Documentation Center
AlienVault® USM Anywhere™

Running Active Directory Scans

  Role Availability   Read-Only   Analyst   Manager

To effectively manage your Windows systems, USM Anywhere can perform scans through an AD (Active Directory)Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks. server to collect inventory information. When you configure your VMware sensor, Hyper-V sensor, or Azure sensor, you can define AD credentials that USM Anywhere can use to perform Active Directory scans through the Sensor.

When you configure these credentials for the Sensor, USM Anywhere performs an initial Active Directory asset scan. You can also schedule a job to perform scans through the Active Directory Scanner app and collect updated information about the assets managed by your AD server. The scan returns information for each computer in the AD domain in the following format:

Name : WIN2K12-DC

DistinguishedName : CN=WIN2K12-DC,OU=Domain

Controllers,DC=ECORP,DC=local

DNSHostName : WIN2K12-DC.ECORP.local

OperatingSystem : Windows Server 2012 R2 Standard

OperatingSystemServicePack :

OperatingSystemVersion : 6.3 (9600)

IPv4Address : 10.20.30.15

For information about configuring the AD server to allow access from USM Anywhere, see Granting Access to Active Directory for USM Anywhere.

To schedule an Active Directory Scan job

  1. Go to SETTINGS > SCHEDULER.
  2. In the left navigation list, click Asset Scans.
  3. On the right side of the page, click Create Scan Job.

    Click Create Scan Job to define a scheduled job for an Active Directory scan

    This opens the Schedule New Job dialog.

  4. Enter the Name and Description for the job.

    The description is optional, but it is a best practice to provide this information so that others can easily understand what it does.

  5. Use the Select App option to select Active Directory Scanner.

    This sets the App Action option to Get Active Directory Information.

    Select the Active DirectoryScanner app action to define a scheduled AD scan job

  6. If you have more than one deployed USM Anywhere Sensor, set the Select Sensor option to the Sensor that you want to use to run the scan.

    This should be the Sensor that is associated with the asset that you want to specify as the target.

  7. Specify the Asset that you want to use as a target for the action.

    You can start typing the name or IP address of the asset in the field to display matching items that you can select. Or you can click the Browse Assets link to open the Select Asset dialog and browse the asset list to make your selection.

  8. Set the Schedule to specify when USM Anywhere runs the job.

    First, choose the increment as Hour, Day, Week, Month, or Year. Next, set the interval options for the increment. The selected increment determines the available options.

    For example, on a weekly increment you can select the days of the week to run the job.

    Set the schedule for the job to run each week

    Or, on a monthly increment you can specify a date or a day of the week that occurs within the month.

    Set the schedule for the job to run each month

    To finish, set the Start time. This is the time that the job starts at the specified interval. It uses the time zone configured for your USM Anywhere instance (default is UTC).

  9. Click Save.