Setting scope in Legion
When you create a task, the wizard asks for a target scope. This is the IP address, IP range, or domain you are authorized to test. The scope appears on your report cover and the AI Operator uses it to stay inside the agreed target. It does not block you from running tools manually against other targets, so it is your responsibility to stay within bounds.
Be as specific as your authorization allows. If you are authorized to test a single host, scope to that host. If you have a subnet, use the subnet. Do not set a broad scope to cover targets you were not explicitly authorized to include.
Rules of engagement
On a formal client engagement, your rules of engagement document defines what is in scope, which testing methods are permitted, the testing window, any systems that are explicitly off-limits, and who to contact if something goes wrong. Keep that document open while you work.
If you are working on a bug bounty program, the program policy on the platform is your rules of engagement. Read it carefully before starting. Most programs define specific subdomains or IP ranges that are in scope and explicitly exclude others.