|
Tell me about the Global EC2 Network and Global Azure Network |
|
|
|
Managers can create networks by going to Assets > Networks > New > Network. Give the network a name and assign it one or more scanner appliances.
The Network Support feature must be turned for your subscription. Contact Support or your account manager to get this feature.
The Global Default Network is used to scan assets that do not belong to custom networks. Initially, when we turn on Network Support for your account, scan configurations will be assigned to the Global Default Network. You can change the network for an appliance and schedule but not for an asset group. Want to scan your network perimeter? You'll need to choose the Global Default Network.
Global EC2 Network: All the assets that are detected by the Amazon Web Services (AWS) EC2 connector and that do not belong to custom networks are assigned to The Global EC2 Network. The Global EC2 Network is the default network that gets automatically assigned for all such assets. After the asset is scanned, the network assignment of EC2 asset is dependent on the network in which scanner is placed.
Global Azure Network: All the assets that are detected by the Microsoft Azure connector and that do not belong to custom networks are assigned to Global Azure Network. The Global Azure Network is the default network that gets automatically assigned for all such assets. After the asset is scanned, the network assignment of Azure asset is dependent on the network in which scanner is placed.
Yes, but you need to select an internal or an external scanner, depending on the type of targets in your network, when you launch a scan.
Yes, Managers can delete networks. Go to Assets > Networks, identify the network you want to delete, and select Delete from the Quick Actions menu. We'll provide you with a Conflict Report when the network has data associated with it like assets, schedules and scanner appliances. Review the report for all the details.
After deleting a network, activity in the background takes approximately an hour to complete the database update successfully. Hence, wait for an hour after deletion to create a new network.
Create new asset groups and select a network for each asset group. Each asset group can be associated with only one network. Once the asset group is saved, you cannot change its network assignment.
Edit the user’s business unit and assign the business unit an asset group associated with the network. Make sure the asset group has a network scanner appliance.
Edit the user’s account and assign the user an asset group associated with the network. Make sure the asset group has a network scanner appliance when assigning it to a Scanner user, otherwise the user won’t be able to scan the IPs within the network even if assigned those IPs.
Go to Assets > Networks. You'll see all the networks that you have access to.
Managers and Auditors have permission to scan this network. Unit Managers and Scanners must be assigned at least one asset group associated with the Global Default Network in order to scan the Global Default Network.
Managers and Auditors can scan any custom network as long as the network has a scanner appliance assigned to it. If the network doesn't have an appliance then it cannot be scanned.
Unit Managers have permission to scan custom networks that they have access to. The user's business unit must be assigned at least one asset group associated with the network, and the asset group must have a network scanner appliance.
Scanners have permission to scan custom networks that they have access to. The user must be assigned at least one asset group associated with the network, and the asset group must have a network scanner appliance. You can scan your public facing targets in the custom network using external scanner appliances.
Show me a sample use caseShow me a sample use case
Let's say "Jake" wants to create a custom network and give "Suzy" the ability to scan it. Jake is a Manager and Suzy is a Scanner.
1 - Jake creates a network called NetworkA. He assigns it an appliance called AppA.
2 - Jake creates an asset group called GroupA. He associates this group with NetworkA, gives it a range of IPs and gives it the scanner appliance AppA.
3 - Jake edits Suzy's user account and assigns her GroupA. By assigning her this group, Suzy now has access to the network, she has permission to scan the IPs in the group, and she has permission to use the scanner appliance AppA. She can now scan NetworkA using the appliance AppA.
4 - To also give Suzy the ability to launch external scans, Jake assigns Suzy an asset group associated with the Global Default Network.
You'll notice that all IPs in your account will be listed for every network on the Host Assets list. There you can expand a network to get host information for any IP. It's only after a host has been scanned that you'll see host scan data in the host information.