Performance settings for PCI scans

High - Optimized for speed and shorter scan times. Recommended only when scanning a single IP or a small number of IPs. Faster to complete but may overload your network or networking devices. Scanning a host with limited resources may result in an unresponsive host or service.

Normal - Recommended as best practice in most cases. Well balanced between intensity and speed.

Low - Optimized for low bandwidth network connections and highly utilized networks. Recommended if responsiveness for individual hosts and services is low. Scans may take longer to complete.

This setting can be useful in subscriptions which have physical and virtual scanner appliances with different performance characteristics (e.g., CPU, RAM).  When enabled, we will dynamically scale up the "Hosts to Scan in Parallel" setting (at scan time) to a calculated value which is based upon the computing resources available on each appliance. Note that the "Hosts to Scan in Parallel" value determines how many hosts each appliance will target concurrently, not how many appliances will be used for the scan.

Different physical scanner appliance models have different scaling factors based on the hardware configuration, and virtual appliance scaling factors are dynamically calculated based upon the allocated virtual CPU, RAM, etc.

Users are cautioned that a potential side-effect of enabling the parallel scaling feature is that most or all of the available scanning capacity on your appliances may be dynamically utilized by that single scan job, in which case the appliance(s) will not pick up a second scan job until the first has fully completed.

Set the maximum number of hosts to scan at the same time per scan task. You can set different values for the external scanners and your scanner appliances. The Hosts to Scan in Parallel setting may have an impact on your network bandwidth and performance of routers, switches and firewalls. This setting does not affect responsiveness for individual hosts and services. If the impact on your network is too great, you may want to decrease the value.

Note that launching several concurrent scans on the same scanner appliance has a multiplying effect on bandwidth usage and may exceed available scanner resources. If you do not have scanner appliances, then disregard the Scanner Appliance setting.

Set the maximum number of processes to run at the same time per host and the maximum number of HTTP processes to run at the same time. Note that the total number of processes includes the HTTP processes.

The HTTP Processes setting determines how aggressively the scanning engine scans your web servers. Lower the number of HTTP processes if your web servers cannot handle many HTTP requests sent to them in a short period of time. You may also want to lower this setting to scan devices with multiple web server ports or embedded devices with limited resources. The number of HTTP processes cannot be higher than the total number of processes.

This is the delay between groups of packets sent to each scanned host. A short delay means that packets are sent more frequently. A long delay means that packets are sent less frequently. The packet delay is set in seconds, ranging approximately from 0 to 4 seconds. Each performance level has been assigned a delay time appropriate for the performance level.

This setting determines the aggressiveness (parallelism) of port scanning and host discovery at the port level. Lowering the intensity level has the effect of serializing port scanning and host discovery. This is useful for certain network conditions like cascading firewalls and lower scan prioritization on the network.

Port scanning and host discovery are the phases of a scan which tend to place the highest burden on firewall state tables. If you are scanning through a firewall it's recommended you reduce the intensity level. Unauthenticated scans see more of a performance difference using this option.