Appearance
Manage Adapters
After adding adapters to AttackLens, you can view their status, edit their configuration, activate or deactivate them, trigger manual syncs, and delete them when no longer needed.
INFO
Viewing adapters requires Auditor role or higher. Editing, deleting, and toggling adapters requires Admin role or higher.
View the Adapter List
Navigate to Discovery > Adapters to see all configured adapter connections.
The adapter list displays the following information for each adapter:
| Column | Description |
|---|---|
| Name | The descriptive label you assigned when creating the adapter. Click the name to view the adapter detail page. |
| Provider | The cloud provider (Azure, AWS, GCP, or vSphere), shown with the provider's icon. |
| Status | Whether the adapter is Active (green) or Inactive (red). |
| Created | When the adapter was first configured. |
You can search adapters by name or provider using the search bar at the top of the list.
View Adapter Details
Click an adapter's name to open its detail page.
The detail page shows:
- Name: The adapter label.
- Provider: The cloud provider with icon.
- Status: Active or Inactive.
- Created At: When the adapter was created.
- Last Updated: When the adapter was last modified.
- Scope: The resource scope (if configured), such as a specific subscription or resource group.
- Regions: The regions the adapter discovers. Shows "All Regions" if no specific regions are selected.
- Last Sync: The date and time of the most recent discovery run.
- Last Sync Status: Whether the last sync completed successfully or encountered an error.
- Last Sync Error: If the last sync failed, the error message is displayed here.
Detail Page Actions
The adapter detail page provides three action buttons:
| Button | Action |
|---|---|
| Test Connection | Validates the stored credentials against the cloud provider. Shows whether the connection is valid and which permissions are available. |
| Edit | Opens the adapter form to modify the adapter name, credentials, scope, or regions. |
| Delete | Permanently removes the adapter and all associated data. Requires confirmation. |
Edit an Adapter
- Navigate to the adapter detail page.
- Click Edit.
- Modify any of the following fields:
- Name: Update the descriptive label.
- Credentials: Update credentials (e.g., after rotating a secret or access key). The provider cannot be changed after creation.
- Scope: Narrow or broaden the discovery scope.
- Regions: Change which regions are discovered.
- Active toggle: Enable or disable the adapter.
- Optionally click Test Connection to verify the updated credentials.
- Click Save.
TIP
When you update credentials, click Test Connection before saving to ensure the new credentials are valid. A failed test does not prevent saving, but the next discovery run will fail.
Activate or Deactivate an Adapter
You can toggle an adapter between Active and Inactive states without deleting it.
- Active adapters participate in scheduled discovery runs and can be manually synced.
- Inactive adapters are paused. No discovery runs will execute, but the adapter configuration and historical data are preserved.
To toggle the status:
- Open the adapter in edit mode.
- Use the Active toggle switch at the top of the form.
- Click Save.
TIP
Deactivating an adapter is useful when you need to temporarily stop discovery (e.g., during credential rotation or cloud maintenance) without losing the adapter configuration.
Test an Existing Adapter's Connection
You can re-test an adapter's connection at any time to verify that the stored credentials are still valid.
- Navigate to the adapter detail page.
- Click Test Connection.
- AttackLens will authenticate using the stored (encrypted) credentials and report:
- Whether the connection is valid.
- A description of the authenticated identity.
- Which permissions are available.
- Whether sensor deployment capability is detected.
This is useful for:
- Verifying credentials after rotation.
- Diagnosing why a discovery run failed.
- Confirming permissions after IAM changes in the cloud provider.
Delete an Adapter
Deleting an adapter permanently removes the adapter configuration. Discovery snapshots collected by the adapter remain in the system for historical reference.
- Navigate to the adapter detail page.
- Click Delete.
- A confirmation dialog appears. Confirm the deletion.
WARNING
Deletion is permanent and cannot be undone. If you want to temporarily stop discovery without losing the configuration, deactivate the adapter instead.
Adapter Statuses Explained
The Last Sync Status field on the adapter detail page indicates the result of the most recent discovery run:
| Status | Meaning |
|---|---|
| Completed | The discovery run finished successfully. All resources were enumerated and snapshots were created. |
| Error | The discovery run encountered a problem. Check the Last Sync Error field for details. |
| (blank) | No discovery has run yet. This typically means the adapter was just created and the first sync has not completed. |
Common error causes:
- Authentication failure: Credentials expired or were revoked. Update the credentials and test the connection.
- Insufficient permissions: A required role or policy was removed. Re-assign the necessary permissions in the cloud provider.
- API rate limiting: The cloud provider throttled API requests. The next scheduled run will typically succeed.
- Network connectivity: AttackLens cannot reach the cloud provider's APIs. Check network and firewall settings.
Next Steps
- Understand adapters for a conceptual overview of how adapters work.
- View discovery snapshots to inspect data collected by your adapters.
- Trigger a manual discovery to run discovery outside the regular schedule.