USM Anywhere allows you to run a scan against assets included in an asset groupAsset groups are administratively created objects that group similar assets for specific purposes.. To accomplish this goal, the scanner sends crafted packetsTerm used when you are constructing your packets manually; might be used for fuzzying or testing protocols, as you can create exceptional situations that might be useful to evade IDSs or firewalls. They can also be used to fingerprint an asset, for vulnerability analysis, or scans. to the target asset group and analyzes the responses. This is not an authenticated scan.
Note: If you want to discover new assets you can run an asset discovery scan, see Running an Asset Discovery.
To run an asset group scan from Asset Groups
- Navigate to ENVIRONMENT > ASSET GROUPS.
Click the blue chevron icon () located next to the asset groupname you want to scan, select Full Details, and then click Actions > Asset Group Scan.
Click the blue chevron icon () located next to the asset groupname you want to scan and select Asset Group Scan to directly start the asset group scan.
The Scan Asset popup window displays.
Select the scan profile you want to run
- Discovery, for known ports and services. Scans the most used ports, which are 457 ports.
- Complete, for all TCP and UDPSimple transmission protocol that does not require recipient notification and uses datagrams for its messaging. UDP is part of the transport layer in the TCP/IP protocol. ports. Scans the possible ports in a deploymentEntire process involved in installation, configuration, startup, and testing of hardware and software in a specific environment., which are 65535 ports.
- Vulnerability Discovery, performs general network discovery and checks for specific known vulnerabilities. It only reports results if they are found.
- Extended Vulnerability Discovery, performs a VulnerabilityA known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security. Discovery scan which tries to actively discover more about the network.
- Intensive Vulnerability Discovery, performs several tasks to discover vulnerabilities using up a significant amount of resources on the targeted machine. Sensitive targets may perceive a brief disruption on their services.
Select the Set Debug Mode checkbox if you want to log the results of the scan. This option is disabled by default.
Note: Keep in mind that the Set Debug Mode option must be used only for debugging purposes because it needs disk space.
Note: See Scheduling Asset Group Scans for further information about how to schedule an asset group scan.
Asset Discovery finds and provides you visibility into the assetsAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. in your environments. You can discover all the IP-enabled devices on your network, determining what software and services are installed on them, how they’re configured, and active threats being executed against them.
To run an asset discovery from Settings
- Navigate to DATA SOURCES > SENSORS.
- Click on the sensorSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. you want to run an asset discovery.
- Click the Asset Discovery tab.
- Click Yes to scan the network. This step may be different depending on the sensor you have installed.
- Click Scan Another to start a new scan or click Next to continue with the following step.
- In the Asset
Groupsdetails page, click the Scan History tab in the table area to display the results of the scan. You can see the status of each scan and the details.
The Sensors page displays.
The Asset Discovery popup window displays.
Note: In AWSSuite of cloud computing services from Amazon that make up an on-demand computing platform. Sensors this option is not available because the instances are automatically set.