Documentation Center
AlienVault® USM Anywhere™

Running Asset Scans

  Role Availability   Read-Only   Analyst   Manager

Use an assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. scan to discover hostsReference to a computer on a network. and services in the deployed network. To accomplish this goal, the scanner sends crafted packetsTerm used when you are constructing your packets manually; might be used for fuzzying or testing protocols, as you can create exceptional situations that might be useful to evade IDSs or firewalls. They can also be used to fingerprint an asset, for vulnerability analysis, or scans. to the target asset and analyzes the responses. This is not an authenticated scanAuthenticated scans are performed from inside the machine using a user account with appropriate privileges.. You can run scans on individual assets.

Important: This option is available if the sensorSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. associated with the asset allows it or not.

Warning: You cannot scan USM Anywhere sensors.

Enabling the Asset Scanner App

To enable the Asset Scanner App

  1. Go to Data Sources > Sensors to open the Sensors page.
  2. Click the USM Anywhere Sensor for which you want to enable the asset scanner app.
  3. Click the Asset Scanner tab.
  4. Click Enable.

Running Asset Scans from Assets

To run an asset scan from Assets

  1. Go to Environment > Assets.
  2. Complete one of these options to open the Scan Asset popup window:
    • Next to the asset name that you want to scan, click the icon , select Full Details, and then select Actions > Asset Scan.

      or

    • Next to the asset name that you want to scan, click the icon that you want to scan and select Asset Scan.
  3. Select the scan profile that you want to run:

    If you want to log the results of the scan, select Set Debug Mode. This option is disabled by default.

    Note: Keep in mind that the Set Debug Mode option must be used only for debugging purposes because it needs disk space.

  4. Click Scan.
  5. In the Asset details page, click Scan History in the table area to display the results of the scan. You can see the status of each scan and the details.

Important: Make sure the Asset Scanner app is Enabled. See Enabling the Asset Scanner App for more information.

Note: See Scheduling Asset Scans for more information about how to schedule an asset scan.

Running Asset Scans when you are creating a new asset

To run an asset scan when you are creating a new asset

  1. Go to Environment > Assets.
  2. Select Actions > Advanced to open the Create New Asset popup window.
  3. Select the option Scan the newly added asset for asset details.
  4. Important: The Asset Scan options are available only for VMware and Hyper-V sensors.

    Create New Asset: Scan the newly added asset for asset details

  5. Click Save.
  6. A green message displays in the upper side of the page to inform you the scan has been launched and is running. When the scan is complete, the results will be visible in the tab Scan History of the asset details page. See Viewing Assets Details for more information.