Overview
On this page you will learn what Solutions are in Trickest, how they combine workflows with structured storage and analysis, and how they relate to the rest of the platform.What is a Solution
A Solution is a curated, end-to-end offering for a specific security objective. It bundles the workflows (modules, tools, and configuration) you need to achieve that objective, plus an integrated way to store and analyze the results. Instead of ad-hoc output files and manual correlation, Solution runs write into live tables: structured, queryable tables that the platform normalizes from workflow outputs. Database mode in the editor lets you search, filter, track change over time, and prioritize what matters. So a Solution is both “run this security use case” and “here is where and how the results live.”Why Solutions Exist
Workflows alone give you automation; they do not by default give you a consistent place to store results, a schema that stays the same across runs, or a way to see what changed since the last run. Solutions address that by tying workflows to live tables in Database mode. You get a single place to configure inputs, run the workflow (on-demand or scheduled), and then query and analyze results in one place. Pre-built Solutions (e.g. Attack Surface Management, Dynamic Application Security Testing, Vulnerability Assessment) let you start quickly; custom Solutions let you define your own workflows and live tables for your use case.How It Works
A Solution has two main sides: execution and storage and analysis. Execution: The Solution’s workflows are designed in the Workflow tab: modules, tools, inputs, and parameters. You provide inputs (e.g. target domains, IP ranges, config files) and run the Solution on-demand or on a schedule. Runs execute like any workflow run; what is different is where the outputs go. Storage and analysis: The Solution defines one or more live tables. Each live table has a schema: named fields (e.g. hostname, port, vulnerability_id) and types (text, int, datetime, etc.) plus key fields that uniquely identify a record. Workflow outputs are mapped into these live tables; the platform normalizes and indexes the data so it can be queried quickly. Database mode in the editor is the interface to that data: you switch between live tables, apply filters (often via a query language), build views (selected columns, sort order, saved filters), and see change tracking (e.g. new, resurfaced, missing, removed, unchanged) so you can focus on what changed between runs. Live tables and Database mode are also exposed via API for integration with other systems.How It Relates
- Workflows: Solutions use workflows (and thus nodes: modules, tools, scripts). The Workflow tab is where you design or customize the Solution’s workflow. See Workflows.
- Building blocks: The workflows inside a Solution are built from modules, tools, and scripts. See Building blocks.
- Runs: Each time you run a Solution, you get a run (or runs) like any workflow execution. Results from those runs feed the Solution’s live tables.
- Machines & fleet: Solution workflows run on your configured machines or fleet, same as other workflows. See Machines & Fleet.
Common Patterns
- Using a pre-built Solution (e.g. ASM, DAST, Vulnerability Assessment) to get a full use case with minimal setup, then tailoring modules and inputs to your environment
- Building a custom Solution with your own workflow and dataset schemas when your process or data model does not match the pre-built ones
- Using Database mode to filter results, save views for triage, and track status changes (new, resurfaced, removed) across runs
- Pulling Solution dataset data via API for reporting, SIEM, or ticketing integration