Scan for Vulnerabilities

Scan your systems for known vulnerabilities and understand your security risk. By automating your scans you'll get up to date security intelligence in real time.

Let’s launch a vulnerability scan

Go to VM/VMDR > Scans > Scans > New > Scan (or Schedule Scan).

Click here for help with scheduling

 

 

New Scan menu option

Choose your scan settings.

(1) We provide an option profile to get you started but you can also customize a profile to meet your exact needs - like tell us the ports to scan, QIDs to scan and whether to use authentication. Learn more

(2) If you've installed appliances there are a few options available for your convenience. You can pick one or more appliances from the list (use the Build my list option), or distribute your scan across all scanners in your asset groups, network or tagset, if applicable. Learn more

External scanners are always available to scan your perimeter.

 

VM scan settings: option profile and scanner appliance

Identify your scan target.

(3) Click Assets to select a combination of asset groups and IP addresses to scan.

Note

You can also launch vulnerability scans on Fully Qualified Domain Names (FQDNs). This option is not enabled for your subscription by default. A Manager user can enable this feature by going to Scans > Setup > DNS Tracking and checking the “Enable DNS Tracking for hosts” option.

When defining the scan target you’ll enter FQDNs in the new FQDN input field. FQDN input field supports maximum 4000 characters. FQDNs can be entered in combination with asset groups and IPs/ranges but not with asset tags.

The scanned FQDN must resolve to an IP address in your VM account to successfully scan it and view the results. Scan Result report shows the FQDN information in the Report Summary section.

- OR -

(4) Click Tags to select one or more asset tags to scan.

Use IP Network Range Tags Include - This option lets you scan all IPs defined in a tag with the IP address tag rule even if the IPs don't already have the tag assigned to them. We'll apply the tag to each IP that doesn't already have it.

Use IP Network Range Tags Exclude - This option lets you exclude all IPs defined in a tag with the IP address tag rule.

You can include or exclude hosts having certain tags. Simply, click Add Tag and select tags to include or exclude in the scan.

That's it - just click Launch and you're done!

Learn more about Hosts with Cloud Agents

VM scan settings: choose Assets under Target Hosts
 
VM scan settings: choose Tags under Target Hosts
 

You’ll see your scan in the scans list.

Scan Finished, Results Processed Icon - Results are processed and available in your account

Scan Finished, Results Not Processed Icon - Scan is completed but the results are not processed. Go to Filters > Processing Tasks to see the status.

Scans list with scan status

Create Vulnerability Reports

Go to Reports > Reports > New.

Several reports are available - Patch Reports, Scorecard Reports, High Severity Report, Executive Report, PCI Reports, etc. You can also create custom reports by creating your own report templates.

The different reports provide different views of your data. You can download reports in multiple formats (html, pdf, csv, xml etc).

Learn more about reporting

 

New Reports menu

Check out your Asset Inventory

Choose AssetView from the app picker.

AssetView (AV) provides a fresh new way to search for assets, tag assets, and view all asset information in one place.

Sample search query in AssetView

 

Interested in more scanning capabilities?
Amazon EC2 Scanning | IPv6 Scanning | Scan by Hostname | Agentless Tracking | Windows Share Enumeration | Password Brute Forcing | Authoritative Scan Option | Scan OVAL Vulnerabilities | CertView Scans | Client Scans (Consultant User)