Scans
Click here to view navigation pane

Scans

Give the scan a title

Enter a title for easy identification.

Select a network

Select the network you want to scan. You can scan one network at a time.

Choose the Client

Select the client for which you want the scan. All the clients that you've added are auto-populated in the list. You can select only one client in a scan.

Choose scan options

The profile you choose determines the scan settings that will be used like which ports to scan, which QIDs to scan and whether to use host authentication.

For an external PCI scan, use a PCI option profile like "Payment Card Industry (PCI) Options". For an internal PCI scan, use "Initial Options" or a profile that you've created.

Choose scan options

The profile you choose determines the scan settings that will be used like which ports to scan, which controls to scan, and whether you want to perform specialized scan tests like file integrity monitoring, password auditing or windows share enumeration.

Choose scan options

OT Device Scan option is provided for the safe active scan. It is a protocol-oriented scan that fetches identity-related attributes.

Following Option Profiles are supported for OT device scan. Bacnet with UDP, DNP3 with TCP, Ethernet IP with TCP, Ethernet IP with UDP, Modbus with TCP, S7COMM with TCP, SMB with TCP,  SSH with TCP.

Choose a priority level

Set priority in order to have this scan processed ahead of other scans. You can choose from nine priority levels with the highest priority being 1 - Emergency and the lowest priority being 9 - Low. Scans with no priority will be processed after scans with priority.

Choose a scanner appliance

Scanning perimeter IPs? Select External to use our cloud scanners.

Scanning an internal network? Select one or more scanner appliances - physical or virtual. Choose "Build my list" to select multiple appliances.

Will you target asset groups? If yes, you also have these options - Default (we'll use the default scanner appliance in each asset group) or All Scanners in Asset Group (we'll use all the appliances in each asset group).

Will you target asset tags? If yes, choose All Scanners in TagSet to use scanner appliances with the same tags. For example, scan hosts with the tag USA using appliances with the tag USA. The tags you choose in the scan target must be IP Network Range tags (tags defined with IP address rules). All other tags will be ignored. Also, each tag you specify in the target must be assigned to at least one scanner appliance.

Choose a scanner appliance

Scanning perimeter IPs? Select External to use our cloud scanners.

Scanning an internal network? Select one or more scanner appliances with SCAP scanning enabled. Choose "Build my list" to select multiple appliances.

Not sure how to enable SCAP for an appliance? Go to Scans > Appliances and edit the appliance settings.

Will you choose target hosts from asset groups? If yes, you also have these options - Default (we'll use the default scanner appliance in each asset group) or All Scanners in Asset Group (we'll use all the appliances in each asset group). Make sure they all have SCAP scanning enabled.

Choose a SCAP policy

Select the SCAP policy that you want to evaluate hosts against. Managers and Auditors can create SCAP policies.

Select IPs to scan

Select a combination of asset groups and IPs/ranges to scan. When you enter asset groups, we'll scan all the IPs in the asset groups.

Exclude hosts from this scan

We won't send any scanning traffic, including ICMP, TCP and UDP probes, to hosts that are excluded. Use commas to separate multiple IPs and IP ranges.

Select tags to scan

Add tags to specify the hosts to be scanned. To find a tag in the tag selector, begin typing the tag name in the Search field. Click a tag to select it, then click outside the tree to add the selected tags. Want to exclude hosts from the scan? Add tags to the "Do not include" section.

Select All to include hosts that match all of the tags listed. Select Any to include hosts that match at least one of the tags listed.

Scan IP ranges using asset tags

Select this option to scan all of the IPs defined in a tag rule even if they don't already have the tag assigned. We'll apply the tag to each host that isn't already tagged.

Example: Let's say you have a tag called My Network with the IP range 172.31.254.0-172.31.254.25. You've scanned IPs 172.31.254.10 and 172.31.254.20 before and so these hosts have the My Network tag assigned. The other IPs in the range do not have the tag. If you select "Use IP Network Range tags", the entire IP range will be scanned and hosts will be tagged. If you don't select it, only the 2 hosts that already have the tag will be scanned.

Temporarily add agent addresses

You will need to select this option if your scan target includes agents that may have acquired IPs not in your subscription. Without this option the scan will not execute and will generate an error due to the addresses not being in your subscription. This option temporarily adds the IP addresses of any agents in your target to your subscription for this scan only. Cannot be used with the External scanner option.

Temporarily add agent addresses

You will need to select this option if your scan target includes agents that may have acquired IPs not in your subscription. Without this option the scan will not execute and will generate an error due to the addresses not being in your subscription. This option temporarily adds the IP addresses of any agents in your target to your subscription for this scan only. Cannot be used with the External scanner option.

Send email notifications

Tell us who should be notified when this scan is finished, and enter a custom email message.