWS IAM Enumerate** enumerates all the IAM resources of an AWS account. This tool is useful for understanding the security rules, policies, and configurations of IAM resources in AWS. 7. Updated: **AWS Lambda Enumerate** enumerates all the Lambda functions of an AWS account. This tool is useful for understanding the security rules, policies, and configurations of WAF web ACLs in AWS. 8. Updated: **AWS Load Balancer Enumerate** enumerates all the Load Balancer resources of an AWS account. This tool is useful for understanding the traffic distribution, health checks, and target group configurationsof Load Balancers in AWS. 9. Updated: **AWS RDS Enumerate** enumerates all the RDS instances of an AWS account. This tool is useful for understanding the security rules, policies, and configurations of RDS instances in AWS. 10. Updated: **AWS Route53 Enumerate** enumerates all the Route53 resources of an AWS account. This tool is useful for understanding the DNS configurations, hosted zones, and record sets of Route53 in AWS. 11. Updated: **AWS S3 Enumerate** enumerates all the S3 resources of an AWS account. This tool is useful for understanding the storage, permissions, and metadata of S3 buckets in AWS. 12. Updated: **AWS S3 Exposure Scan** scans and analyzes public-facing S3 buckets without credentials to determine existence, access controls, directory listings, and anonymous read capabilities. Includes support for parsing various S3 URL formats and inspecting policies and ACLs for potential misconfigurations. 13. Updated: **AWS Security Group Enumerate** enumerates all the Security Groups of an AWS account. This tool is useful for understanding the security rules, policies, and configurations of Security Groups in AWS. 14. Updated: **AWS VPC Enumerate** enumerates all the VPCs of an AWS account. This tool is useful for understanding the security rules, policies, and configurations of VPCs in AWS. 15. Updated: **AWS WAF Enumerate** enumerates all the WAF resources of an AWS account. This tool is useful for understanding the security rules, policies, and configurations of WAF web ACLs in AWS. * * * ### September 22, 2025 Available in beta: **Sync Issues from Method to your preferred ticketing system** using Method’s webhooks integration and SDK. * Use Method to set up powerful security automations, then track, assign, and close issues in your favorite project management tool. * Easily hop back in to Method to explore assets linked to your issues in Explorer and run operations against them in Operator. We’ll be expanding the API and SDK over the coming months based on early usage and feedback. Reach out to your Method contact to schedule getting started. Two new or improved tools have been released. You can view them in the `Tools` app in Method and try them in `Operator`. 1. New: **Kerberos Service Ticket** exploits resource-based constrained delegation (RBCD), constrained delation, and unconstrained delegation to request service tickets for arbitrary service principle name (SPN) as any domain user enabling service-impersonation based lateral movement and privilege escalation. 2. New: **DCSync** emulates a domain controller via MSRPC to pull the domain operating context, allowing full credential exfiltration and permanent domain persistence. * * * ### September 8, 2025 **Operators can now configure specific risk axes** to minimize their risk of detection within a specific Operation. Choose from 11 risk axes that give you granular control over facets such as log noise, network footprint, exfiltration, and more. See the full list in Operator during setup. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-09-08c.png&w=3840&q=75) Configure risk axes during Operation setup. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-09-08d.png&w=3840&q=75) Tool configurations that violate risk rules will be prevented from running. **Operators can now set certain targets as No Strike**, which restricts tool runs against specific, off-limits targets for the duration of the Operation. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-09-08e.png&w=3840&q=75) Choose No Strike targets during Operation setup. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-09-08f.png&w=3840&q=75) Tools will not run against targets on the No Strike List. **Method can now send you alerts** in Slack or Microsoft Teams when new Issues are discovered. You can create rules that trigger alerts that meet any of following criteria: environment, issue type, and issue severity. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-09-08a.png&w=3840&q=75) Configure Alerts in the Admin app. **You can now re-scan for an Issue with one click** to see if it is still open. The Issue View will tell you when the issue was last seen. If the Issue hasn’t been seen in the last 24 hours, you will be reminded to check for it again. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-09-08b.png&w=3840&q=75) A banner will appear for Issues that haven't been seen in over a day. * * * August 25, 2025 --------------- **Method’s data exploration has been overhauled** with a fluid new experience. Environments, Issues, and Objects open in stacking panels that allow you to quickly navigate from one asset to the next. You can now traverse different paths through your system without switching tabs or losing your place. ![](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/pages/release-notes/latest/2025-08-25g.gif) Method's new data exploration experience. **Operator’s data exploration has also been revamped**, using the same new experience paired with powerful, new capabilities, including: keyword search, flexible filters, and better data presentation to make it easier to see and understand what you’ve found in your operation. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-08-25d.png&w=3840&q=75) View discovered objects in filterable lists with much more detail. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-08-25e.png&w=3840&q=75) Drill down into your findings while seeing your exploration history in panels. **Operations now show whether discovered assets are actionable.** Tool runs that find actionable data objects will now be distinguished from those that completed without finding actionable data. These changes make it easier to decide which branches in your operation are useful and actionable and which are not. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-08-25a.png&w=3840&q=75) Executions are grouped by those with actionable and unactionable discoveries. **Operator tools now support granular selection of input objects**. You can now select targets for your tool runs more precisely using filters or manual selection. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-08-25b.png&w=3840&q=75) Filter input objects ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-08-25c.png&w=3840&q=75) Manually select input objects **Easily see related objects** on Issue and Object views with the Related Objects graph on Issues and Objects. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-08-25f.png&w=3840&q=75) Related Objects Graph on an Issue. Four new or improved tools have been released. You can view them in the `Tools` app in Method and try them in `Operator`. 1. New: **Host Discovery Tool** performs ping scans against CIDRs / IP addresses. Supports several scan types. 2. New: **SMB Shares Enumeration** enumerates SMB shares for access permissions. 3. New: **Web Page Static Asset Takeover Detection** identifies stale or unclaimed static assets that are loaded on a user’s webpage that may be vulnerable to takeover. 4. Improved: **Internal Network Pentest** and **Internal Network Discovery** now feature stealth modes to support red team workflows. * * * August 4, 2025 -------------- **Issues have been re-imagined from the ground-up** with more powerful capabilities and a new design. You can now track Issues by status and perform your issue investigation without leaving the Issue view. Coming soon: viewing the history of an issue and leaving comnments. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-08-04a.png&w=3840&q=75) New Issue View **You can now auto-generate Issue Reports** to share with colleagues who do not have Method access. Issue Reports allow you to share details of the issue such as severity, date discovered, issue description, remediation, and the details of the assets associated with the issue. Coming soon: instructions for the Report recipient to reproduce the issue without needing access to Method. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-08-04b.png&w=3840&q=75) Generate and edit Reports ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-08-04c.png&w=3840&q=75) Export as PDF Five new tools have been released. You can view them in the `Tools` app in Method and try them in `Operator`. 1. New: **Domain Discover** identifies active domains from network applications or IP addresses on on-premise networks. 2. New: **Username Spray** attempts to enumerate valid usernames before spraying passwords against them. 3. New: **Password Spray** attempts login using a single password on multiple usernames against non-HTTP services to gain initial access. 4. New: **LDAP Domain Dump** enumerates users, groups, and relationships from Active Directory using LDAP domain enumeration. 5. New: **SMB Credential Dump** uses valid admin credentials to access system security databases on Windows systems and extract password hashes and secrets. * * * July 21, 2025 ------------- **Five new or improved tools have been released**. You can view them in the `Tools` app in Method. 1. New: **Web CVE Scan** scans web applications to identify known vulnerabilities from the last 25 years of CVEs. 2. New: **Web Technology Scan** identifies known vulnerabilities in specific types of web servers. 3. New: **Web Misconfiguration Scan** identifies misconfiguration in web applications. (Currently limited to headers with expansion coming soon.) 4. Improved: **Web WAF (Web Application Firewall) Detect** detects which WAF is protecting web applications and web endpoints. Now has significantly better accuracy. 5. Improved: **Web DAST (Dynamic Application Security Testing)** has been improved with expanded injection types, allowing you to detect more classes of exploitable vulnerabilities than before. * * * July 7, 2025 ------------ **Bastion 2.0 is released.** Use Bastion to evaluate your cross-environment defenses and to drill-down into any risk across your environments. Use the Scorecard tab to see your healthiest, riskiest, and most active environments. Use Risk Types to explore risk patterns that cross-environments. Drill down into any environment to see the specifics of its issues and assets. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-07-07.png&w=3840&q=75) Bastion Scorecard ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-07-07b.png&w=3840&q=75) Bastion Risk Types **Environment views have been expanded and refreshed.** You can now explore the Latest issues and New assets, risk patterns across the assets, track inventory in the environment, and more. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-07-07c.png&w=3840&q=75) New environment detail view **The Issue Inbox now supports better filtering**. Explore issues by issue severity, issue tag, and environment. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-07-07d.png&w=3840&q=75) The updated Inbox **Method Documentation now includes Guides.** Guides are short tutorials to make you maximally effective when using Method. The first set of guides covers Bastion, Reaper, Explorer, Inbox, and Automator. [Check them out here](https://docs.method.security/guides/automator/running-a-task) . * * * June 23, 2025 ------------- **Tool selection and configuration in Operator is smarter and easier to use.** Only tools that are available for use (with valid inputs available) appear as options. The tool configuration form is redesigned, with better explanations and labels. Use the Preview panel to preview the executions before they run. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-06-23.png&w=3840&q=75) New Tool Config in Operator **Operator’s AI Copilot has even deeper knowledge** of Operation context and general security understanding. **Method has a new Homepage.** Follow high-level metrics, kick off a search, and easily hop into any application. **Activity, Test Cases, and Tasks have a new home in the Automator app.** Automator is the one-stop shop for all automations in the platform. * * * June 9, 2025 ------------ **Reaper now supports Adversary Emulation.** [Create an Adversary](https://docs.method.security/guides/reaper/create-an-adversary) in the Reaper app, then run adversary emulation operations in Operator. The Operator AI will use Adversary details to build its attack plan. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Frelease-notes%2Flatest%2F2025-06-09.png&w=1920&q=75) Adversary Profiles in Reaper [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Using the Method SDK | Method Platform | Documentation Method provides a publicly available SDK in python and typescript. This page includes instructions for authenticating and constructing clients in these languages. The [API Reference](https://docs.method.security/api/api-reference) section lists the available endpoints along with their arguments and responses. Python SDK Usage ---------------- The Method SDK is published to [pypi](https://pypi.org/project/methodsdk/) . Example code to initialize a `MethodClient` and make a simple API call is: ` | | | | --- | --- | | 1 | from method_security import MethodClient | | 2 | | | 3 | def construct_client_and_get_issue_details(source, issue_id): | | 4 | # Replace "my-hostname" with the hostname of your Method instance | | 5 | base_url = f"https://my-hostname.method.delivery" | | 6 | client = MethodClient(base_url=base_url) | | 7 | | | 8 | issue_details = client.v1.issues.get_issue(id=issue_id) | | 9 | return issue_details | ` The `get_issue` endpoint used in this example is documented in the [API Reference](https://docs.method.security/api/api-reference) section, which includes all available endpoints, as well as their arguments and responses. This example assumes that the `OAUTH_CLIENT_ID` and `OAUTH_CLIENT_SECRET` environment variables have been set for authentication, as described in the [Authentication](https://docs.method.security/developer/sdk/using-the-method-sdk#authentication) section below. A small example project using the Method SDK can be found in the [method-sdk-examples](https://github.com/method-security/method-sdk-examples) repository on github. Authentication -------------- The Method SDK uses the OAuth 2.0 Client Credentials flow for authentication. Callers of the SDK are configured with an OAuth 2.0 client ID and client secret, which are used to acquire access tokens. The SDK acquires access tokens and uses them to make API calls automatically; callers of the SDK do not need to call authentication endpoints directly. To configure authentication for an application using the Method SDK: 1. Request the creation of an OAuth 2.0 client for your application from Method Support. 2. Method Support will create this client and provide you with its client ID and client secret. 3. Set environment variables in your application’s environment called `OAUTH_CLIENT_ID` and `OAUTH_CLIENT_SECRET`. Their values are the client ID and client secret provided in Step 2 respectively. The SDK will detect these variables and use them to acquire access tokens automatically. It is also possible to acquire access tokens manually using the OAuth 2.0 client ID and client secret, and use those when calling API endpoints. This can be useful for testing, but note that access tokens expire after a short duration, so production applications should use the flow described above. TypeScript SDK Usage -------------------- The TypeScript SDK will be published to npm shortly, at which point the documentation will be updated with example usage. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Get Token With Client Credentials | Method Platform | Documentation ### Request This endpoint expects an object. client\_idstringRequired client\_secretstringRequired grant\_type"client\_credentials"Required scopestringOptional ### Response This endpoint returns an object. access\_tokenstring expires\_ininteger refresh\_tokenstring or null [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Primitives | Method Platform | Documentation Overview of Primitives in Method Platform. * * * ### Environments An Environment is a logical and secure container for credentials, data, and context. Environments can be made at the organization level (e.g. ACME Co.), for various environments (e.g. prod vs. staging), or for business units. It is a user administration decision on how to segment their environments. ### Ontology (Data) The Ontology is a data knowledge graph of objects and links. Method Platform is built on a strongly typed data model that allows users and AI alike to better leverage information. * * * ### Jackals A Jackal in Method Platform is a security agent that can be deployed or is cloud-managed, and can execute Tools that perform security actions and retrieve data. These security agents do not need to be deployed on every host. Beyond the cloud managed Jackals, deployment depends on desired use cases and visibility. * * * ### Tools A [Tool](https://docs.method.security/platform/primitives/primitives/tools) is an atomic security action in Method Platform. That security action may wrap an API (e.g. AWS) or a scanner (e.g. Nessus) or some custom security CLI. Importantly, there is not a single Tool for large security integrations like AWS or Okta. These integrations are decomposed into many small atomic Tools like “Enumerate AWS EC2 Instances”. This gives users fine grained control over inputs and outputs, and thus an increase in performance. Under the hood, every Tool in Method Platform is leveraging a [CLI app](https://github.com/Method-Security) , all of which Method Security has open sourced. ### Tasks A Task represents a discrete workflow performable in Method Platform. Tasks can be built and run on the fly in Operator or saved and scheduled. Tasks use Agents to execute and orchestrate Tools. ### Test Cases Test Cases are an opinionated wrapper around Tasks that allow you to assert whether the output looks as you expect by classifying runs as successful or failed, allowing you to easily monitor your scheduled task runs. Tests allow you to take a Task, put it on a schedule, automatically assess whether the returned objects look as you expect, and notify you accordingly. * * * ### Operations An Operation is a coordinated sequence of security actions performed against a target. They are meant to accomplish a goal either investigative or offensive in nature. Operations can be performed with or without initial access, and can contain multiple parallel streams of work. Run an Operation to conduct a red team mission, a training exercise, or a simply live search of your environment. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Architecture Overview | Method Platform | Documentation Overview on how Platform is works, is designed, and is secured. * * * [Product Architecture\ \ How the different Product Primitives work together at a high level.](https://docs.method.security/platform/architecture/product) [System Architecture\ \ Platform deployment and security overview.](https://docs.method.security/platform/architecture/system) [Jackal C2\ \ Jackal (security agent) command and control (C2) architecture.](https://docs.method.security/platform/architecture/system) [Data Architecture\ \ Ledger and Ontology systems overview.](https://docs.method.security/platform/architecture/system) [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # System Architecture | Method Platform | Documentation Overview of deployment, technical design, and security of Method Platform. * * * Overview -------- Method Platform is a Platform - Agent architecture at its core. The platform handles all the heavy lifting across Data, AI, Auth, State Machinery and more. The agents, named Jackals, are intentionally dumb by design, simply waiting for instructions and executing those instructions. Jackals can be cloud-managed or deployed. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Farchitecture%2Fsystem%2FSystemArch.png&w=3840&q=75) System Architecture [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Data Architecture | Method Platform | Documentation Overview of how data is stored and materialized within Method. * * * Overview -------- The Data Architecture in Method is designed to serve a number of high level technical use cases: 1. Construct and maintain an Ontology, or connected knowledge graph, from heterogeneous input sources 2. Organize and materialize data in different form factors to equip AI to be productive and reliable 3. Track history of resources, specifically property and relationship changes 4. Deliver interoperable input and output boundaries so developers can add custom sources and export data to their own systems The following architecture diagram shows how data flows from Ledger (bottom), up to Ontology (knowledge graph), to then serve various functions within Method Platform. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Farchitecture%2Fdata%2FDataArch.png&w=3840&q=75) Data Architecture Importantly, Ledger is an append only transaction store, that is very general in nature. This helps with heterogeneous input sources and tracking history. The architecture materializes data in other form factors (e.g. graph database, vector embeddings), that serve data to AI and users alike for very specific functions. Moving from bottom to top, data goes from a general state to a complex state; everything is kept in sync to support the real time nature of security work. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Jackal C2 | Method Platform | Documentation Overview of Jackal (security agent) command and control (C2). * * * Overview -------- Jackal and its corresponding infrastructure for C2 and Data Upload & Exfil, is designed as a minimalist and on-the-fly configurable security agent. It is very lightweight - it has no built-in security capabilities, it self-equips at run time with outside tools (e.g. binaries, Docker containers), or uses Living off the Land (LotL) techniques. Its architecture is designed to be expanded to use cases and functionality like agent-to-agent relay, ephemeral lifetime, and bespoke data exfil channels, to name a few. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Farchitecture%2Fjackal-c2%2FJackalC2Arch.png&w=3840&q=75) Jackal C2 Architecture [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Create a new Environment | Method Platform | Documentation This guide will help you create a new environment. * * * How to create a new Environment ------------------------------- 1. Navigate to your Method login portal and log in to access the main dashboard. After logging in, you will see a vertical navigation menu on the left side of the screen. Select **Admin**, which will open to the Environments tab. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fenvironments%2Fcreate%2FSelectEnvironments.png&w=640&q=75) Select Environments 2. Select `New Environment` ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fenvironments%2Fcreate%2FCreateEnvironment.png&w=3840&q=75) Create Environment Name your Environment and then continue. * * * Create a Tutorials Environment ------------------------------ If you are running through the Method guides, we recommend you create an environment for the files you’ll create in the guides. Follow the steps above, and then name your environment `-first-tutorial`. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Getting started with Guides | Method Platform | Documentation The following guides will help you learn every part of the Method platform. Each guide is standalone, meaning you can start anywhere you like based on what you want to learn. If you’re not sure where to begin, we recommend you follow the guides in the order they are presented in the left navigation. Before you start… ----------------- For the guides below, we recommend you begin by creating an Environment specifically for yourself, so you can keep your tutorial data separate from production data. When you’re done with the guides, you can delete this environment, which will delete your testing data and prevent any mixing with production data. See how to do so by following the [Create an Environment](https://docs.method.security/guides/environments/create-a-new-environment#create-a-tutorials-environment) guide. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Create an Adversary | Method Platform | Documentation This guide will help you create an Adversary in Reaper. * * * Adversaries ----------- Adversaries are custom threat profiles that can be used to emulate threat actors during an operation. When running in **Co-Pilot** mode, you will receieve AI-suggested tools based on the tactics, techniques, and procedures (TTPs) associatd with the uploaded Adversary Profile. How to Create an Adversary -------------------------- 1. From the Method homepage, navigate to **Reaper**. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Fcreate-adversary%2Fhomepage.png&w=3840&q=75) 2. Select **New Adversary**, upload an intelligence report, name the Adversary, and click **Upload**. Create an Adversary View an Adversary Profile ------------------------- You can review more information about your Adversary profiles, including the number of live operations using an Adversary, total number of Adversaries, and related details on this page. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Fcreate-adversary%2FAdversaryPage.png&w=3840&q=75) Using Adversaries in Operations ------------------------------- When you’re ready to begin an Operation, you’ll see the option to select an Adversary under the **Intelligence** section when configuring your workspace. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Fcreate-adversary%2FAddAdversary.png&w=3840&q=75) If you choose to run the Operation in Co-Pilot, Reaper will begin suggesting tools based on your adversary profile. Use the Adversary Intelligence icon to view reasoning, capabilities, and expected outputs for each tool. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Fcreate-adversary%2FAISuggestion.png&w=3840&q=75) [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Product Architecture | Method Platform | Documentation Overview of how the Product Primitives come together in Method Platform. * * * High Level Overview ------------------- The various Primitives covered in [Concepts](https://docs.method.security/platform/overview/concepts) can be thought of as a set of building blocks that work together to power [Products](https://docs.method.security/platform/products) and any other user experience in Method. The following conceptual product architecture is very high level in nature, but serves as a good introduction on how to think about Method Platform’s design. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Farchitecture%2Fproduct%2FProductArchHighLevel.png&w=3840&q=75) Product Architecture From the bottom up, Jackal (security agents) execute Tools which produce Data. The Task Engine runs workflows which often leverages AI Agents and Analysis Engine. All Primitives together power the ability to use Explorer and Operator. An experience across these Primitives is what are packaged as Products. Detailed Overview ----------------- The Primitives in the first diagram above do not show any interactions and dependencies. The following diagram shows a more detailed view into how each Primitive, or building block, interacts with the others, as well as some of their internal functions. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fplatform%2Farchitecture%2Fproduct%2FProductArchDetailed.png&w=3840&q=75) Detailed Product Architecture [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Start an Operation from Explorer | Method Platform | Documentation This guide will show you how to send objects from Explorer to Operator. * * * You can send objects from Explorer to Operator to be used in your defensive operations, red teaming, and training or adversary emulation operations. Requirements ------------ This feature will only conditionally appear if the criteria for creating an Operation are met: 1. A single environment is selected in your [basic filters](https://docs.method.security/guides/explorer/filtering#basic-filtering) . Operations are scoped to a single environment, so sending objects that span across multiple environments is not supported. 2. An object type that Operator can accept as input is selected. Currently, these are FQDNs, IP Addresses, CIDRs, and URLs. How to send Objects to Operator ------------------------------- After selecting an environment and an object type that can be an input to an Operation, construct your search queries as you normally would. To send an object or multiple objects to a new Operation, clicking on the checkbox on that line item will reveal the `Send to Operator` button. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fexplorer%2Fnew-operation%2Fnew-operation.png&w=3840&q=75) The Explore in Operator button. This will bring up a modal where you can configure your Operation title, objective, and access vector. Begin your operation by clicking `Create Operation`, which will take you to a new Operator session. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fexplorer%2Fnew-operation%2Fnew-operation-modal.png&w=3840&q=75) The Explore in Operator button. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Operation Notes | Method Platform | Documentation This guide will help you create, edit, and export Operation Notes in Reaper. Operation Notes let you document findings, reference Objects, and generate shareable reports during your operations. * * * Opening Operation Notes ----------------------- You can access Operation Notes from two locations: 1. **Within an Operation** – Open the sidebar in the left-hand panel to view and edit all notes created within the current Operation. ![](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/pages/guides/reaper/operation-notes/open-from-in-reaper.gif) Opening from within Reaper 2. **From the Reaper Tab** – Navigate to the Reaper Reports section to view saved notes across all Operations. ![](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/pages/guides/reaper/operation-notes/open-from-reports-tab.gif) Opening from Reports tab Creating and Editing Operation Notes ------------------------------------ Operation Notes support inline markdown rendering, allowing you to format your documentation with headers, lists, code blocks, and more. Learn more about [basic markdown syntax](https://www.markdownguide.org/basic-syntax/) . You can tag your notes as either **Operation Notes** or **AAR (After Action Report)** using the Reports Editor. ### Referencing Objects in Operation Notes Operation Notes allow you to reference Objects found within your Operation, making it easier to export structured data from the Method platform. You can add Objects to your notes using two methods: #### Mentioning Objects Type `@` to mention Objects found in your Operation. This opens a menu where you can filter by Object type and select the specific Object you want to reference. ![](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/pages/guides/reaper/operation-notes/mention.gif) Mention Objects by typing @ When mentioning an Object, you have two options: * **Insert as mention** – Creates a clickable link that opens the Object within the Method platform * **Insert as block** – Creates an immutable text block containing information about the Object #### One-Click Add You can quickly add content to your notes at the last cursor position. To use this feature: 1. Open any panel (Objects, Issues, Executions) that contains the information you want to add 2. Hover over the item you want to reference 3. Click the icon that appears while the Notepad is open This will automatically append the item to your last cursor position. ![](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/pages/guides/reaper/operation-notes/one-click-add.gif) One-click add content from Objects, Issues, or Executions Saving Operation Notes ---------------------- Operation Notes are unsaved drafts by default. To save your notes: 1. Click the **Save** button in the top-right corner of the editor 2. Saved notes become visible in the Reaper Reports tab to all members of your organization > **Note:** You can only save notes once you have added a title or body content. Exporting Operation Notes ------------------------- You can download Operation Notes as a PDF for sharing with external stakeholders. There are two ways to export: 1. **Within an Operation** – Click the download icon in the notepad header 2. **From the Reaper Reports tab** – Open the ellipses menu and select the download option ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Foperation-notes%2Felipses-menu.png&w=3840&q=75) Use the ellipses menu to export notes [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Using Filters to query data in Explorer | Method Platform | Documentation This guide will help you build complex queries in Explorer so you can find exactly the objects, object sets, or issues relevant to your work. * * * Basic filtering --------------- In this section, we’ll learn how to quickly set up basic filters in Explorer. When you land on the Explorer homepage, you will see the Explorer zero state. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fexplorer%2Ffiltering%2Fobject-zero-state.png&w=3840&q=75) Explorer Zero State for Objects In the center of the screen, you’ll see the filtering quickstart cards, which show popular environments and common object types within those environments. At the top of the page, you’ll see the basic filters: Environment selector, Objects or Issues selector, and the Object/Issue Type selector. By default, this zero state lets you start filtering Objects quickly. You can switch this view to show you the Issue zero state by clicking on the `explore: Objects` dropdown at the top of the page and changing it to `Issues`. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fexplorer%2Ffiltering%2Fissue-zero-state.png&w=3840&q=75) Explorer Zero State for Issues To start filtering from the zero state, the only requirement is to select an Object Type or Issue Type. You can optionally select to filter by an environment. After you make your selection, the screen will update to show you the first set of results. At the top of the page you’ll see the filters you’ve applied thus far. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fexplorer%2Ffiltering%2Fbasic-filters-applied.png&w=3840&q=75) Results after basic filters are applied. Complex Filtering ----------------- For this section, we’ll create some increasingly complex queries to explore our SaaS Application objects. Once you’ve chosen your environment, issues or objects, and then issue or object types, you can add additional filters by clicking on `Add Filter` or `Add Filter Group`. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fexplorer%2Ffiltering%2Fcomplex-1.png&w=3840&q=75) Add Filter and Add Filter Group options. ### Add Filter Let’s assume you want to identify your SaaS applications that may be misconfigured because they allow plaintext communication. Clicking `Add Filter` will add another filter beneath your existing basic filters. This filter will be interpreted as an `AND` filter with your top-level filters. This means that if your top-filter is `All Environments where Objects are SaaS Applications` and your second filter is `Property search where TLS Configured is False`, Explorer will interpret this query as: > “In All Environments, return Objects that: are SaaS Applications AND their TLS Configured is False”. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fexplorer%2Ffiltering%2Fcomplex-2.png&w=3840&q=75) The first filter is treated as an AND filter with the basic filters above it. Once you add your second or further filter, you’ll see a new dropdown that says `AND` by default. You can use this to change subsequent filters to use either AND or OR logic. This allows you to set up increasingly complex filters. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fexplorer%2Ffiltering%2Fcomplex-3.png&w=3840&q=75) The first filter is treated as an AND filter with the basic filters above it. Let’s say you want to further narrow down your vulnerable SaaS applications to those that are running on Apache 2.2, which is end-of-life. You can add a second filter like so, then peruse your results for old Apache versions. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fexplorer%2Ffiltering%2Fcomplex-4.png&w=3840&q=75) You can change the AND to an OR via the dropdown. ### Add Filter Group Filter Groups are useful for chunking your querying logic. Let’s create a query that lets you find SaaS applications that are either: * Application Protocol HTTP running on an Apache server, or * Application Protocol HTTPS but without TLS configuration You can set up two filter groups that are separated by an OR logic operator, like so: ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fexplorer%2Ffiltering%2Fcomplex-5.png&w=3840&q=75) Two filter groups separated by an OR operator. Notice how the filter groups in the image have AND logic within them, but are separated by an OR statement. This flexibility allows you to construct increasingly complex queries. ### Nested Filter Groups You can also nest filter groups by clicking the `Add Filter Group` button within a filter group. The same logic operators that apply at the top-level, described above, apply when dealing with nested filter groups. Collapsing the filter panel --------------------------- Complex filtering queries can take up a lot of vertical space. You can reclaim this space to explore your results by collapsing the filter view into a more compact state, which frees up real estate on your screen for your results. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fexplorer%2Ffiltering%2Fcomplex-6.png&w=3840&q=75) Click this button to collapse your filters and gain space to view your results. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Your first Operation | Method Platform | Documentation This guide will help you launch your first Operation for an internet-based investigation using resources maintained by Method Security. Operations can be investigative or offensive in nature; this guide focuses on an investigative workflow and walks you through the basic steps to get started. * * * Confirm Testing Environment is ready ------------------------------------ We recommend creating a dedicated Environment for this and other tutorials to keep your tutorial data separate from production data. See how to do so by following the [Create an Environment](https://docs.method.security/guides/environments/create-a-new-environment#create-a-tutorials-environment) guide. Once created, navigate to the Reaper homepage. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Ffirst-operation%2FReaperDashboard.png&w=3840&q=75) Launch Reaper Begin the Operation ------------------- 1. Select the **New Operation** button in the top-right corner of the screen. 2. A new operation will launch a new workspace. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Ffirst-operation%2FNewWorkspace.png&w=3840&q=75) Blank Workspace Setup the Operation ------------------- The following example depicts a internet-based reconnaissance and investigation operation of several web services: 1. Name your Operation - `-first-tutorial-operation` 2. Select **Copilot** 3. Provide a description **Objective** - `Discover and enumerate web and network resources under wayneindustries.xyz`. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Ffirst-operation%2FFirstSetup.png&w=1080&q=75) Set Objective 4. Specify the **Entry point**: a. **Environment** - `-first-tutorial` b. **Access vector** – Internet c. **Starting points** - with `FQDN` selected, add `wayneindustries.xyz` ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Ffirst-operation%2FEntryPoint.png&w=1080&q=75) Set Entry Point 5. Skip **Intelligence** and **Rules of engagement** sections 6. Select **Begin Operation** Execute ------- 1. Run the **Passive Subdomain Enumeration** tool to enumerate `wayneindustries.xyz`’s subdomains. a. Select **Passive Subdomain Enumeration** from the search box b. Hit **Run** ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Ffirst-operation%2FExecutePassiveSubdomain.png&w=3840&q=75) Passive Subdomain Enumeration 2. Confirm there are AI suggestions for next steps. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Ffirst-operation%2FExecuteAIRec.png&w=3840&q=75) AI Recommendations 3. Accept and reject some AI suggestions on next steps: a. If you see **Port Scan** as a next step, hit **Run**. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Ffirst-operation%2FAcceptPortScan.png&w=1080&q=75) Accept Port Scan Step b. If you see **Web Probe** as a next step, hit **Run**. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Ffirst-operation%2FAcceptWebProbe.png&w=1080&q=75) Accept Web Probe Step c. For all other steps recommended, hit **Reject**. 4. Next, change into **Manual** mode; this is to get a feel for not having the AI provide suggestions. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Ffirst-operation%2FChangeManual.png&w=750&q=75) Change to Manual mode 7. Take a look at some data; click **X objects found** on the top-right to open up the **Operation Report**. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Ffirst-operation%2FOperationReportData2.png&w=3840&q=75) View Operation Report Data 8. Fingerprint the services found after the Port Scan a. After the **Port Scan** step, click the arrow and then select **Choose next tool**. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Ffirst-operation%2FPortScanNode.png&w=2048&q=75) Tool after Port Scan b. Search for and select **Service Fingerprint** ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Ffirst-operation%2FNextServiceFingerprint.png&w=3840&q=75) Select Service Fingerprint c. Click and configure the execution; adjust Optional parameter - timeout to be 5, and hit **Run**. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Ffirst-operation%2FConfigureServiceFingerprint.png&w=3840&q=75) Configure Service Fingerprint 9. Inspect the raw data and resulting Objects from Service fingerprint a. Click on the **Service Fingerprint** node b. Click on the **Executions** tab c. For each execution, view both the **Workflow Steps**, **Object Found**, and **Signal Output**. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Ffirst-operation%2FServiceFingerprintInspection.png&w=3840&q=75) Service Fingerprint Step Inspection Iterate ------- This was a simple, non-intrusive, tutorial to get you familiar with some of the functionality in Operator Mode. Continue the Operation against these cloud hosted resources, start a new one against new targets (e.g. new FQDN, IP, CIDR), or Deploy a [Jackal](https://docs.method.security/guides/agents/install-a-jackal) and launch an Operation from an installed Access Vector. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Investigating Risk Types | Method Platform | Documentation This guide will help you use Bastion to understand risk across your organization’s environments. * * * Overview -------- ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fbastion%2Fcross-environment%2Frisk-types%2Frisk-types.png&w=3840&q=75) Bastion's Risk Types tab. The Risk Types page is part of Bastion’s cross-environment dashboard, where you can view and understand risk across multiple environments at high scale. The Risk Types page shows the open high-severity and critical-severity Issues across your environments, categorized by the kind of risk they represent. A Risk Type is a classification of Issue types into one of the following categories: Critical Risks, Cloud, Network, Application, Infrastructure, and OSINT. By monitoring where in your enterprise you may have certain kinds of risk, you can deploy resources towards resolving them at a larger scale. All issues shown on the Risk Types page are critical or high severity issues. Medium, low, or info severity issues are filtered out. Risks by Type ------------- The rest of the page is organized into cards for Application, Infra, Network, Cloud, and Other risks. Click into line items in each category to expand them and see details. You can explore Risk Types by looking at: * Most common issues within each risk type * The environments which have that risk type * The change in the prevalence of issues over the last week * The 12 week trend in your enterprise View long-term Trends --------------------- ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fbastion%2Fcross-environment%2Frisk-types%2Ftrends.png&w=3840&q=75) Switch to Trends views. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fbastion%2Fcross-environment%2Frisk-types%2Ftrends-tab.png&w=3840&q=75) View Trends. Switch from the `Issues` view to the `Trends` view to see the long-term trends for how the prevalence of each risk type has evolved over time. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Living off the Land | Method Platform | Documentation This guide will walk through a basic network reconnaissance and enumeration operation using Living off the Land (LotL) tools in Reaper. * * * Living off the Land ------------------- LotL tools are native system utilities or pre-installed software that adversaries repurpose to perform malicious actions while evading detection. There are several reconnaissance and enumeration LotL tools available in Reaper focused on the collection of host, system, and network information. The scenario below demonstrates host-based access and data collection on a Windows Domain Controller. See [Your First Operation](https://docs.method.delivery/guides/reaper/your-first-operation) to learn how to create an environment. Begin an Operation ------------------ From the Bastion Homepage, select **Start an Operation**. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Fliving-off-the-land%2FStartOperation.png&w=3840&q=75) Start an Operation This will drop you directly into a new workspace, where you can add a title, describe the objective, and define the scope of the operation. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Fliving-off-the-land%2FLotLObjective.png&w=1920&q=75) Create the Workspace Select **Method Range** for the environment, **Installed agent** as the **Access vector**, and select **Next** for starting points (since your agent is running on the domain controller, you do not need to provide an initial starting point). Skip the **Intelligence** and **Rules of engagement** section, then click **Begin Operation**. Execute ------- 1. Run **Agent Host System Information** to collect detailed information about the host’s operating system and hardware environment. 2. Run **Agent Host Account Discovery** to identify all local and domain accounts and credentials present on the host. 3. Run **Agent Host Network Enumeration** to gather information about the host’s network interfaces, connections, and routing configuration. 4. Run **Agent Host Software Inventory** to collect a list of installed applications, system updates, and other software on the host. > _“You can choose to run these tools individually in sequence or execute them in parallel.”_ Collectively, these tools provide a comprehensive snapshot of a host’s identity, network, user landscape, and software environment. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Freaper%2Fliving-off-the-land%2Foperationreport.png&w=3840&q=75) Explore all the Objects Identified in this Operation [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Issue Triage and Resolution | Method Platform | Documentation This guide walks you through how to filter, investigate, triage, and close issues in Method. Basic exploration and triage in the Issues app ---------------------------------------------- By default, the Issues app shows all open issues across every type, severity, and environment. ![](https://files.buildwithfern.com/visual-editor-images/docs.method.security/2025-11-17T18:47:13.091Z/guides/issues/filter-and-close-issues/CleanShot_2025-11-17_at_13.47.04@2x.png "Issue filters") You can narrow this down using the controls in the image. 1. Narrow down issues by severity: Critical, High, Medium, Low, or Info. 2. Show Open or Closed issues. By default, you will see Open issues. 3. Use the dropdown to only show issues for a particular Environment or tagged-group of environments. 4. Show issues seen in the last 24h, 7d, 30d, or all time. Below this pictured section, the left-side of your issue inbox will show you a list of Issue Tags. These contain related groups of Issue Types. You can use these to further narrow down on the issues you want to examine. Advanced filtering in Explorer ------------------------------ You can apply more advanced filters and filter groups to explore the Issues in your environments using the Explorer. [See the guide here](https://docs.method.security/guides/explorer/filtering-data) on using advanced filters in Explorer. Investigating an Issue ---------------------- When you click into an issue, the Issue view helps you understand its status and context: * Status Overview – See when the issue was last seen, whether it has been triaged, and if it’s closed. * Investigate – Drill into the impacted asset, such as other other issues affecting the same asset or related objects connected to the asset. ![CleanShot 2025-11-17 at 13.50.48@2x](https://files.buildwithfern.com/visual-editor-images/docs.method.security/2025-11-17T18:51:02.972Z/guides/issues/filter-and-close-issues/CleanShot_2025-11-17_at_13.50.48@2x.png "CleanShot 2025-11-17 at 13.50.48@2x") If an issue was seen more than 24 hours ago, you’ll be prompted to rescan for that issue. You can also kick off a rescan for more recently seen issues.  The Object Graph provides a visual way to understand how an issue relates to its underlying assets and connected components. The graph lets you investigate issues more intuitively by showing not just the affected item, but its context and dependencies. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fissues%2Ftriage%2Fobject-graph.png&w=3840&q=75) The Object Graph lets you explore the relationships between issues and assets. The Linked Assets tab will help you identify the object of interest in an issue, and view/modify any associated tags. You can also view other issues associated with the object of interest.  ![The Linked Assets view helps you tag and investigate the object of interest](https://files.buildwithfern.com/visual-editor-images/docs.method.security/2025-11-17T18:54:55.588Z/guides/issues/filter-and-close-issues/CleanShot_2025-11-17_at_13.54.46@2x.png "Linked Assets") Triage and Reporting -------------------- The Reports tab helps you package and share issues with external stakeholders. All issue details are auto-filled in markdown, with space to add more context. The PDF export will generate a report containing: * Issue description and severity * Remediation guidance * Issue history * Impacted asset details ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fissues%2Ftriage%2Fissue-report.png&w=3840&q=75) Generate an exportable markdown report to share with external stakeholders. Closing Issues -------------- You can change the issue status using the drop-down menu at the top-right corner of any Issue. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fissues%2Ftriage%2Fissue-status.png&w=1200&q=75) Change the status of an Open issue. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Running a Task. | Method Platform | Documentation This guide will show you how to run a Task. Open the Task you want to run ----------------------------- Navigate to Automator then go to the Tasks tab. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Frun-task%2Ftasks-tab.png&w=3840&q=75) Navigate to Tasks. Then, select the Task you wish to run. For this guide, select the `[Example] Black Box Cloud Bucket Investigation [Record]` file we created in [the Task Creation guide](https://docs.method.security/guides/automator/creating-a-task) . * * * Run options ----------- You can run a Task in one of two ways: 1. Schedule a Task to run on a consistent basis. 2. Run a Task immediately (called an [On Demand Task Run](https://docs.method.security/guides/automator/running-a-task#on-demand-task-run) ). Both options are in the top-right corner of the Task View page. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Frun-task%2Frun-options.png&w=3840&q=75) You can schedule a Task Run for later or start one immediately. * * * Configuration Details --------------------- For both On Demand Task Runs and for Scheduled Task Runs, you will need to configure the run’s parameters in order for it to run successfully. These parameters include: 1. The environment the Task should run in 2. The agent the Task should run on 3. Any input variables the Task requires 4. If a scheduled task run, a schedule These configuration options are saved as a “Config” which you can re-use across schedules or on-demand task runs. Note that Configs are saved to an Environment, because the input parameters are environment-specific. * * * Scheduling a Task Run --------------------- You can schedule a task to run on a specific set of objects at a cadence of your choosing. You configure these options by clicking `New Schedule` in the top-right corner. You can create multiple schedules on every Task. We recommend each schedule to be very focused on a specific set of objects so that your schedules are easier to manage in the future. When you open the scheduling form, it’ll look like this: ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Frun-task%2Fschedule-zero-state.png&w=3840&q=75) The Task run scheduling form. ### Create or choose a Config When you add a schedule to a Task, you need to configure the schedule and input parameters, if there are any. Learn more about [configs here](https://docs.method.security/guides/automator/running-a-task#configuration-details) . For our example, add the following information to your new Schedule. * Title: \[Example\] Tutorial Schedule * Environment: choose your environment which you created for your guides [here](https://docs.method.security/guides/environments/create-a-new-environment#create-a-tutorials-environment) . * Configuration: New Config * Configuration Name: \[Example\] Weekly Cloud Bucket Investigation * FQDN: `wayneindustries.xyz` * Schedule: `0 0 * * 1` (weekly on Monday at midnight) * Jackals: Cloud Agent The schedule is configured using CRON format. You can create your CRON format using [crontab guru](https://crontab.guru/) . Your final schedule should look like this. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Frun-task%2Fschedule-completed.png&w=3840&q=75) The schedule form with all fields populated. When ready, click `Schedule` and your Task will run on the scheduled cadence. * * * On Demand Task Run ------------------ You can also run a task immediately, which is called an On Demand Task Run. Do this by clicking the green `Run` button next to the `New Schedule` button. You’ll see a form similar to the New Schedule form. It has the same fields except for the schedule. ### Create or choose a config When you create an On Demand Task Run, you need to configure the schedule and input parameters, if there are any. Learn more about [configs here](https://docs.method.security/guides/automator/running-a-task#configuration-details) . For our example, add the following information to your On Demand Task Run: * Title: \[Example\] Tutorial Schedule * Environment: choose your environment which you created for your guides [here](https://docs.method.security/guides/environments/create-a-new-environment#create-a-tutorials-environment) . * Configuration: New Config * Configuration Name: \[Example\] Weekly Cloud Bucket Investigation * FQDN: `wayneindustries.xyz` * Jackals: Cloud Agent Hit run to run the task right away. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Configure Issue Severity Overrides | Method Platform | Documentation This guide walks you through how to configure severity overrides for Issue Types in Method. Issue severity overrides allow you to customize how issues are prioritized based on your organization’s specific security posture and risk tolerance. **Important:** Issue severity overrides only apply when issues are discovered or re-discovered. Changes to severity overrides do not automatically update the severity of existing open issues. The new severity will take effect the next time an issue of that type is found in your environment. Method provides two levels of severity override control: * **Global Overrides** – Apply a severity override to an Issue Type across all environments * **Environment-Level Overrides** – Apply severity overrides to specific environments or groups of environments, providing fine-grained control Environment-level overrides take precedence over global overrides, allowing you to maintain different severity standards for different parts of your infrastructure (for example, treating production issues with higher severity than development issues). Search for Issue Types ---------------------- The Issue Configuration interface allows you to quickly find and manage severity overrides for any Issue Type in your system. You can filter the list of Issue Types to find exactly what you’re looking for. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fissues%2Fconfigure%2Fissues_configure_search.png&w=3840&q=75) Select from the severity dropdown to filter Issue Types by severity (this will also include any overrides specified), or filter by Issue Type name using the search box Use the severity dropdown to show only Issue Types with a particular severity level. This filter includes both default severities and any overrides you’ve configured. Alternatively, use the search box to find specific Issue Types by name. * * * Global Severity Overrides for Issue Types ----------------------------------------- Global overrides apply to all environments unless a specific environment-level override is configured. This is useful when you want to broadly adjust the severity of an Issue Type across your entire infrastructure. ### Create or Update a Global Override To create or update a global severity override for an Issue Type: 1. Locate the Issue Type you want to override using the search and filter controls 2. In the Default Severity section, select the severity you want to apply ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fissues%2Fconfigure%2Fissues_configure_global.png&w=3840&q=75) Select a new severity level in the Default Severity section After selecting your desired severity level, click the Save button to stage your changes. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fissues%2Fconfigure%2Fissues_configure_save.png&w=3840&q=75) Click Save to stage your severity override changes A confirmation dialog will appear, prompting you to review the changes before they take effect. Click Continue to commit the override. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fissues%2Fconfigure%2Fissues_configure_confirm.png&w=3840&q=75) Click Continue to apply the override. Remember: this will only affect newly discovered issues of this type Once confirmed, the global override is active. New instances of this Issue Type will be created with the overridden severity. Existing issues of this type will maintain their current severity until they are re-discovered. ### Reset a Global Override If you want to return an Issue Type to its default severity, you can reset the global override: 1. Locate the Issue Type with the override you want to remove 2. Click the Reset button next to the Default Severity section ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fissues%2Fconfigure%2Fissues_configure_global_reset.png&w=3840&q=75) Click Reset to remove the override and return to the default severity After clicking Reset, save your changes by clicking the Save button. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fissues%2Fconfigure%2Fissues_configure_save.png&w=3840&q=75) Click Save to stage the reset Confirm the reset in the dialog that appears. Click Continue to remove the override. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fissues%2Fconfigure%2Fissues_configure_confirm.png&w=3840&q=75) Click Continue to apply the reset. Future issues of this type will use the default severity * * * Environment-Level Severity Overrides for Issue Types ---------------------------------------------------- Environment-level overrides provide granular control over issue severity based on where issues are discovered. This is particularly valuable when you need different severity standards for production versus development, or when different teams manage different environments with varying risk tolerances. ### Create or Update Environment Severity Overrides Environment overrides can be configured individually for each environment, or applied in bulk to groups of environments: 1. Locate the Issue Type you want to override 2. Expand the environment-level overrides section for that Issue Type 3. Use individual environment dropdowns to set specific severity levels, or use the top-level dropdown to apply the same severity to multiple environments at once ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fissues%2Fconfigure%2Fissues_configure_env.png&w=3840&q=75) Update each Environment severity using the dropdown, or update an entire group of Environments using the top-level dropdown for bulk changes The top-level dropdown is especially useful when you want to apply the same severity override across many environments quickly. Individual environment dropdowns allow for precise control when needed. After configuring your environment-level overrides, click Save to stage your changes. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fissues%2Fconfigure%2Fissues_configure_save.png&w=3840&q=75) Click Save to stage your environment-level severity overrides Review the changes in the confirmation dialog, then click Continue to apply the overrides. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fissues%2Fconfigure%2Fissues_configure_confirm.png&w=3840&q=75) Click Continue to apply the overrides. These will take effect for newly discovered issues in the specified environments Once applied, issues of this type discovered in the specified environments will use the overridden severity rather than the global or default severity. ### Reset Environment Severity Overrides To remove environment-level overrides and return to using the global override (or default severity if no global override exists): 1. Locate the Issue Type with environment overrides you want to remove 2. Click the Reset button next to individual environment dropdowns, or use the top-level reset button to remove overrides from multiple environments at once ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fissues%2Fconfigure%2Fissues_configure_env_reset.png&w=3840&q=75) Click Reset for each Environment severity, or reset an entire group of Environments using the top-level reset button The top-level reset button is helpful when you want to remove many environment-level overrides simultaneously, reverting them all to the global or default severity. After resetting, save your changes by clicking the Save button. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fissues%2Fconfigure%2Fissues_configure_save.png&w=3840&q=75) Click Save to stage the reset of environment-level overrides Confirm the reset in the dialog. Click Continue to remove the environment-level overrides. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fissues%2Fconfigure%2Fissues_configure_confirm.png&w=3840&q=75) Click Continue to apply the reset. Future issues in these environments will use the global or default severity Once the reset is complete, those environments will no longer have specific overrides, and issues will be assigned severity based on the global override or the default severity defined for that Issue Type. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Create your first Task | Method Platform | Documentation The following guides will show you how to create a [Task](https://docs.method.security/platform/primitives#tasks) . * * * In this guide, we’ll recreate the `Black Box Cloud Bucket Investigation [Record]` example file to learn how Tasks are created. Confirm Testing Environment is ready ------------------------------------ For this guide and your other guides, we recommend creating an Environment specifically for yourself, so you can keep your tutorial data separate from production data. See how to do so by following the [Create an Environment](https://docs.method.security/guides/environments/create-a-new-environment#create-a-tutorials-environment) guide. Get started ----------- 1. From the left sidebar, navigate to the Automator app. 2. In the top-right corner, click `New Task`. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-task%2Fcreate-task-1.png&w=3840&q=75) A blank Task creation form. 3. You will now be on a form titled Create Task. There are four steps in this form: (1) Metadata, (2) Parameters, (3) Tools, and (4) Plan. Adding Metadata --------------- Next, add Metadata for your Task. Guidelines to follow for good metadata are: * Title: make this short, unique, and descriptive, so it can be easily recognized when it appears in other parts of the platform later. * Verified Icon: you can toggle this on or off to indicate whether a Task is a “verified” Task. Verified means that this Task is endorsed such that others can use and rely on in their workflows. Keep this off if you are unsure. * Tags: you can add tags to make identifying this Task easier later on. * Description: add the long-form explanation of the intent of this Task so that future users can understand it. For our example file, populate with the following information: * Title: \[Example\] Black Box Cloud Bucket Investigation \[Record\] * Verified Icon: off * Tags: None * Description: This task performs a black-box assessment to identify and investigate exposed cloud storage buckets (e.g., AWS S3, Azure Blobs) without prior access or credentials. Starting with passive subdomain enumeration and network scanning, it uncovers web applications and service endpoints. Fingerprinting techniques are then used to detect underlying technologies and potential cloud storage integrations. The process culminates in path traversal attempts to enumerate or access misconfigured cloud buckets, helping to uncover unauthorized data exposure risks. Then click `Next` to continue. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-task%2Fcreate-task-2.png&w=3840&q=75) Metadata fields populated with our example content. Adding Parameters ----------------- Here you’ll set up the parameters for your Task. In this step, you’ll: * Choose which agents will run the Task. * Set up step variables. These are inputs that the user must specify when they run this Task. They can be used as inputs into the tools you will use on this Task. If you ever aren’t sure what variables you need yet, skip this step for now. Once you set up your task workflow in Steps 3 and 4, you’ll be able to see which tools require inputs from the user. You can configure input variables from the Plan step. For our example file, choose the following: * Cloud Agent * Step variable name: FQDN * Step variable description: Input FQDN to the task Then click `Next` to continue. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-task%2Fcreate-task-3.png&w=3840&q=75) Parameter fields populated with our example content. Adding Tools ------------ In this step, select the tools you want this Task to run. By default, all of the tools are selected. You can restrict the available tools to only the ones that you want in-scope for this task. In the next step, you will sequence the tools together into an execution path to be followed. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-task%2Fcreate-task-4.png&w=3840&q=75) Default selections on the Tool step. For our example file, unselect all tools, then select only: * Passive Subdomain Discovery * Forward Reverse DNS Lookup * Port Scan * Service Fingerprint * Web Fingerprint * Path Traversal - Cloud Bucket Then click `Next` to continue. Creating the Plan ----------------- Finally, you’ll configure the Task graph, which will sequence the selected tools into your desired execution workflow. To start, click on Edit Plan. This will take you to a full-page graph configuration view. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-task%2Fcreate-task-5.png&w=3840&q=75) Click on Edit Plan to configure your task graph. The Task Graph page has a large canvas where you can configure your task’s execution. On the right, you’ll see options to add Templates or Tools. Templates are re-usable tasks that you can embed in other Tasks. They make it easy to re-use logic you’ve already constructed without having to rebuild it. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-task%2Fcreate-task-6.png&w=3840&q=75) The empty Task Graph. Start by selecting the `Passive Subdomain Discovery` tool. Notice the right-panel where you can configure the tool. Click `Submit` to confirm the default configuration. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-task%2Fcreate-task-7.png&w=3840&q=75) Configuring a node on the Task graph. Continue by clicking on the small black `plus` icon at the bottom of the node currently on the graph. Then continue by adding `Forward Reverse DNS Lookup` to your plan. In the config, you’ll need to change from the default option (`Exclude Object Type`) to `Scoped`, which will allow you to choose whether you want input objects from the parent node or entire lineage. * Selecting `Parent` means that this tool will only accept objects of the correct type discovered by the node directly before it. * Selecting `Lineage` means that this tool will accept any objects of the correct type discovered by any tool before it. Since this is our second tool in the plan, both `Parent` and `Lineage` have the same function. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-task%2Fcreate-task-8.png&w=3840&q=75) Changing the Source to Scoped. Continue by clicking on the black plus icon again. Add each of the remaining tools in the following order: 1. Port Scan 2. Service Fingerprint 3. Web Fingerprint 4. Path Traversal - Cloud Bucket Set each of them to accept inputs from the entire lineage. When you’re done, you’ll have a graph that looks like this. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-task%2Fcreate-task-9.png&w=3840&q=75) Changing the Source to Scoped. Click `Save and Exit` in the top-left to return to the form. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-task%2Fcreate-task-10.png&w=3840&q=75) Changing the Source to Scoped. Congrats! You built your first Task. In [the next guide, we’ll cover how to run it](https://docs.method.security/guides/automator/running-a-task) . [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Creating a Test Case | Method Platform | Documentation This guide will show you how to create a Test Case. What is a Test Case? -------------------- Test Cases are an opinionated wrapper around Tasks that allow you to assert whether the output looks as you expect. Test Cases allow you to take a Task, put it on a schedule, automatically assess whether the returned objects look as you expect, and indicate success or failure accordingly. ### Differences between Test Case and a [Scheduled Task Run](https://docs.method.security/guides/automator/running-a-task#scheduling-a-task-run) Both Test Cases and Scheduled Task Runs enable a [Task](https://docs.method.security/platform/primitives#tasks) to run on a schedule on a defined [configuration](https://docs.method.security/guides/automator/running-a-task#configuration-details) . However, the purpose of a Test Case is specifically to assert whether the Task output objects look as expected. You can Configure assertions of different types: checking object counts, property values, linked object properties, or linked issue properties, for specific qualities to match your expectations. Use these assertions to define what abnormal behavior in your environment looks like. If any of these fail to match, then the test will return a fail and notify you. Learn more about Test Cases and their relationship to Tasks and Tools [in the platform docs](https://docs.method.security/platform/primitives#test-cases) . * * * Before we start --------------- Before creating your first Test Case, make sure you have a Task ready. You can use [the Task we created in our guide](https://docs.method.security/guides/automator/creating-a-task) or any Task you have on hand. Creating the Test Case ---------------------- Start by navigating to Automator in the left-navigation. Existing Test Cases live in the Test Cases tab. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-test%2Ftest-tab.png&w=3840&q=75) Navigate to existing Test Cases. Create a new Test Case by clicking on New Test Case in the top-right corner of the app. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-test%2Fnew-test-case.png&w=3840&q=75) Create a new Test Case. The Test Case form has five pages: 1. `Oveview`: where you configure metadata like Test Case Name 2. `Configure Task`: where you choose an existing Task and configure its inputs 3. `Configure Assertions`: where you define the conditions that must be true for your test to pass. 4. `Set Schedule`: configure when the Test Case should run 5. `Confirmation`: confirm all details before saving In this guide, we will create a Test Case for the “\[Example\] Black Box Cloud Bucket Investigation \[Record\]” Task we created in [the previous guide](https://docs.method.security/guides/automator/creating-a-task) as our example. ### Overview Start by giving your Test Case a clear title and objective. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-test%2Foverview.png&w=3840&q=75) Add Test Case metadata. For our example: * Name: \[Example\] Black Box Cloud Bucket Test * Objective: Checking weekly for misconfigured cloud buckets. * Duplicate: \[leave blank\] If you’re creating a Test Case that is a modification of an existing Test Case, you can duplicate it to start and make modifications to it. ### Configure Task Next, configure the Task to be used in the test case. This selects the Task whose outputs we are testing. In our example, select: * Environment: use your tutorial testing environment * Input FQDN: `wayneindustries.xyz` * Agent: Cloud Agent ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-test%2Fconfigure-task.png&w=3840&q=75) Configure the Task used in your Test Case. ### Configure Assertions #### Configuring Issue Checks This step is the important step. Here, you can configure the assertions that you expect to be true in order for your Test to pass. If any of these assertions fail, then the Test will fail. For our example, we could check to see if any of our objects have critical or high-severity issues on them. That would be configured like so: ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-test%2Fassertion-step.png&w=3840&q=75) An assertion step configured to check for Issues. If the test finds any critical or high severity issues, then it will fail. #### Configuring Object Checks You can also configure assertions to check for Object counts. This checks to see if the number of returned objects looks like you may exepct. For example, if you are running a Test to ensure that network applications are not visible from outside-in, then you might add a check like this below, where you check to confirm that there are no network applications being returned. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-test%2Fassertion-step-2.png&w=3840&q=75) An assertion step configured to check for Object counts. #### Configuring Property Checks You can use assertions to check for unexpected property type values. You accomplish this by selecting: * the object type that has the property you are interested in * defining whether all, some, or none of those objects should have this property value * select the property * define the normal parameters for this property’s value (eg: “equals 4” or “exists”) This allows you to check for the existence of and value of highly specific properties. For example, you can check whether the Network Applications returned by your task all have TLS Configuration values of `True`. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-test%2Fassertion-step-3.png&w=3840&q=75) An assertion step configured to check for property values. #### Configuring Link Checks Finally, you can use assertions to check the objects that are linked to objects returned by your Task. You can run a object check (described above) or property check (described above) on these linked objects. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-test%2Fassertion-step-4.png&w=3840&q=75) An assertion step configured to check for linked object properties. ### Configure Schedule Test Cases have a UI for configuring schedules flexibly. You can optionally switch to using a Cron expression. After configuring the schedule, you can choose a date for when the Test schedule should begin. By default, the schedule begins right away, but you can choose any future date to begin. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-test%2Fschedule.png&w=3840&q=75) This schedule will run once a week on Monday at midnight. ### Confirm and complete Finally, check the details of your Test Case, then hit Create. The Test Case will run at the specificied schedule you configured. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fautomator%2Fcreate-test%2Fsummary.png&w=3840&q=75) Confirm that your Test Case looks right. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Use Entra ID for SSO | Method Platform | Documentation This guide will walk you through the process of creating an app in Entra ID and integrating it into Method Platform’s auth service for SSO. Under the hood Method Platform uses Keycloak as its auth service. * * * Setup Azure Entra ID -------------------- ### Navigate to Microsoft Entra ID In the Microsoft Azure portal, click into Microsoft Entra ID. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fentra%2Fentra_select.png&w=1200&q=75) When you click on the menu, you’ll be to redirect to the tenant overview. If you don’t have any tenants, please see the [Quickstart](https://learn.microsoft.com/en-us/entra/fundamentals/create-new-tenant) to create a new tenant. ### Register a new Enterprise Application On this page click `Add` and then `Enterprise application`. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fentra%2Fentra_add_app_registration.png&w=1920&q=75) On the `Browse Microsoft Entra App Gallery` page, select `Create your own application`, and then `Method Platform` as the `Name`. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fentra%2Fentra_app_gallery.png&w=3840&q=75) You should now see your Enterprise application within Entra. We will return here to set up SCIM, but for now, we need to set up our OIDC provider. To do this, in the left hand sidebar click on “App registrations”. You will see an app that shares the same name as the Enterprise application you just created. Once you click in, you’ll want to set up a redirect URI. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fentra%2Fentra_redirect_uri.png&w=3840&q=75) We will now configure our redirect URI: [1](https://docs.method.security/guides/administration/sso/entra-id#platform-type) ### Platform Type Under “Platform Configurations” select `Web` for the platform type. [2](https://docs.method.security/guides/administration/sso/entra-id#redirect-uri) ### Redirect URI When prompted for your Redirect URI, enter `https://keycloak..method.delivery/realms/method/broker/entra/endpoint`. ##### Codename Make sure to replace `` in the URI above. [3](https://docs.method.security/guides/administration/sso/entra-id#supported-account-type) ### Supported account type For “Supported account types”, please select `Accounts in this organizational directory only` [4](https://docs.method.security/guides/administration/sso/entra-id#save) ### Save Click Save to save the configuration ### Create Client secrets On the app overview page, select `Add a certificate or secret` or on the left sidebar select `Certificates & secrets`. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fentra%2Fentra_app_overview.png&w=3840&q=75) Next, select `New client secret`. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fentra%2Fentra_new_client_secret.png&w=3840&q=75) Fill out a description of `Method Platform Client Secret` and keep recommended 180 days. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fentra%2Fentra_client_secret_setup.png&w=1200&q=75) Copy the `Value` immediately because you will not be able to see this value again. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fentra%2Fentra_client_secret_value_copy.png&w=2048&q=75) Share Information with your Method Mission Ops team --------------------------------------------------- There will be three pieces of information you need to share with your Method Mission Ops team: 1. The Client Secret copied in the previous step 2. An endpoint URI with OpenID information 3. Application (Client ID) ### Get OpenID Endpoint URI On the App main page, click `Endpoints`. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fentra%2Fentra_app_endpoints.png&w=1920&q=75) On the drawer that opens up, copy the value for `OpenID Connect metadata document`. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fentra%2Fentra_endpoint_openid.png&w=1920&q=75) ### Get the Application (Client ID) On the App main page, copy the value for `Application (Client ID)`. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fentra%2Fentra_app_id.png&w=1920&q=75) ### Send three pieces of information to Method Mission Ops team Ensure that this information is sent securely. Test login ---------- Once you are notified by your Method Mission Ops team, you should see a new `Entra` option when logging into Method Platform. SCIM ---- If you would like to configure SCIM, head back to your application under “Enterprise apps” in the left hand sidebar. Once inside the application configuration, go to “Provisioning” and then click on “Connect your application” ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fentra%2Fentra_scim_authentication.png&w=3840&q=75) On the next screen, you’ll perform the following steps: [1](https://docs.method.security/guides/administration/sso/entra-id#authentication-method) ### Authentication Method Leave as `Bearer authentication`. [2](https://docs.method.security/guides/administration/sso/entra-id#tenant-url) ### Tenant URL Your URL will look like `https://keycloak..method.delivery/realms/method/scim/v2/organizations/` ##### Codename Make sure to replace `` in the URI above. Your Method Mission Operations team will share your tenant ID with you. [3](https://docs.method.security/guides/administration/sso/entra-id#secret-token) ### Secret Token Leave blank. This will cause Entra to use an Entra signed token when it communicates with Method. [4](https://docs.method.security/guides/administration/sso/entra-id#test) ### Test Test the connection. ### Attributes Finally, we need to map our attributes to ensure that Method has the information it needs from the SCIM process to create users from Entra. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fentra%2Fentra_attribute_mapping.png&w=3840&q=75) [1](https://docs.method.security/guides/administration/sso/entra-id#create-new-attribute) ### Create new attribute From the attribute list, we need to add the following attribute `externalId` with a type of `String`. [2](https://docs.method.security/guides/administration/sso/entra-id#attribute-mapping) ### Attribute Mapping Back in the attribute mapping, map the `externalId` property to Entra’s `objectId`. [3](https://docs.method.security/guides/administration/sso/entra-id#email-attribute) ### Email Attribute Ensure the Entra `mail`, `givenName`, and `surname` attributes are set and make note of what they are mapped to. Share the attributes for `mail`, `givenName`, and `surname` with your Method Mission Operations team. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # AWS Integration | Method Platform | Documentation This guide will walk you through the process of running CloudFormation on either an individual AWS account or on your AWS Organization. * * * You can integrate Method with your AWS accounts by creating a dedicated read-only IAM Role in the account that you want Method to have visibility into. Method can then securely assume this role when it is performing a scan. This means that you don’t need to generate long lived credentials for your account and you are always in complete control over what access the Method Platform has within your account. Setting up this integration will require you to create an IAM Role within your AWS account and then register that role and it’s unique external identifier with the Method Platform. Once you register it with Method, you will be able to tell Method which particular [Method Environments](https://docs.method.security/platform/primitives#environments) are able to leverage this cloud connection. Finally, if you leverage the AWS Organization functionality within AWS, you will be able to automatically register any new account within either your AWS Organization or a pre-defined Organization OU. This provides you with an automatic and zero effort integration to make sure that you have total visibility across your AWS portfolio. There are three mechanisms that you can use to create the necessary IAM Role and register it with the Method Platform. [CloudFormation\ \ Automatically register AWS accounts using CloudFormation](https://docs.method.security/guides/integrations/cloud/aws/cloudformation) [Terraform\ \ Automatically register AWS accounts using Terraform](https://docs.method.security/guides/integrations/cloud/aws/terraform) [AWS Console\ \ Manually register individual AWS Accounts by creating resources in the AWS Console.](https://docs.method.security/guides/integrations/cloud/aws/manual) [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # AWS Integration - Manual | Method Platform | Documentation This guide will walk you through the process of manually creating an AWS IAM Role within your AWS account that can be used to authenticate AWS Tools within the Method Platform. * * * Method Platform --------------- [1](https://docs.method.security/guides/integrations/cloud/aws/manual#adding-a-cloud-connection) ### Adding a Cloud Connection Navigate to your stack’s integrations page within the admin panel. Click on the “Add Cloud Connection” button to add a new integration. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fmanual%2F001_cloud_integration_page.png&w=3840&q=75) [2](https://docs.method.security/guides/integrations/cloud/aws/manual#configuration) ### Configuration In section 3, name the name of the IAM role you want use to track it in Method. This also gives you the AWS Account ID, External ID, and required Policy that you will need when configuring your AWS IAM Role. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fmanual%2F002_permission_instruction_panel.png&w=3840&q=75) AWS Console ----------- [1](https://docs.method.security/guides/integrations/cloud/aws/manual#aws-console-1) ### AWS Console Within the AWS Console, navigate to the IAM dashboard and select “Roles” ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fmanual%2F003_aws_iam_dashboard.png&w=3840&q=75) [2](https://docs.method.security/guides/integrations/cloud/aws/manual#create-an-iam-role) ### Create an IAM Role Within the “Roles” page, click “Create role” in the top right corner of the screen. [3](https://docs.method.security/guides/integrations/cloud/aws/manual#configuring-your-iam-role) ### Configuring Your IAM Role Within the new Role form, please select the following options. Then click “Next” in the bottom right. * Trusted Entity Type - `AWS Account` * AWS Account - `Another AWS Account` * Account Number - Use the account number provided in section 3 of the cloud credentials form. * Options - `Require external ID` * Use the external ID provided in section 3 of the cloud credentials form. Optionally, you can specify a custom external ID, but we strongly recommend that value is unique across all integrations. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fmanual%2F004_aws_new_role.png&w=3840&q=75) [4](https://docs.method.security/guides/integrations/cloud/aws/manual#permissions) ### Permissions On the “Add Permissions” page, type `SecurityAudit` into the search bar which should filter down to a single, AWS provided policy. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fmanual%2F005_aws_role_permissions.png&w=3840&q=75) [5](https://docs.method.security/guides/integrations/cloud/aws/manual#save-your-new-role) ### Save Your New Role Name your new role and optionally provide a description before reviewing the Role configuration. It should look something like the below. If all looks good, scroll down and click “Create Role” in the bottom right. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fmanual%2F006_aws_role_review.png&w=3840&q=75) [6](https://docs.method.security/guides/integrations/cloud/aws/manual#view-your-new-role) ### View Your New Role This will create the role and return you to the Roles list, showing all the Roles within your account. Search for the name of the Role you provided in the last step and click into that Role in the table. [7](https://docs.method.security/guides/integrations/cloud/aws/manual#copy-your-roles-arn-value) ### Copy Your Role's ARN Value You should now be viewing the page for the Role you created. At the top you should see a copy button next to the ARN for the Role. Copy that ARN value and save it close by as you will need it in the next step. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fmanual%2F007_aws_role_selection.png&w=3840&q=75) Back in Method -------------- [1](https://docs.method.security/guides/integrations/cloud/aws/manual#fill-in-your-iam-role-arn) ### Fill in Your IAM Role ARN Take the ARN for the Role you created and paste it back into the Cloud Connection form within Method’s admin panel. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fmanual%2F008_input_and_confirm_arn.png&w=3840&q=75) [2](https://docs.method.security/guides/integrations/cloud/aws/manual#test-connectivity) ### Test Connectivity Confirm the connection was successful by clicking the **Test Connection** button. If there is an error, please reach out to your Method Team for support. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fconfirm_connection_successful.png&w=3840&q=75) [3](https://docs.method.security/guides/integrations/cloud/aws/manual#delegate-to-an-environment) ### Delegate to an Environment To provide you with granular control over which Method Environment’s are able to leverage this new Cloud Connection, you need to delegate that ability to individual Environments. From the Cloud Connection panel, search and click for any additional environments you want to delegate to. You can also deselect or clear environments that you no longer want to provide access to. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fdelegate_environments.png&w=3840&q=75) Existing Tasks that use this Cloud Connection will fail [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # AWS Integration - CloudFormation | Method Platform | Documentation This guide will walk you through the process of running CloudFormation on either an individual AWS account or on your AWS Organization. * * * Prerequisites ------------- Before you begin, ensure you have: * **AWS Account Access** with permissions to create CloudFormation stacks * **For Single Account**: CloudFormation and IAM permissions in the target account * **For AWS Organizations**: Access to the Organization’s management account or delegated administrator permissions for StackSets * **OAuth Credentials**: Client ID and Client Secret (provided by your Method Mission Operations Team) * **Method Domain**: Your Method instance domain name Overview -------- CloudFormation provides an easy way to quickly create resources within your AWS account. If you are using the AWS Organization feature within AWS, it also allows you to automatically apply a CloudFormation template to all accounts within your Organization or within specified Organizational Units (OUs). Method supports both of these operating models, allowing you to use CloudFormation to seamlessly integrate individual accounts, or entire Organizations with Method. Method provides its CloudFormation templates in an open format to provide maximal transparency for your organization prior to applying them. You can find all of our templates in [Github](https://github.com/method-security/aws-cloudformation-templates/tree/develop/cloudformation) along with instructions on how to apply the templates. What Gets Created ----------------- Both CloudFormation templates will create several resources within your AWS Account. For a detailed explanation, please refer to [Github](https://github.com/method-security/aws-cloudformation-templates/tree/develop/cloudformation#what-gets-created) . At a high level, a Lambda will be created that will leverage the provided OAuth credentials to authenticate with your Method instance and register a new IAM Role for your account. During this registration, a unique external ID will be generated that ensures your new IAM Role can only be accessed by Method. Once this Lambda completes, you will see the new IAM Role in your account. Required Inputs --------------- For both of these options, you will need the following pieces of information: * **OAuth Client ID and Secret** * These will be provided to you by your Method Mission Operations Team Method is actively working on the ability for you to self-service create and manage OAuth Applications inside the Method Platform * **Domain** * This is the domain name of your Method instance (e.g., `company.method.security`) * Do not include the `https://` or any trailing slashes * You can find this in your browser’s address bar when logged into Method Connecting an Individual Account -------------------------------- [Template Download\ \ Download the Single Account CloudFormation Template](https://method-cloudformation-templates.s3.us-east-1.amazonaws.com/aws/latest/method-integration.yaml) ### Applying the CloudFormation Template ###### AWS Console ###### AWS CLI [1](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#cloudformation) ### CloudFormation In the AWS Console, search for “CloudFormation” in the top search bar and navigate to the CloudFormation page. [2](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#create-stack) ### Create Stack Click “Create stack” and then “With new resources (standard)” [3](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#upload) ### Upload Select “Upload a template file”, click “Choose file”, and upload the `method-integration.yaml` file (download link above). Click “Next”. [4](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#stack-details) ### Stack Details Provide a stack name (e.g., `method-integration`) and click “Next” [5](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#parameters) ### Parameters Fill out the parameters: * **MethodClientId**: Your OAuth Client ID * **MethodClientSecret**: Your OAuth Client Secret * **MethodDomain**: Your Method domain (without https://) Click “Next” [6](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#configure-options) ### Configure Options Leave defaults and click “Next” [7](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#create) ### Create Check the box that says “I acknowledge that AWS CloudFormation might create IAM resources with custom names”, then click “Create stack” The stack will take 2-3 minutes to complete. Wait for the status to show **CREATE\_COMPLETE** (refresh the page if needed). ### Confirming Access Now that the CloudFormation stack is complete, let’s verify the connection in Method: [1](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#navigate-to-integrations) ### Navigate to Integrations In the Method Platform: 1. Click **Admin** in the left sidebar 2. Select **Integrations** → **Cloud Connections** 3. Find your newly created AWS connection (it should appear automatically) [2](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#test-connectivity) ### Test Connectivity Click the **Test Connection** button to verify the integration is working correctly. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fconfirm_connection_successful.png&w=3840&q=75) If there is an error, see the Troubleshooting section below or reach out to your Method Team for support. [3](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#delegate-to-an-environment) ### Delegate to an Environment To provide you with granular control over which Method Environments can leverage this new Cloud Connection, you must delegate access to individual Environments. This security measure ensures that only approved environments can use these AWS credentials. From the Cloud Connection panel, search and select any environments you want to delegate to. You can also deselect or clear environments that you no longer want to provide access to. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fdelegate_environments.png&w=3840&q=75) If you remove an environment from delegation, any scheduled or running Tasks in that environment using this connection will fail ### What Happens Next Once the connection is successfully tested and delegated: * Method will begin discovering resources in your AWS account(s) * You can create Tasks in delegated Environments that use this connection * The connection will automatically renew using the IAM role created * No further action is needed unless you want to modify the delegation * * * Connecting Multiple Accounts via AWS Organizations -------------------------------------------------- If you want to provide Method with visibility into your entire AWS Organization or specific Organizational Units (OUs), you can use the Method StackSet CloudFormation template. This allows you to deploy the integration across multiple AWS accounts simultaneously, giving you full control over which accounts Method can access. ### Additional Inputs In addition to the three inputs mentioned above, you will need to determine if you would like to apply this template to every account in your Organization or only specified OUs. If you want to limit to certain OUs, you will need to have those values handy. [Template Download\ \ Download the CloudFormation StackSet Template](https://method-cloudformation-templates.s3.us-east-1.amazonaws.com/aws/latest/method-stackset-template.yaml) ###### AWS Console [1](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#cloudformation-1) ### CloudFormation In the AWS Console, search for “CloudFormation” in the top search bar and navigate to the CloudFormation page. [2](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#stacksets) ### StackSets From the left hand navigation panel, click “StackSets” and then the “Create StackSet” button. [3](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#choose-a-template) ### Choose a template Configure the following options: * **Permission model**: Select “Service-managed permissions” * **Prepare Template**: Select “Template is ready” * **Specify template**: Choose one option: * Upload the downloaded template file for review, OR * Select “Amazon S3 URL” and enter: `https://method-cloudformation-templates.s3.us-east-1.amazonaws.com/aws/latest/method-stackset-template.yaml` Click “Next” [4](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#details) ### Details Provide a name for your StackSet (e.g. MethodIamIntegration) and fill out the parameters for your OAuth Client ID, Client Secret, and Domain [5](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#configure) ### Configure Acknowledge that the StackSet may create resources with custom names and click “Next” [6](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#add-stacks) ### Add Stacks It is at this point that you will need to decide whether you want to deploy to your entire AWS Organization or to individual Organizational Units. Additionally, you’ll need to specify which Regions to deploy into. As Method is deploying an IAM role, it largely does not matter but it will determine which region the Lambda is run in. [7](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#review) ### Review Review your configuration options and click “Submit” [8](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#instances) ### Instances StackSet deployment can take 5-10 minutes depending on the number of accounts. View the “Stack Instances” tab to monitor progress. Each account will show: * OUTDATED → CURRENT (successful) * OUTDATED → FAILED (needs attention) Once all accounts show CURRENT, the deployment is complete. ### Confirming Access Now that the StackSet deployment is complete, let’s verify the connections in Method: [1](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#navigate-to-integrations-1) ### Navigate to Integrations In the Method Platform: 1. Click **Admin** in the left sidebar 2. Select **Integrations** → **Cloud Connections** 3. Find your newly created AWS connections (they should appear automatically) [2](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#test-connectivity-1) ### Test Connectivity Click the **Test Connection** button for each account to verify the integration is working correctly. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fconfirm_connection_successful.png&w=3840&q=75) If there is an error, see the Troubleshooting section below or reach out to your Method Team for support. [3](https://docs.method.security/guides/integrations/cloud/aws/cloudformation#delegate-to-an-environment-1) ### Delegate to an Environment To provide you with granular control over which Method Environments can leverage these Cloud Connections, you must delegate access to individual Environments. This security measure ensures that only approved environments can use these AWS credentials. From each Cloud Connection panel, search and select any environments you want to delegate to. You can also deselect or clear environments that you no longer want to provide access to. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fdelegate_environments.png&w=3840&q=75) If you remove an environment from delegation, any scheduled or running Tasks in that environment using this connection will fail ### What Happens Next Once the connections are successfully tested and delegated: * Method will begin discovering resources in your AWS accounts * You can create Tasks in delegated Environments that use these connections * The connections will automatically renew using the IAM roles created * No further action is needed unless you want to modify the delegation Troubleshooting --------------- ### Stack Creation Failed * **Check OAuth credentials**: Verify you entered the correct Client ID and Client Secret * **Verify domain format**: Ensure your domain doesn’t include `https://` or trailing slashes (e.g., use `your.method.domain` not `https://your.method.domain/`) * **Check permissions**: Ensure you have IAM permissions to create roles and Lambda functions * **Review stack events**: In the CloudFormation console, check the Events tab for specific error messages ### StackSet Deployment Failed * **Check Organization permissions**: Ensure you have the necessary permissions in the Organization management account * **Review instance status**: Check the Stack Instances tab for specific accounts that failed * **Verify OU IDs**: If targeting specific OUs, confirm the OU IDs are correct * **Region availability**: Ensure the selected regions support the required services ### Connection Test Failed in Method * **Wait for completion**: Allow 2-3 minutes after stack creation for the Lambda to complete execution * **Check CloudFormation status**: Verify the stack shows CREATE\_COMPLETE in the CloudFormation console * **Verify IAM role**: Confirm the IAM role was created successfully in the IAM console * **Review CloudWatch logs**: Check the Lambda function logs in CloudWatch for any errors during registration ### Connection Lost After Working * **Check IAM role**: Verify the IAM role hasn’t been deleted or modified * **Review permissions**: Ensure the role’s trust policy hasn’t changed * **Check organization changes**: For StackSets, verify accounts haven’t been moved or removed from targeted OUs ### Need Help? If you’re still experiencing issues, reach out to your Method Team with: * CloudFormation stack ID or StackSet name * Error messages from the Events tab or Stack Instances tab * Screenshots of any failures * AWS account ID(s) affected Deep Dive --------- For a deep dive into the templates, additional parameters they provide, and more, please see our [Github](https://github.com/method-security/aws-cloudformation-templates/tree/develop/cloudformation) . [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Create Powerful Automations | Method Platform | Documentation The following guides will show you how to set up Automations in Method. * * * Primitives ---------- The following primitives make up automations in Method. [Tools](https://docs.method.security/guides/platform/primitives/tools) : an atomic security action in the Method Platform. That security action may wrap an API (e.g. AWS) or a scanner (e.g. Nessus) or some custom security CLI. Each Tool is designed to perform a technical task, such as scanning a target, retrieving cloud configuration data, or enumerating network resources and can be used independently or as part of a larger workflow. [Tasks](https://docs.method.security/guides/platform/primitives#tasks) : a discrete security workflow comprised of Tools that accomplish a security objective, such as enumeration, assessment, pentesting, etc. You can build tasks to automate any security workflow, then save them, run them any time, or run them on a schedule. [Tests](https://docs.method.security/guides/platform/primitives#test-cases) : an opinionated wrapper around Tasks that allow you to assert whether the output looks as you expect by classifying runs as successful or failed, allowing you to easily monitor your scheduled task runs. Tests allow you to take a Task, put it on a schedule, automatically assess whether the returned objects look as you expect, and notify you accordingly. Tools are provided by Method. You can find and learn about them in the Tools app. Some Tasks and Tests are provided by Method, and you can also create your own for your bespoke security workflows, which we will cover in the next section. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Use Okta for SSO | Method Platform | Documentation This guide will walk you through the process of creating an app in Okta and integrating it into Method Platform’s auth service for SSO. Under the hood Method Platform uses Keycloak as its auth service. * * * Setup Okta ---------- ### Navigate to Okta Admin Console Log into your Okta organization as an administrator and navigate to the Admin Console. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fokta%2Fokta_admin_console.png&w=3840&q=75) ### Create a new App Integration In the Admin Console, navigate to `Applications` > `Applications` in the left sidebar. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fokta%2Fokta_applications.png&w=3840&q=75) Click `Create App Integration`. ### Configure the App Integration On the `Create a new app integration` dialog, select `OIDC - OpenID Connect` as the Sign-in method. Select `Web Application` as the Application type. Click `Next`. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fokta%2Fokta_app_type.png&w=3840&q=75) ### Configure App Settings On the `New Web App Integration` page, enter `Method Platform` as the `App integration name`. In the `Sign-in redirect URIs` section, enter the Redirect URI which should be: `https://keycloak..method.delivery/realms/method/broker/okta/endpoint`. ##### Codename Make sure to replace `` in the URI above. For `Assignments`, select the appropriate option based on your organization’s needs. You can choose to allow all users or limit to specific groups. Click `Save`. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fokta%2Fokta_app_settings.png&w=3840&q=75) ### Get Client Credentials After saving, you’ll be redirected to the app’s general settings page. Scroll down to the `Client Credentials` section. Copy the `Client ID` - you’ll need this later. Copy the `Client secret` by clicking the copy icon - you’ll need this later. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fadministration%2Fsso%2Fokta%2Fokta_client_id_secret.png&w=3840&q=75) ##### Client Secret Security The client secret should be treated as sensitive information. If you need to retrieve it later, you can regenerate a new secret from this page. Share Information with your Method Mission Ops team --------------------------------------------------- There will be three pieces of information you need to share with your Method Mission Ops team: 1. The Client Secret copied in the previous step 2. Your Okta domain (Issuer URI) 3. Client ID ### Get Okta Domain (Issuer URI) Your Okta domain is typically in the format: `https://.okta.com` or `https://.oktapreview.com` for preview environments. You can find this in the top-right corner of the Admin Console, or in the app settings under `Okta domain`. The full Issuer URI that you’ll share is: `https://.okta.com` ### Send three pieces of information to Method Mission Ops team Ensure that this information is sent securely: 1. Client Secret 2. Okta domain (Issuer URI) 3. Client ID Test login ---------- Once you are notified by your Method Mission Ops team, you should see a new `Okta` option when logging into Method Platform. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Understand your organization's risks | Method Platform | Documentation This guide will help you use Bastion to understand risk across your organization’s environments. It will show you how to identify how to identify issues from 50,000ft and then drill all the way down to a single asset to investigate and validate risks. * * * Bastion enables visibility at every level of your organization: 1. Across all environments 2. Across specific subsets of your environments 3. Within a specific environment 4. Down to a single asset or group of assets within that environment Cross-environment Risk Dashboard -------------------------------- ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fbastion%2Foverview%2Fcross-env.png&w=3840&q=75) Understand risk across all of your environments with Bastion's cross-environment view. Bastion’s cross-environment views enable you to understand risk at the 50,000ft level. Start by opening Bastion from the left-navigation. You’ll land on Bastion’s cross-environment views, where you can evaluate the environments and risks across your entire organization. Bastion has two tabs that show your risks across your environments. Learn about them here: [Scorecard](https://docs.method.security/guides/bastion/enterprise-wide-risk-view/leveraging-the-scorecard) and [Risk Types](https://docs.method.security/guides/bastion/enterprise-wide-risk-view/investigating-risk-types) . You can also explore your environments more flexibly, by sorting on any property, on the All Environments tab. Single-environment View ----------------------- ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fbastion%2Foverview%2Fsingle-env.png&w=3840&q=75) Investigate a single environment's risk. After identifying risky environments, continue your investigation by opening a single environment. The [single environment view](https://docs.method.security/guides/bastion/single-environment-risk-views) shows you the latest updates in that environment (new issues and new objects discovered), as well as understanding Risk Types and the inventory in that environment. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Leveraging the Scorecard | Method Platform | Documentation This guide will show how to identify your riskiest and healthiest environments using the Scorecard. * * * Overview -------- ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fbastion%2Fcross-environment%2Fscorecard%2Fscorecard.png&w=3840&q=75) Bastion's Scorecard tab. The Scorecard is part of Bastion’s cross-environment dashboard, where you can view and understand risk across multiple environments at high scale. The Scorecard gives you an at-a-glance understanding of which environments are performing best or worst on key health metrics. This page also shows how environments have changed over the last 7 days, so every metric is paired with a sense of whether it is trending in the right direction. On each card, you can click on any line item to open [the details of that environment](https://docs.method.security/guides/bastion/single-environment-risk-views) . This allows you to investigate each metric further. By default, cards on the Scorecard tab show the top 5 environments in each category. You can view the full ranking by hovering over the card and then clicking on the right-arrow which appears. This will take you to the All Environments tab sorted by the same metric so you can view the full ranking. * * * Riskiest Overall ---------------- This card shows you the environments within your organization which have the highest count of critical-severity or high-severity issues. By clicking on the `#` and `%` icons, you can change the way this metric is calculated. * `#` shows you the environments with the highest count of critical or high-severity issues. * `%` shows you the environments that have the most critical or high-severity issues based on how prevalent they are given the size of each environment. You can think of this as “per capita” risk, where the risk score is proportional to the count of assets in each environment. Click on any line item to open the single-environment view to get a closer look at a specific environment. * * * Healthiest Overall ------------------ This card shows you your healthiest environments, computed using two different metrics. By clicking on the `clock` icon or `alert` icon, you can switch between the metrics. * `Clock` shows you environments based on how quickly they resolve open critical-severity or high-severity issues. Environments with a faster average close time rank higher. * `Alert` shows you environments based on how few medium, high, or critical-severity issues are present. Environments with fewer issues will rank higher. Click on any line item to open the single-environment view to get a closer look at a specific environment. * * * Most new issues --------------- This card shows you which environments have had the most new issues over the last week. This can shed light on which environments are seeing an uptick in high-severity or critical-severity risks. Click on any line item to investigate what the new issues in each environment are. * * * Most closed issues ------------------ This card shows you which environments have had the most issues closed over the last week. This can give you an idea of which environments are investing in the resolving open issues. Like the other cards, you can click on any item to investigate further. * * * Least coverage -------------- Coverage is Method’s metric for determining how often something is monitored via a task run. This card shows which environments have assets which are known to exist but were not monitored over the last 7 days. More frequent monitoring ensures that issues are discovered sooner. Having assets that are discovered and then not monitored can indicate increased risk due to lower visibility. * * * Most new assets --------------- This card shows which environments had the most new assets over the last week. Unlike the other cards on the Scorecard, this card is not green or red because it is not necessarily good or bad when there are many new assets discovered in an environment. However, it can be a sign worth investigating further to ensure that the discoveries are expected and secured. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Integrate with Kubernetes | Method Platform | Documentation This guide will walk you through the process of creating Kubernetes Credentials, regardless of how your Kubernetes Cluster is deployed, to authenticate with Kubernetes Tools in the Method Platform. * * * **Summary**: The Method Platform enables authenticated scans of your Kubernetes Clusters in 2 ways. The first pertains to AWS hosted Kubernetes Clusters (EKS) and the second is via a Kubernetes Service Account. Read below for further instructions. Authenticating with an AWS EKS Cluster using AWS Credentials ------------------------------------------------------------ 1. Follow the workflow outlined under **credentials/aws** to create an AWS Credential in the Method Platform. 2. Now that you have an AWS Credential created, whenever running a task that involves a K8s Tool, place the **AWS EKS Creds** tool at the top of the task to enable the creation of a short lived K8s Cluster Token that will allow authenticated enumeration of the K8s Cluster. ##### AWS Credential Scope The AWS Credential that enables the generation of the short lived K8s token must be scoped to view the EKS Cluster Resources in order to enable this workflow. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Finfrastructure%2Fk8s%2Faws_eks_cred_tool.png&w=3840&q=75) Authenticating with a K8s Cluster using a Service Account --------------------------------------------------------- If you your Cluster is deployed on-prem or you dont want to use the AWS Credential authentication functionality, Method provides straight forward to steps to generate a Service Account and Service Account Token via the MethodK8s ClI. ### Download the MethodK8s CLI 1. Navitgate to the Method-Security Github Orginization and click on the [methodk8s](https://github.com/Method-Security/methodk8s) repository. 2. Follow the **Quick Start** steps in the [README.md](https://github.com/Method-Security/methodk8s?tab=readme-ov-file) to get up and running. ### Create a K8s Service Account 0. If you dont want to use the MethodK8s CLI to create a Service Account and or already have one created with a Cluster wide read-only scope skip to the next section. 1. Ensure your `.kube/config` is set to the K8s Cluster you want to enumerate and that you have the correct permissions necessary to create a Service Account with a Cluster wide read-only scope. 2. Run the below command to print the `.yml` config files to the console. Dont worry this only prints the configuration files and doesnt preform any actions (yet)! `methodk8s serviceaccount configure apply` 3. Now if you want the CLI to apply the `yml` files for you run the same command with the appended flag. `methodk8s serviceaccount configure apply --run` ##### MethodK8s Namespace Flag Method enables you to set the namespace you want to Service Account deployed in via the `--namespace` flag. By default it configured in the default namespace. ### Create a K8s Credential in the Method Platform 1. Ensure your `.kube/config` is set to the K8s Cluster you want to enumerate. 2. Using the CLI you downloaded in the above section run the below command. This will print to the command line the values to input into the Method Platform. `methodk8s serviceaccount configure creds` 3. Once you have those values. Navigate to the Method Platform. 4. Go to Enviroments, and select the desired Enviroment. 5. In the top right click on **Add Credential**. 6. Click the drop down menu and select **Create K8s Credential**. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Finfrastructure%2Fk8s%2Fk8s_cred_dropdown.png&w=3840&q=75) 7. Input the values that where printed to the command line. 8. You’re all set! [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Integrate with Okta | Method Platform | Documentation This guide will walk you through the process of setting up an Okta Admin Read-Only Token as well as how to use it for authenticated Okta workflows within the Method Platform. * * * **Summary**: One of the ways that you can perform authenticated scans against your Okta instance is by utilizing Okta Admin Read-Only Tokens and allowing the Method Platform to use this scoped token while it is running a Tool that requires Okta credentials. By utilizing Okta Read-Only Tokens, you don’t need to worry about write access, and you are always in complete control over what access the Method Platform has within your environment. Enable Authenticated Okta Authenticated Workflows ------------------------------------------------- ### Custom Read-only Admin Role ##### Default Role The default Okta System Read-only Admin Role works as well! 1. Log in to the Admin Dashboards in Okta. 2. Go to the Security tab. 3. Select Administrators then Roles. 4. Click **Create New Role** in the top right corner. 5. Enter a name and description for the role. 6. Select the permissions for the role. * To get the most out of the Okta Tools the Method Platform needs the following read-access permissions * Users * Groups * Apps and app instances * Okta settings * System Log * Device Trust enablement settings * Device details * Sign-on policies ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fidentity%2Fokta%2Fokta_admin_roles_page.png&w=3840&q=75) 7. Click **Save Role**. ### Create a Read-Only Token 1. Log in to the Admin Dashboards ##### Okta Permissions If you do not see the Admin Dashboard your account does not have the correct permissions to perform this flow 2. Access the API page: * If using the Developer Console, select Tokens from the API menu. * If using the Administrator Console (Classic UI), select API from the Security menu and then select Tokens. 3. Click Create Token. 4. Name the token and click Create Token. 5. Select the Role in which to scope the Token (Read-Only Admin). 6. Record the token value. This will be your only opportunity to see it and record it. ### Create an API Token Credential in the Method Platform 1. Navitgate to the Method Plaform. 2. Go to Enviroments, and select the desired Enviroment. 3. In the top right click on **Add Credential**. 4. Click the drop down menu and select **Create API Key Credential**. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fidentity%2Fokta%2Fokta_api_key_cred_dropdown.png&w=3840&q=75) 5. Fill out the required fields. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fidentity%2Fokta%2Fokta_api_key_cred_fields.png&w=3840&q=75) 6. Click **Create API Key Credential** in the bottom left. 7. You are all set! Now you can use this Credential to enumerate your Okta instance. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # AWS Integration - Terraform | Method Platform | Documentation This guide will walk you through the process of running Terraform on either an individual AWS account or on your AWS Organization. * * * Overview -------- Terraform provides a declarative way to manage infrastructure as code within your AWS accounts. If you are using AWS Organizations, Terraform also allows you to automatically deploy resources across multiple accounts within your Organization. Method supports both of these operating models, allowing you to use Terraform to seamlessly integrate individual accounts or entire Organizations with Method. Method provides its Terraform modules in an open format to provide maximal transparency for your organization prior to applying them. You can find all of our modules in [Github](https://github.com/method-security/aws-cloudformation-templates/tree/develop/terraform) along with instructions on how to apply the modules. What Gets Created ----------------- Both Terraform modules will create several resources within your AWS Account. For a detailed explanation, please refer to [Github](https://github.com/method-security/aws-cloudformation-templates/tree/develop/terraform#architecture) . At a high level, a Lambda will be created that will leverage the provided OAuth credentials to authenticate with your Method instance and register a new IAM Role for your account. During this registration, a unique external ID will be generated that ensures your new IAM Role can only be accessed by Method. Once this Lambda completes, you will see the new IAM Role in your account. Required Inputs --------------- For both of these options, you will need the following pieces of information: * OAuth Client ID and Secret * These will be provided to you by your Method Mission Operations Team Method is actively working on the ability for you to self-service create and manage OAuth Applications inside the Method Platform * Domain * This is the domain name of your Method instance. Do not include the `https://` or any trailing slashes Connecting an Individual Account -------------------------------- [Terraform Module\ \ View the Single Account Terraform Module on Github](https://github.com/method-security/aws-cloudformation-templates/tree/develop/terraform/single-account) ### Applying the Terraform Module ###### Using the Module ###### Direct Apply Create a new Terraform configuration file (e.g., `main.tf`) with the following content: ` | | | | --- | --- | | 1 | module "method_integration" { | | 2 | source = "github.com/method-security/aws-cloudformation-templates//terraform/single-account?ref=0.1.0" | | 3 | | | 4 | method_client_id = var.method_client_id | | 5 | method_client_secret = var.method_client_secret | | 6 | method_domain = var.method_domain | | 7 | } | ` Create a `variables.tf` file: ` | | | | --- | --- | | 1 | variable "method_client_id" { | | 2 | description = "OAuth Client ID provided by Method" | | 3 | type = string | | 4 | sensitive = true | | 5 | } | | 6 | | | 7 | variable "method_client_secret" { | | 8 | description = "OAuth Client Secret provided by Method" | | 9 | type = string | | 10 | sensitive = true | | 11 | } | | 12 | | | 13 | variable "method_domain" { | | 14 | description = "Your Method instance domain (without https://)" | | 15 | type = string | | 16 | } | ` Create a `terraform.tfvars` file with your values: ` | | | | --- | --- | | 1 | method_client_id = "YOUR_CLIENT_ID" | | 2 | method_client_secret = "YOUR_CLIENT_SECRET" | | 3 | method_domain = "YOUR_METHOD_DOMAIN" | ` [1](https://docs.method.security/guides/integrations/cloud/aws/terraform#initialize) ### Initialize Initialize your Terraform workspace: ` | | | | --- | --- | | $ | terraform init | ` [2](https://docs.method.security/guides/integrations/cloud/aws/terraform#plan) ### Plan Review the changes that will be made: ` | | | | --- | --- | | $ | terraform plan | ` [3](https://docs.method.security/guides/integrations/cloud/aws/terraform#apply) ### Apply Apply the configuration: ` | | | | --- | --- | | $ | terraform apply | ` Type `yes` when prompted to confirm. ### Confirming Access Back in the Method Platform, in the Admin -> Integrations panel, it’s time to confirm our access. [1](https://docs.method.security/guides/integrations/cloud/aws/terraform#test-connectivity) ### Test Connectivity Confirm the connection was successful by clicking the **Test Connection** button. If there is an error, please reach out to your Method Team for support. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fconfirm_connection_successful.png&w=3840&q=75) [2](https://docs.method.security/guides/integrations/cloud/aws/terraform#delegate-to-an-environment) ### Delegate to an Environment To provide you with granular control over which Method Environment’s are able to leverage this new Cloud Connection, you need to delegate that ability to individual Environments. From the Cloud Connection panel, search and click for any additional environments you want to delegate to. You can also deselect or clear environments that you no longer want to provide access to. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fdelegate_environments.png&w=3840&q=75) Existing Tasks that use this Cloud Connection will fail * * * Connecting Multiple Accounts via AWS Organizations -------------------------------------------------- Instead, if you want to provide Method with visibility to your entire AWS Organization or a subset of accounts, you can use the Method StackSet Terraform module to deploy across multiple accounts within your Organization. [Terraform Module\ \ View the StackSet Terraform Module on Github](https://github.com/method-security/aws-cloudformation-templates/tree/develop/terraform/stackset) ### Prerequisites To use the StackSet module, you’ll need: * AWS CLI configured with appropriate credentials * Terraform installed (version 1.0 or higher) * Access to your AWS Organization’s management account or appropriate delegated administrator permissions * Depending on your deployment strategy: * For entire organization: Organization-level permissions * For specific OUs: The Organizational Unit IDs you want to target * For specific accounts: The list of AWS account IDs you want to integrate with Method ### Applying the Terraform Module Create your `variables.tf` and `terraform.tfvars` files as shown in the single account section above, then create a new Terraform configuration file (e.g., `main.tf`): ###### Entire Organization ###### Specific OUs ###### Specific Accounts Deploy to all accounts in your AWS Organization: ` | | | | --- | --- | | 1 | module "method_integration_stackset" { | | 2 | source = "github.com/method-security/aws-cloudformation-templates//terraform/stackset?ref=0.1.0" | | 3 | | | 4 | method_client_id = var.method_client_id | | 5 | method_client_secret = var.method_client_secret | | 6 | method_domain = var.method_domain | | 7 | | | 8 | permission_model = "SERVICE_MANAGED" | | 9 | deploy_to_organization = true | | 10 | | | 11 | target_regions = ["us-east-1"] | | 12 | } | ` This will automatically deploy to all accounts in your Organization, including future accounts as they are added. [1](https://docs.method.security/guides/integrations/cloud/aws/terraform#initialize-1) ### Initialize Initialize your Terraform workspace: `bash terraform init` [2](https://docs.method.security/guides/integrations/cloud/aws/terraform#plan-1) ### Plan Review the changes that will be made across your accounts: `bash terraform plan` [3](https://docs.method.security/guides/integrations/cloud/aws/terraform#apply-1) ### Apply Apply the configuration to all specified accounts: `bash terraform apply` Type `yes` when prompted to confirm. [4](https://docs.method.security/guides/integrations/cloud/aws/terraform#verify) ### Verify Monitor the StackSet deployment status: `bash terraform output` ### Confirming Access Back in the Method Platform, in the Admin -> Integrations panel, it’s time to confirm our access. [1](https://docs.method.security/guides/integrations/cloud/aws/terraform#test-connectivity-1) ### Test Connectivity Confirm the connection was successful by clicking the **Test Connection** button. If there is an error, please reach out to your Method Team for support. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fconfirm_connection_successful.png&w=3840&q=75) [2](https://docs.method.security/guides/integrations/cloud/aws/terraform#delegate-to-an-environment-1) ### Delegate to an Environment To provide you with granular control over which Method Environment’s are able to leverage this new Cloud Connection, you need to delegate that ability to individual Environments. From the Cloud Connection panel, search and click for any additional environments you want to delegate to. You can also deselect or clear environments that you no longer want to provide access to. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fintegrations%2Fcloud%2Faws%2Fdelegate_environments.png&w=3840&q=75) Existing Tasks that use this Cloud Connection will fail Deep Dive --------- For a deep dive into the Terraform modules, additional variables they provide, and more, please see our [Github](https://github.com/method-security/aws-cloudformation-templates/tree/develop/terraform) . [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Understand your organization's risks | Method Platform | Documentation This guide will help you investigate an environment using Bastion’s environment detail view. * * * Overview -------- Bastion provides a detailed view of your environments where you can understand their latest changes, risk profile, and inventory. You can navigate to an environment via the Bastion Dashboard’s Scorecard, Risk Types, or All Environments tab. * * * Latest changes -------------- ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fbastion%2Fsingle-environment%2Ftab-latest.png&w=3840&q=75) The Latest Tab. The Latest tab on the environment view shows you new Issues or Objects that have been found within that environment. The default time period for this is over the last 24 hours. You can modify this in the top-right corner of the dashboard. Use the newly discovered Issues and Objects to manage changing risks in your environment. Open new issues to validate that they are correct and then triage them to be resolved. Investigate new objects by clicking on them and opening their Object View. * * * Risk Types ---------- ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fbastion%2Fsingle-environment%2Ftab-risk-types.png&w=3840&q=75) Bastion's single environment Risk Types tab. Similar to the [Risk Types](https://docs.method.security/guides/bastion/enterprise-wide-risk-view/investigating-risk-types) tab on the cross-environment dashboard, this page shows you the patterns in the Issues that your environment contains. A Risk Type is a classification of Issue types into one of the following categories: Critical Risks, Cloud, Network, Application, Infrastructure, and OSINT. By monitoring where in your enterprise you may have certain kinds of risk, you can deploy resources towards resolving them at a larger scale. All issues shown on the Risk Types page are critical or high severity issues. Medium, low, or info severity issues are filtered out. You can explore Risk Types by looking at: * Most common issues within each risk type * The environments which have that risk type * The change in the prevalence of issues over the last week * The 12 week trend in your enterprise * * * Inventory --------- ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fbastion%2Fsingle-environment%2Ftab-inventory.png&w=3840&q=75) Bastion's single environment's Inventory view. Use the Inventory tab to understand the object types, counts of objects, and the related issues in your environment. If you want to drill down with complex filtering, investigate further by going to [Explorer](https://docs.method.security/guides/explorer) . * * * Go full screen -------------- You can expand the single environment view to be full-screen by clicking on the expand button in the top-right corner. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fbastion%2Fsingle-environment%2Ffullscreen.png&w=3840&q=75) Click to go full screen. [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Install and Configure a Jackal | Method Platform | Documentation The following guide will show you how to install a Jackal on prem and modify configurations. * * * Jackals ------- Jackals are Method’s lightweight, deployable security agents that execute tools and workfllows on target systems. Installed agents enable assumed breach operations and on-prem assessments. For additional details about Jackal infrastructure, see [Jackals](https://docs.method.security/platform/architecture/jackal-c2) . Install a Jackal ---------------- 1. Download the latest Jackal version by visiting the Method platform and navigating to `Download Binaries` (this will be `[your-stack].method.delivery/agent/download`) page and select the Jackal agent for your target platform. 2. Copy the Jackal executable (either `jackal` or `jackal.exe`) to your working directory: `cp ~Downloads/jackal .` 3. Make the Jackal executable `chmod +x ./jackal` (For MacOS) 4. Run the exeuctable with no arguments to ensure that system protections are not going to block the Jackal. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fagents%2Finstall%2Fjackal_not_opened.png&w=1200&q=75) System protections may block Jackal executable * For MacOS, click on `System Settings` > `Privacy & Security` > scroll down to `Security` and click `Open Anyway`. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fagents%2Finstall%2Fopen_jackal.png&w=2048&q=75) Allow Jackal to open * On Windows, navigate to `Windows Security` > `Virus & threat protection settings` > and disable `"Real-time protection"` ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fagents%2Finstall%2Fopen_jackal_windows.png&w=3840&q=75) Windows Security Settings 5. Start the Jackal enrollment process by navigating to `Admin` > `Jackals v1` > `Enroll Jackal` ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fagents%2Finstall%2Fenroll_jackal.png&w=3840&q=75) Enroll a Jackal 6. Select an environment for the Jackal and give it a name. Then click `Enroll Jackal`. For guidance on how to create an environment, see the [Create a new Environment](https://docs.method.security/guides/environments/create) . ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fagents%2Finstall%2Fenroll_jackal2.png&w=3840&q=75) Enroll a new Jackal 7. Take the output in the copy-able text box and use it as the command line arguments for the Jackal executable. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fagents%2Finstall%2Fjackal_successful.png&w=2048&q=75) Jackal successfully enrolled 8. Go back to your working directory, type `./jackal CLI arguments` or `./jackal.exe CLI arguments` from the Jackal instructions. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fagents%2Finstall%2Fconfigyaml.png&w=3840&q=75) Copy the CLI command to begin running your Jackal 9. Within two minutes, you will see a log that contains `-----BEGIN CERTIFICATE-----` ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fagents%2Finstall%2Fcertificate.png&w=3840&q=75) Log capturing certificate created 10. Stop the Jackal and confirm that a `config.yaml` file was written. 11. Restart the Jackal without any arguments to allow it to run in foreground mode (it will stop when the terminal is closed) or with `--daemonize` to run it as a daemon. Configure a Jackal ------------------ Jackals can be configured against exfiltration, workflow execution control, and C2 parameters to modify levels of riskiness during an operation. Jackal configurations can be found in the Administration settings or in the Operation Objective pane in the Operator workspace. ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fagents%2Finstall%2Fjackal_settings.png&w=1920&q=75) Jackal configuration details ![](https://app.buildwithfern.com/_next/image?url=https%3A%2F%2Ffiles.buildwithfern.com%2Fmethodsecurity.docs.buildwithfern.com%2F2025-11-17T19%3A24%3A41.609Z%2Fpages%2Fguides%2Fagents%2Finstall%2Fjackal_config_interface.png&w=3840&q=75) Jackal configuration interface [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Single Sign-On (SSO) Overview | Method Platform | Documentation Method Platform leverages standard industry authentication technologies to provide secure and flexible Single Sign-On (SSO) capabilities for your organization. Our authentication system is built on proven protocols that enable seamless integration with your existing identity infrastructure. * * * Supported Authentication Protocols ---------------------------------- Method Platform supports identity providers that implement the following industry-standard protocols: ### OpenID Connect (OIDC) OpenID Connect is a modern authentication layer built on top of OAuth 2.0. It provides a secure and standardized way to verify user identities and obtain basic profile information. OIDC is widely adopted and supported by most modern identity providers. ### Security Assertion Markup Language (SAML) SAML is a mature, XML-based authentication protocol that enables secure exchange of authentication and authorization data between identity providers and service providers. SAML 2.0 remains widely used in enterprise environments. * * * Identity Provider Integration ----------------------------- Method Platform’s authentication service is built on Keycloak, an enterprise-grade identity and access management solution. This architecture allows us to support a wide range of identity providers that implement OIDC or SAML protocols. ### Verified Identity Providers We provide detailed integration guides for the following identity providers: * **[Microsoft Entra ID](https://docs.method.security/guides/administration/sso/entra) ** - Formerly known as Azure Active Directory, Microsoft’s cloud-based identity and access management service * **[Okta](https://docs.method.security/guides/administration/sso/okta) ** - Leading independent identity and access management provider ### Other Identity Providers While we provide specific guides for Entra ID and Okta, Method Platform can work with any identity provider that supports OIDC or SAML 2.0. This includes but is not limited to: * Google Workspace * OneLogin * Auth0 * Ping Identity * KeyCloak * Any custom identity provider implementing OIDC or SAML 2.0 ##### Custom Identity Provider Integration If you’re using an identity provider not listed above, please contact your Method Mission Ops team for assistance with the integration process. * * * Authentication Architecture --------------------------- Method Platform uses a centralized authentication architecture: 1. **Identity Provider (IdP)** - Your organization’s identity management system that stores user credentials and profile information 2. **Keycloak** - Method’s authentication service that acts as an identity broker, facilitating communication between your IdP and the Method Platform 3. **Method Platform** - The application that users access after successful authentication This broker pattern allows Method Platform to support multiple authentication protocols and identity providers without requiring changes to the core platform. * * * Getting Started --------------- To configure SSO for your Method Platform installation: 1. Choose your identity provider 2. Follow the appropriate integration guide: * [Microsoft Entra ID Integration Guide](https://docs.method.security/guides/administration/sso/entra) * [Okta Integration Guide](https://docs.method.security/guides/administration/sso/okta) 3. Work with your Method Mission Ops team to complete the integration 4. Test the login flow with your users * * * Security Considerations ----------------------- Method Platform’s SSO implementation follows security best practices: * **Secure Token Exchange** - All authentication tokens are exchanged over encrypted HTTPS connections * **Client Secret Protection** - Client secrets and sensitive configuration are encrypted at rest * **Session Management** - Configurable session timeouts and token expiration * **Multi-Factor Authentication (MFA)** - Supported when configured at the identity provider level Always share client secrets and other sensitive authentication information through secure channels. Never include them in emails or unencrypted messages. * * * Need Help? ---------- If you need assistance configuring SSO for Method Platform: * Review our detailed integration guides for [Entra ID](https://docs.method.security/guides/administration/sso/entra) or [Okta](https://docs.method.security/guides/administration/sso/okta) * Contact your Method Mission Ops team for support * Ensure you have the necessary administrative access to both your identity provider and Method Platform [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) --- # Get Token With Client Credentials | Method Platform | Documentation ### Request This endpoint expects an object. client\_idstringRequired client\_secretstringRequired grant\_type"client\_credentials"Required scopestringOptional ### Response This endpoint returns an object. access\_tokenstring expires\_ininteger refresh\_tokenstring or null [![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_Black.svg)![Logo](https://files.buildwithfern.com/methodsecurity.docs.buildwithfern.com/2025-11-17T19:24:41.609Z/assets/logos/Method_Logo_White.svg)](https://docs.method.security/) [Mission](https://www.method.security/about) [GitHub](https://github.com/method-security/docs) [Request Demo](mailto:sales@method.security) ---