Use an asset An IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. scan to discover hosts Reference to a computer on a network. and services in the deployed network. To accomplish this goal, the scanner sends crafted packets Term used when you are constructing your packets manually; might be used for fuzzying or testing protocols, as you can create exceptional situations that might be useful to evade IDSs or firewalls. They can also be used to fingerprint an asset, for vulnerability analysis, or scans. to the target asset and analyzes the responses. This is not an authenticated scan Authenticated scans are performed from inside the machine using a user account with appropriate privileges.. You can run scans on individual assets.

The asset for which you are scanning must be visible by the sensor through the network. This means that both the sensor and the asset should be able to see each other through at least Layer 3 (network) protocols. If the sensor and the asset are in the same network segment (Layer 2), use Address Resolution Protocol (ARP) requests to discover the asset.

The USM Anywhere Sensor sends ARP, Internet Control Message Protocol (ICMP), and TCP requests to discover hosts on the network to which the sensor is connected. A new asset is created if the sensor receives an acknowledgment from any of the previously mentioned protocols.

Enabling the Asset Scanner App

To enable the Asset Scanner App

1. Go to Data Sources > Sensors to open the Sensors page.
2. Click the USM Anywhere Sensor for which you want to enable the asset scanner app.

3. Click the Asset Scanner tab.

   Note: This item is not available on Amazon Web Services (AWS) sensors.

4. Click Enable.

   

Running Asset Scans from Assets

To run an asset scan from Assets

1. Go to Environment > Assets.
2. Complete one of these options to open the Scan Asset dialog box:
• Next to the asset name that you want to scan, click the icon, select Full Details, and then select Actions > Asset Scan.
• Next to the asset name that you want to scan, click the icon, and then select Asset Scan.

The Asset Scan dialog box opens.



3. Select the scan profile that you want to run:

   • Discovery: This profile scans the known ports and services searching for the most-used ports. (There are 4571 This list is for information only. Scanned ports may be updated without notice: 1,7,9,13,19,21-23,25,37,42,49,53,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1494,1521,1530,1533,1581-1582,1604,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4322,4433,4444-4445,4659,4672,4679,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6050,6060,6070,6080,6101,6106,6112,6262,6379,6405,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8087,8090-8091,8095,8161,8180,8205,8222,8300,8303,8333,8400,8443-8444,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8999-9005,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10443,10616,10628,11000-11001,11099,11211,11234,11333,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32764,32913,33000,34205,34443,37718,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,50000-50004,50013,50050,50500-50504,52302,52869,55553,57772,62078,62514,65535 ports.)
   • Complete: This profile scans all TCP and UDP Simple transmission protocol that does not require recipient notification and uses datagrams for its messaging. UDP is part of the transport layer in the TCP/IP protocol. ports to find the possible ports in a deployment Entire process involved in installation, configuration, startup, and testing of hardware and software in a specific environment.. (There are 65535 ports.)
   • Vulnerability Discovery: Performs general network discovery and checks for specific known vulnerabilities. It only reports results if they are found.
   • Extended Vulnerability Discovery: Performs a Vulnerability A known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security. Discovery scan, which actively discovers more about the network.
   • Intensive Vulnerability Discovery: Performs several tasks to discover vulnerabilities, which uses a significant number of resources on the targeted machine. Because of this, sensitive targets may perceive a brief disruption on their services.

4. Select Set Debug Mode if you want to log the results of the scan or if you have a problem with a scan.

   This option is disabled by default.

   Note: The Set Debug Mode option must be used only for debugging purposes because it needs a large amount of disk space for the file or files that it generates. Only AT&T Cybersecurity Technical Support should review these files. You can contact this department for more information.

5. Click Scan.

6. In the Asset details page, click Scan History in the table area to display the results of the scan.

   You can see the status of each scan and the details. USM Anywhere also creates a system event named Asset Scanner Result with the same details.

Running Asset Scans When Creating a New Asset

To run an asset scan when you are creating a new asset

1. Go to Environment > Assets.
2. Select Actions > Advanced to open the Create New Asset dialog box.

See Adding Assets in the UI for more information.

3. The Scan the newly added asset for asset details field is selected by default. Use it for scanning the newly added asset.

   Important: The Asset Scan options are available only for the VMware Sensor and Hyper-V Sensor. USM Anywhere uses the Discovery profile to conduct the scans.

   

4. Click Save.

A message displays at the top of the page to inform you that the scan has been launched and is running. When the scan is complete, the results are visible in the tab Scan History of the asset details page. See Viewing Assets Details for more information.