The System page is administrator-only tooling for tenant-wide operational settings and visibility into platform-driven scan timing. Open it from the account menu (user avatar, top-right) → System Configurations.
Page layout
- Emergency Stop -- Red control in the header area to halt active system scanning operations immediately when required (use only when you understand the impact).
- Tabs:
- Configurations -- Key/value settings stored for your organization (below).
- Metrics -- May appear only in certain environments (for example on-prem or staging); not shown in all SaaS builds.
- Scan Timeline -- Read-only overview of automated scan schedules across the shared S4E execution layer (below).
- Accessibility Checker -- Accessibility-related checks for the product experience.
Administrator access
If you do not see System Configurations in the account menu, your user does not have administrative privileges.
Configurations
On the Configurations tab you maintain organization-level secrets and runtime tuning. Typical elements:
| Element | Purpose |
|---|---|
| Search | Narrow the configuration list by key name. |
| Available Keys | Opens documented keys you are allowed to set. Today this includes Web vulnerability scanning (see below). Additional documented keys appear here as they are exposed in the product. |
| + Add Config | Create a custom entry: supply a key and value. Use this for AI-based scan runtime settings and other keys documented by S4E, in addition to the web vulnerability keys listed under Available Keys. |
Configurations are listed in a table with Key, Value (often masked after save), Added at, and row Actions (for example edit or delete).
Web vulnerability scanning keys
Under Available Keys, the Web vulnerability scanning section explains how the recurring web vulnerability task behaves per tenant. Supported keys:
| Key | Type | Default | Description |
|---|---|---|---|
WEB_VULN_MAX_PARALLEL_ASSET |
int | Unlimited | Maximum number of assets processed in parallel per run. |
WEB_VULN_MAX_PARALLEL_SCAN_PER_ASSET |
int | Unlimited | Maximum number of scans per asset per run. |
WEB_VULN_INCLUDE_REGEX |
string | (all URLs) | Only URLs matching this pattern are candidates for scanning. |
WEB_VULN_EXCLUDE_REGEX |
string | (none) | URLs matching this pattern are skipped. |
Notes:
- Regex is evaluated against the full URL (for example
https://example.com/api/login). - Include accepts substring or full-regex behaviour; invalid regex may be ignored so that no URLs match.
- Exclude wins: if a URL matches both include and exclude, it is skipped.
- URL selection happens per (asset, port). Up to 10 URLs can be chosen per pair, and URLs must not have been scanned in the last 20 days (product logic subject to platform updates).
AI scans and other configurations
Runtime parameters for AI-generated or AI-related scans use the same Configurations table. Add the key/value pair supplied in S4E documentation or by support via + Add Config. When those keys are published in-product, they also surface under Available Keys alongside web vulnerability scanning.
Warning
Misconfigured keys can affect scanning coverage or performance. Prefer copying keys exactly from Available Keys or from official guidance.
Scan Timeline
Open the Scan Timeline tab for a cross-tenant view of automated scanner cadence: which scan definitions are queued on the shared S4E scheduler, how often they run, when they last ran, and when the next run is expected.
Typical behaviours:
- A yellow banner may appear when Skip Configuration rules are active, for example: Scheduler skip configuration is active. Your scans will be skipped based on this configuration.
- Filters help narrow the list: Search, Asset Type, Scan Tools, AI Scans (similar in spirit to other results screens that separate AI-created workload).
- Columns often include Scan name, Last Run Time, Scheduled Time, Scan Interval, Status (for example Scheduled), Severity, and Asset Type (targets such as domain, IPv4, subdomain, or URL).
This view answers “when does the platform plan to fire this recurring scan globally,” not manual one-off scans you start yourself. Use it for planning and correlating outages or skip windows with expected activity.
What's Next?
- Skip Configuration -- Define cron-based windows when automated scans must not run.
- Users & Roles -- Confirm who qualifies as an administrator.