Spry LogoOpsfolio
Fleetfolio Threat Exposure

Quick Start

Fleetfolio Threat Exposure Module setup and execution guide

Quick Start Guide

This guide explains how to set up and run the Fleetfolio Threat Exposure Module via Docker to operationally validate security findings and assess real-world threat exposure through Operational Acceptance Testing (OAT). The module consumes outputs from Fleetfolio Pentest and completes the OAT process by validating real-world risk, prioritization, and remediation workflows.

Install Docker

Ensure Docker is installed and running on your system.

sudo apt update && sudo apt install docker.io -y && sudo systemctl enable docker --now

Error Fix

If the update fails, run:

sudo sed -i 's|http://http.kali.org|https://http.kali.org|' /etc/apt/sources.list && sudo apt-get clean && sudo apt-get update --fix-missing

Docker Pull

Pull the docker image

sudo docker pull fleetfolio/threat-exposure

Before running the Docker container, ensure you have the generated *.sqlite.db file from Fleetfolio Pentest. The container requires this file to be present in your current working directory to successfully bootstrap the web interface.

Docker Run

Launch the container.

sudo docker run --rm -it -p 9228:9228 -v "$PWD:/data" fleetfolio/threat-exposure

If multiple databases are detected in your current directory, the container will interactively prompt you to select the correct one via terminal input.

Custom Setup

If you want to import any results into the *.sqlite.db, create a new folder under the timestamps directory with the name of the tool that identified the issue and paste the results in JSON/JSONL/TXT/MD format.

Then, re-generate the *sqlite.db manually using the surveilr command shown below:

surveilr ingest files -r . --tenant-id NET1234 --tenant-name "Netspective" &&
sudo mv resource-surveillance.sqlite.db NET1234-2026-04-09-23-49-44.opsfolio-eaa-rssd.sqlite.db

Custom

Make sure you run this step inside the timestamps directory.

If you want to merge multiple *sqlite.db files into a single *sqlite.db, after creating interpretations, copy and paste the databases into a single folder and use the following command:

surveilr admin merge -p "interpretation_task_master" -p "tool_description"

Merged Database

This will create a new merged database called resource-surveillance-aggregated.sqlite.db. Run the Fleetfolio Threat Exposure Docker image again to visualize the results.

How is this guide?

Last updated on

Download Operational Truth™ - Fleetfolio Threat Exposure Module

Fleetfolio Threat Exposure Module is the Operational Acceptance Testing (OAT) layer of Fleetfolio, designed to validate real-world threat exposure and operational risk. It converts technical findings into actionable insights and workflows and is deployed locally on a workstation or server with the required dependencies installed beforehand.

On this page

Quick Start Guide
Install Docker
Docker Pull
Docker Run
Custom Setup