Scope Management

Define target scope to focus AI analysis on relevant traffic.

Table of contents
  1. Why Scope Matters
  2. Configuring Scope
    1. Adding Scope
    2. Scope Patterns
    3. Removing Scope
  3. How Scope Affects Features
  4. Best Practices

Why Scope Matters

Without scope management, VISTA would analyze every HTTP request passing through Burp’s proxy — including CDN requests, tracking pixels, third-party scripts, and other irrelevant traffic. This wastes AI tokens and clutters findings.

Scope ensures VISTA only analyzes traffic from your target application.

Configuring Scope

Adding Scope

  1. Go to Traffic Monitor tab → click “Scope”
  2. Or go to Settings tab → Scope section
  3. Add target domains:
example.com
api.example.com
*.example.com

Scope Patterns

Pattern Matches
example.com Exact domain match
*.example.com All subdomains
api.example.com Specific subdomain

Removing Scope

Click the ✕ next to any scope entry to remove it.

How Scope Affects Features

Feature With Scope Without Scope
Traffic Monitor Only analyzes in-scope traffic Analyzes ALL traffic (expensive)
AI Advisor No restriction (always works) No restriction
Findings Only in-scope findings All findings
Token Usage Efficient Wasteful

Best Practices

Always set scope before starting Traffic Monitor. This prevents unnecessary AI token consumption.

Include API subdomains. Many applications use separate API domains (api.example.com) — include these in scope.

Use wildcards sparingly. *.example.com catches everything, but app.example.com + api.example.com is more precise.

Back to top

VISTA — Vulnerability Insight & Strategic Test Assistant. Made with ❤️ for the Security Community.

This site uses Just the Docs, a documentation theme for Jekyll.