In SpartanX, an engagement is the core testing workflow used to assess a target. Depending on how you configure it, an engagement can behave like a focused penetration test, a broader red team exercise, or a validation or retest cycle.
The platform supports both traditional scoped testing and more adaptive workflows that branch based on what is discovered during execution. This allows you to match the engagement to the needs of the environment you are testing.
Choose the right engagement type
Engagement type | Best used when | What it does |
Full-Scope Operation | You are testing a target for the first time | Initiate an end-to-end autonomous red team campaign, encompassing continuous reconnaissance, lateral movement, and active exploitation. |
Targeted Attack Validation | You already have known findings to confirm | Deploy AI agents to execute specific attack paths and confirm if theoretical vulnerabilities can be actively exploited. |
Remediation Verification | You want to verify remediation work | Relaunch targeted operations against previously compromised assets to guarantee your defensive fixes hold up under active attack. |
Step 1, enter and validate the target
Start by entering the target URL or IP address, then validate it. This initial validation checks reachability, fingerprints the target, confirms SSL behavior, and helps prevent simple errors such as a mistyped domain. SpartanX only performs this initial validation on the first engagement for a given asset, so repeat testing becomes faster later.
Step 2, choose the asset discovery mode
This step determines how tightly the engagement stays within the original target scope.
Discovery mode | What it means |
Strict | Tests only the targets you explicitly provided |
Auto-extend | Allows the platform to discover related systems, such as additional endpoints, APIs, or supporting infrastructure |
If you want a traditional penetration test, use Strict. If you want a more exploratory red team workflow, use Auto-extend.
Step 3, choose the engagement depth (Configure Operation Intensity)
Engagement depth | Recommended use |
Adaptive | Best default for most environments, balances depth and efficiency automatically |
Quick | Good for lower-priority environments or fast checks |
Deep | Best for high-stakes environments where thoroughness matters most |
Adaptive mode is the most practical starting point for most teams because it lets the platform decide how far to go based on the target and findings.
Step 4, Configure Operator Involvement
Autonomous Execution testing means the platform executes the engagement autonomously against the identified scope. Once the engagement begins, the scope remains fixed.
Collaborative Execution testing is designed for collaboration. Your team can work alongside the platform while the engagement is running, adding a human-led component to the broader testing workflow.
Step 5, name and schedule the engagement
Give the engagement a clear name so it is easy to find later. Then choose whether to start it immediately, save it as a draft, or schedule it to run on a recurring basis. Recurring scheduling supports continuous red teaming and can be aligned to the cadence that makes sense for your environment.
What happens after launch
Once the engagement begins, SpartanX starts by mapping the target environment. As it discovers relevant technologies and attack surfaces, it expands into the right domains, such as web application testing or API testing. This creates a full workflow that mirrors how an experienced offensive security team would approach the target.
For first-time users, the best practice is to begin with a well-defined target, choose Adaptive depth, and use strict scope unless you explicitly want broader exploration.