TestimoX

Configuration

Edit on GitHub

Configure TestimoX rule selection, output formats, profiles, durable store options, and JSON-based run settings.

Configuration

TestimoX can be configured through CLI flags, PowerShell parameters, JSON configuration files, or the .NET API.

Rule Selection

Control which rules are evaluated using rule names, curated profiles, and category or tag filters.

# CLI: run a curated profile
TestimoX.exe --profile AdSecurityAssessment

# CLI: run only a specific set of rules
TestimoX.exe --rules ForestRecycleBinAndLifetimes,DomainPasswordPolicy

# PowerShell: include named rules
Invoke-TestimoX -IncludeRules 'ForestRecycleBinAndLifetimes','DomainPasswordPolicy'

# PowerShell: use typed C# rules
$cs = [TestimoX.Definitions.CSharpRule]
Invoke-TestimoX -IncludeCSharpRules $cs::ForestPkiConfiguration, $cs::DomainKerberosPolicy

# PowerShell: review the generated catalog and migration inventory
Get-TestimoXConfig -ListRules | Format-Table Name, SourceType, EnabledByDefault
Get-TestimoXRuleOverview -Inventory | Format-Table Name, Type, State

Baseline and Filters

Use baseline mode, categories, tags, and cost filters when you want to shape larger runs.

# CLI: baseline mode skips DomainController-scoped rules
TestimoX.exe --baseline

# PowerShell: filter by categories and tags
Invoke-TestimoX -IncludeCategories Forest,Security -IncludeTags PKI,LAPS

# Exclude heavy rules during an exploratory run
Invoke-TestimoX -ExcludeHeavy -MaxCost Moderate

Output Configuration

HTML and JSON Reports

# CLI
TestimoX.exe --all --html-path "C:\Reports\TestimoX.html" --json "C:\Reports\TestimoX.json"

# PowerShell
Invoke-TestimoX -HtmlReportPath "C:\Reports\TestimoX.html"

Verbosity

Invoke-TestimoX -Verbosity Quiet
Invoke-TestimoX -Verbosity Normal
Invoke-TestimoX -Verbosity Detailed
Invoke-TestimoX -Verbosity Debug

Console View

Invoke-TestimoX -View Auto
Invoke-TestimoX -View Standard
Invoke-TestimoX -View Ansi

Durable Store

Enable the durable store to reuse results across runs, resume incomplete runs, and publish reports from stored data.

# Enable store with a 7-day TTL
Invoke-TestimoX -StoreDir "C:\Data\TestimoX" -StoreTtl "7.00:00:00"

# Resume a partially completed run
Invoke-TestimoX -StoreDir "C:\Data\TestimoX" -RunId "2025-10-24T1300" -ResumeFromRun "2025-10-24T1300"

# Publish HTML from stored results without re-running rules
Invoke-TestimoX -PublishFromStore -StoreDir "C:\Data\TestimoX" -HtmlReportPath "C:\Reports\TestimoX-FromStore.html"

LDAP Preflight

Control LDAP connectivity validation before rule execution:

Invoke-TestimoX -Preflight Enforce
Invoke-TestimoX -Preflight Soft
Invoke-TestimoX -Preflight Off

JSON Configuration File

For repeatable runs, use run.json and execute it through the CLI or PowerShell host.

{
  "RuleNames": [
    "ForestRecycleBinAndLifetimes",
    "DomainPasswordPolicy"
  ],
  "Profile": "AdSecurityAssessment",
  "GenerateHtml": true,
  "HtmlReportPath": "C:\\Reports\\assessment.html",
  "JsonReportPath": "C:\\Reports\\assessment.json",
  "IncludeTags": [
    "Security"
  ],
  "Storage": {
    "Enabled": true,
    "Directory": "C:\\Data\\TestimoX",
    "Ttl": "7.00:00:00",
    "Policy": "ReadWrite"
  }
}

Run it with:

TestimoX.exe --config C:\Configs\run.json
Invoke-TestimoX -ConfigPath C:\Configs\run.json