Passive – no damage Credentialed – admin rights; more information; audit files; account and certificate information Non‐credentialed – low level; finds missing patches Identify lack of security controls or misconfiguration