Best Practices
Guidelines and best practices for using FullHunt Agentic AI effectively and securely.
Query Design
Be Specific and Clear
Good Examples:
✅ "Find all subdomains of example.com with exposed admin panels"
✅ "Search for CVE-2024-1234 and check EPSS score"
✅ "Get SSL certificates expiring in the next 30 days"
Poor Examples:
❌ "Check this domain" (too vague)
❌ "Security stuff" (no actionable request)
❌ "Everything about example.com" (too broad)
Use Multi-Step Workflows
Instead of multiple separate queries, combine them into a single workflow:
Inefficient:
Query 1: "Find subdomains of example.com"
Query 2: "Check technologies for those subdomains"
Query 3: "Search for vulnerabilities"
Efficient:
"Investigate example.com:
1. Discover all subdomains
2. Identify technology stack for each
3. Search for known vulnerabilities
4. Prioritize by severity"
Provide Context
Help the AI understand your goals:
"I'm investigating a potential security incident. For IP 1.2.3.4:
- Check if it's a known threat
- Find associated domains
- Review passive DNS history
- Check for connections to our infrastructure"
Performance Optimization
Batch Operations
When analyzing multiple targets, use batch queries:
Inefficient:
"Check example.com"
"Check test.com"
"Check demo.com"
Efficient:
"Analyze these domains and compare security postures:
- example.com
- test.com
- demo.com"
Use Appropriate Tools
Select the right tool for your needs:
- Quick lookups: Use
fullhunt_hostorfullhunt_domain_details - Comprehensive scans: Use
fullhunt_scan - Historical data: Use
intel_*tools - Threat intel: Use
nexus_*tools
Security Best Practices
API Key Management
Never Expose Keys
❌ Don't:
- Commit keys to version control
- Share keys in chat/email
- Hardcode keys in scripts
- Use production keys in development
✅ Do:
- Use environment variables
- Rotate keys regularly
- Use different keys per environment
- Revoke unused keys immediately
Environment Variables
# .env file (never commit this)
FULLHUNT_API_KEY=your-api-key-here
# Load in your MCP config
"headers": {
"X-API-KEY": "${env:FULLHUNT_API_KEY}"
}
Access Control
Principle of Least Privilege
Grant only necessary permissions:
Development: Read-only API key
Testing: Limited-scope API key
Production: Full-access API key (restricted)
Monitor Usage
Regularly review API usage:
- Check request logs
- Monitor for unusual patterns
- Set up usage alerts
- Review active API keys
Data Handling
Sensitive Information
Be careful with sensitive data in queries:
❌ Don't:
"Search for compromised password 'MyPassword123'"
✅ Do:
"Search for compromised credentials for user@example.com"
Log Management
Ensure logs don't contain:
- API keys
- Passwords or credentials
- Sensitive personal information
- Internal system details
Workflow Optimization
Common Use Cases
Daily Security Monitoring
"Daily security check for example.com:
1. Check for new subdomains
2. Scan for new vulnerabilities
3. Review SSL certificate status
4. Check for dark web mentions
5. Summarize critical findings"
Incident Response
"Investigate suspicious activity from IP 1.2.3.4:
1. Check IP reputation and threat score
2. Identify geolocation and ASN
3. Find all associated domains
4. Review passive DNS history
5. Check for Tor/VPN usage
6. Generate incident report"
Vulnerability Management
"Vulnerability triage for CVE-2024-1234:
1. Get CVE details and CVSS score
2. Check EPSS probability
3. Verify CISA KEV status
4. Find available exploits
5. Check if our assets are affected
6. Provide remediation recommendations"
Third-Party Risk Assessment
"Assess vendor security for vendor.example.com:
1. Map attack surface
2. Identify technologies and versions
3. Search for known vulnerabilities
4. Check for data breaches
5. Review SSL/TLS configuration
6. Generate risk score"
Error Handling
Common Issues and Solutions
Authentication Failed
Error: "Authentication failed"
Solutions:
- Verify API key is correct
- Check for extra spaces
- Ensure key is active
- Regenerate if compromised
Tool Not Available
Error: "Tool not found" or "Access denied"
Solutions:
- Verify account tier supports tool
- Check tool name spelling
- Review Tools Reference
- Contact support for access
Timeout Errors
Error: "Request timeout"
Solutions:
- Break large queries into smaller parts
- Use more specific searches
- Check network connectivity
- Retry with exponential backoff
Integration Best Practices
Claude Desktop
Configuration
Keep your config organized:
{
"mcpServers": {
"fullhunt-production": {
"transport": "http",
"url": "https://fullhunt.io/api/v1/mcp",
"headers": {
"X-API-KEY": "${env:FULLHUNT_API_KEY_PROD}"
}
},
"fullhunt-staging": {
"transport": "http",
"url": "https://fullhunt.io/api/v1/mcp",
"headers": {
"X-API-KEY": "${env:FULLHUNT_API_KEY_STAGING}"
}
}
}
}
Session Management
- Start fresh sessions for unrelated investigations
- Clear context when switching between tasks
- Save important findings before closing
Cursor IDE
Project-Specific Configuration
Use workspace-specific API keys:
{
"mcpServers": {
"fullhunt": {
"transport": "http",
"url": "https://fullhunt.io/api/v1/mcp",
"headers": {
"X-API-KEY": "${env:FULLHUNT_PROJECT_API_KEY}"
}
}
}
}
Reporting & Documentation
Executive Summaries
Request clear, actionable reports:
"Generate executive summary of example.com security assessment:
- Number of assets discovered
- Critical findings count
- Top 3 risks with impact
- Recommended immediate actions
- 30-day security roadmap"
Technical Reports
For detailed technical documentation:
"Create detailed technical report for example.com:
- Complete asset inventory with tech stack
- Vulnerability matrix with CVSS scores
- Exploitation likelihood (EPSS)
- Detailed remediation steps
- Verification procedures"
Trend Analysis
Track changes over time:
"Compare example.com security posture with last month:
- New assets discovered
- Vulnerabilities introduced/fixed
- Security score changes
- Exposure changes"
Cost Optimization
Efficient Querying
Minimize unnecessary API calls:
Inefficient:
Multiple separate tool calls for related information
Efficient:
Single comprehensive query that leverages AI chaining
Caching
Leverage AI's context for repeated queries:
"Get subdomains for example.com"
[Results cached in conversation]
"Now check each of those subdomains for vulnerabilities"
[Uses cached results, no new API call for subdomains]
Scheduled Operations
Use enterprise scheduled scans instead of manual repeated scans:
- Set up automated daily/weekly scans
- Configure alerts for changes
- Review consolidated reports
Compliance & Governance
Authorized Testing Only
⚠️ Important: Only scan and investigate:
- Your own assets
- Assets you have written permission to test
- Public information for research purposes
Data Retention
Understand data retention policies:
- Query results are session-specific
- Enterprise accounts have data retention settings
- Configure retention based on compliance needs
Audit Trails
Maintain audit logs:
- Document investigation purposes
- Track queries and findings
- Record remediation actions
- Maintain compliance evidence
Advanced Tips
Custom Workflows
Create reusable workflow templates:
"Security Audit Template:
For domain {DOMAIN}:
1. Asset Discovery
2. Technology Identification
3. Vulnerability Assessment
4. Dark Web Monitoring
5. Risk Scoring
6. Remediation Plan"
Integration with SOAR
Combine with Security Orchestration:
# Pseudo-code
incident_ip = get_alert_ip()
query = f"Investigate IP {incident_ip} and generate threat profile"
result = fullhunt_mcp.query(query)
soar.create_ticket(result)
Continuous Monitoring
Set up continuous monitoring workflows:
"Monitor example.com continuously:
- Alert on new subdomains
- Alert on new vulnerabilities (CVSS > 7)
- Alert on SSL expiry (< 30 days)
- Alert on dark web mentions
- Daily summary report"
Getting Help
Documentation
- Tools Reference - Complete tool documentation
- Examples - Real-world query examples
- Integration Guide - Setup instructions
Support Channels
- Email: team@fullhunt.io
- Documentation: api-docs.fullhunt.io
- Professional Support: Available with Professional plan
- Dedicated Support: Available with Enterprise plan
Community
- Share workflows and tips
- Contribute to documentation
- Report issues and bugs
- Request new features
Ready to optimize your security workflows? Start implementing these best practices today!