Use an assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. scan to discover hostsReference to a computer on a network. and services in the deployed network. To accomplish this goal, the scanner sends crafted packetsTerm used when you are constructing your packets manually; might be used for fuzzying or testing protocols, as you can create exceptional situations that might be useful to evade IDSs or firewalls. They can also be used to fingerprint an asset, for vulnerability analysis, or scans. to the target asset and analyzes the responses. This is not an authenticated scanAuthenticated scans are performed from inside the machine using a user account with appropriate privileges.. You can run scans on individual assets.
Important: This option is available if the sensorSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. associated with the asset allows it or not.
Warning: You cannot scan USM Anywhere sensors.
To enable the Asset Scanner App
- Navigate to DATA SOURCES > SENSORS.
- Click on the sensor you want to enable the asset scanner app.
- Click the Asset Scanner tab.
- Click Enable.
The Sensors page displays.
Running Asset Scans from Assets
To run an asset scan from Assets
- Choose ENVIRONMENT > ASSETS
- Do one of the following options to open the Scan Asset popup window
Click the blue chevron icon () located next to the asset name you want to scan, select Full Details, and then click Actions > Asset Scan.
Click the blue chevron icon () located next to the asset name you want to scan and select Asset Scan.
Select the scan profile you want to run
- Discovery, for known ports and services. Scans the most used ports, which are 457 ports.
- Complete, for all TCP and UDPSimple transmission protocol that does not require recipient notification and uses datagrams for its messaging. UDP is part of the transport layer in the TCP/IP protocol. ports. Scans the possible ports in a deploymentEntire process involved in installation, configuration, startup, and testing of hardware and software in a specific environment., which are 65535 ports.
- Vulnerability Discovery, performs general network discovery and checks for specific known vulnerabilities. It only reports results if they are found.
- Extended Vulnerability Discovery, performs a VulnerabilityA known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security. Discovery scan which tries to actively discover more about the network.
- Intensive Vulnerability Discovery, performs several tasks to discover vulnerabilities using up a significant amount of resources on the targeted machine. Sensitive targets may perceive a brief disruption on their services.
Select the Set Debug Mode checkbox if you want to log the results of the scan. This option is disabled by default.
Note: Keep in mind that the Set Debug Mode option must be used only for debugging purposes because it needs disk space.
Important: Make sure the Asset Scanner app is Enabled. See Enabling the Asset Scanner App for further information.
Note: See Scheduling Asset Scans for further information about how to schedule an asset scan.
To run an asset scan when you are creating a new asset
- Navigate to ENVIRONMENT > ASSETS.
- Click Actions > Advanced to open the Create New Asset popup window.
- Select the option Scan the newly added asset for asset details.
- Click Save.
Important: The Asset Scan options are available only for VMware and Hyper-V sensors.
A green message displays at the top to inform you the scan has been launched and is running. When the scan is complete, the results will be visible in the tab Scan History of the asset details page. See Viewing Assets Details for further information.