Running Assessments

An assessment in InfraScout is a structured investigation of one or more agents. Claude drives the assessment — you describe what you want to understand, and Claude decides which commands to run, interprets the results, and saves findings as Insights. Everything Claude does is logged so you have a complete audit trail.

Sessions

A session is the container for a single assessment run. Each session is scoped to one agent and tracks every command execution, its output, and its timing. Sessions have a lifecycle: they start when Claude calls session_start, accumulate executions as the assessment progresses, and are finalized when Claude calls session_submit.

You can have multiple sessions open at the same time on different agents. Sessions left open without activity are automatically closed after an inactivity period.

Starting an Assessment

With Claude connected to InfraScout, describe your goal in a conversation. Claude will typically work through the following steps:

  1. Call agent_list to find available agents, or target a specific hostname you name.
  2. Call session_start to open a session on the chosen agent.
  3. Run commands using agent_exec_shell, agent_exec_powershell, agent_exec_wmi, or similar tools, depending on the agent's operating system and capabilities.
  4. Save findings with insight_save as it discovers issues.
  5. Call session_submit when the assessment is complete.

You don't need to manage these steps yourself — just tell Claude what you want to investigate. For a targeted assessment:

"Assess the security posture of my Windows server dc01. Start with user accounts, local administrators, and open network ports."

For a broader sweep across multiple hosts:

"Run a quick health check on all Linux agents — check disk space, failed systemd services, and recent authentication failures."

Claude translates your intent into the appropriate sequence of tool calls and keeps you informed as it works.

Executions

Every command Claude runs within a session is an execution. Each execution records the exact command, its output, the time it started, how long it took, and whether it succeeded. You can view all executions for a session in the InfraScout dashboard under Sessions, then select a session and open its Executions tab. This gives you a full audit trail you can review after the assessment completes.

Monitoring in the Dashboard

The dashboard updates in real time as Claude runs an assessment. The Sessions view shows active sessions with a live execution count. Click into a session to see executions as they complete and Insights as they are saved. You don't need to stay in the Claude conversation to monitor progress — the dashboard gives you a full live view independently.

Submitting a Session

When Claude finishes its work, it calls session_submit, which marks the session as complete and read-only. You can also prompt Claude to wrap up at any point:

"Submit this session."

Once submitted, the session is closed. All Insights it produced remain accessible in the Insights view and are associated with the session for reference.

Using Playbooks

For structured, repeatable assessments, use a playbook. A playbook guides Claude through a defined set of checks, ensuring consistent coverage across runs. To start a playbook-driven assessment, ask Claude to load one:

"Get the Active Directory Assessment playbook and follow it."

See Playbooks for details on how playbooks work and how to author your own.

Role Requirement

Only users with the Operator or Admin role can start and submit sessions. Users with the base User role can view sessions and Insights but cannot initiate assessments.