Custom scenarios
Author your own attack templates and run them like any built-in catalogue entry. Pro plan and above.
Key points
- A scenario is a RunRequest template — target_scope, scan_profile, attack_depth and a compliance_tags array.
- Authored scenarios live alongside the built-in catalogue and can be triggered from /runs/new like any other.
- Templates are stored per-tenant and versioned by the same audit chain as runs.
- Pro+ is enforced server-side: a downgraded tenant keeps read access to existing scenarios but cannot create or edit.
01
When to author one
- Your stack ships a recurring threat shape the built-in catalogue does not cover yet.
- You want to pin a scenario to a specific compliance frame for audit replay.
- You want to share a tenant-private playbook between teammates without forking the catalogue.
02
What it does not do
- It does not bypass target_scope checks — every run still requires an approved target.
- It does not replace the catalogue — built-in probes still execute on top of your scenario.
- It is not a sharing surface across tenants. Scenarios stay tenant-private.