Key Concepts

This page is a reference you can return to at any point. Every other section of the docs builds on the terms defined here — knowing them up front will make the rest of the documentation easier to follow.

Agent

An agent is a lightweight binary you install on a Windows, Linux, or macOS host you own. Once running, it connects to InfraScout over mutually authenticated TLS, registers itself, and sends periodic heartbeats so the platform knows it is online. When an assessment session is active, the agent receives commands and executes them on the host, returning output to InfraScout. You install and manage agents on your own infrastructure; InfraScout never initiates a direct connection to your hosts.

For installation and configuration details, see Agents.

Enrollment Token

An enrollment token is a one-time credential you generate in the InfraScout dashboard. You supply it to the agent during initial setup so InfraScout can verify the agent's identity and issue it a signed TLS certificate. Once enrollment is complete, the token cannot be reused. If an agent is removed and re-enrolled, a new token is required.

Agent Capability

A capability describes a specific type of command an agent can execute. InfraScout detects capabilities automatically when the agent starts up, based on the host operating system and its configuration. The available capabilities are:

shell — available on all platforms
powershell — available on Windows
wmi — available on Windows
eventlog — available on Windows
ldap — available on all platforms when LDAP access is configured

Assessment tools that require a particular capability will only target agents that report having it.

Agent Group

An agent group is a logical collection of agents used to scope assessments and manage access. Groups can be static, where you assign agents by hand, or dynamic, where InfraScout assigns agents automatically based on rules such as operating system, hostname pattern, or reported capabilities. A single agent can belong to more than one group.

For details on creating and managing groups, see Agent Groups.

Session

A session is a scoped assessment run against a specific agent. It tracks everything that happens during the assessment: the commands executed, their timing, their output, and the insights produced. You start a session through Claude using the session_start MCP tool and finalize it with session_submit. Sessions give every assessment a clear boundary, making findings reproducible and auditable.

For more on running assessments, see Running Assessments.

Execution

An execution is a single command run within a session. InfraScout records the command text, the output it returned, how long it took, and whether it succeeded or failed. Executions are the raw evidence that backs up insights — when Claude or a playbook surfaces a finding, the supporting executions are always available for review.

Insight

An insight is a structured finding that Claude or an assessment playbook saves during a session. Every insight carries a severity level (critical, high, medium, low, or info), a category (security, identity, networking, compliance, performance, configuration, availability, or licensing), and a status that tracks its remediation lifecycle. Status progresses from open through acknowledged and in_progress to either resolved or dismissed.

For guidance on working with insights, see Insights.

Playbook

A playbook is a markdown document that guides an AI through a structured assessment. InfraScout exposes playbooks as MCP resources, so Claude can retrieve and follow them during a session. Built-in playbooks cover common scenarios like Entra ID hygiene and endpoint compliance; you can also write your own to match your organization's specific requirements.

For authoring guidance, see Playbooks.

MCP Tool

An MCP tool is a function InfraScout exposes over the Model Context Protocol. Claude calls these tools to list agents, start and manage sessions, execute commands, save insights, and query your Microsoft cloud environment. InfraScout registers 131 tools in total, organized by prefix: agent_* tools manage agents and groups, session_* tools control assessment sessions, insight_* tools create and update findings, and mscloud_* tools interact with Entra ID, Azure, Microsoft 365, and Microsoft Defender.

Entra Connection

An Entra connection links your Microsoft Entra ID (formerly Azure AD) tenant to InfraScout. Once the connection is established, InfraScout synchronizes your users, groups, and group membership. This synchronization is what unlocks the full Microsoft Cloud tool set — without it, mscloud_* tools that query your tenant are unavailable.

For setup instructions, see Entra Connection.

Visibility

Visibility is the access control layer that determines which agents and agent groups a given user or set of users can see and interact with. You configure visibility on agent groups; agents within the group inherit that configuration. This means you can give a team access to the servers they are responsible for without exposing unrelated infrastructure.

Key Concepts ​

Agent ​

Enrollment Token ​

Agent Capability ​

Agent Group ​

Session ​

Execution ​

Insight ​

Playbook ​

MCP Tool ​

Entra Connection ​

Visibility ​