|Version:||All versions before 5.3|
This topic discusses how to run vulnerability scans on large networks and best practices when doing so. Breaking up a large network is not needed if you are running AlienVault USM Appliance version 5.3 or later.
Attempting to run a vulnerability scan on a very large network in a single scan job is not advisable, because vulnerability scans can consume large amounts of system resources and reduce overall system performance.
Best practice is to divide a large network into smaller segments for the purpose of the scan. This will ensure more rapid results as a scan on a smaller network segment will finish far more quickly than a scan on a larger segment.
This will also reduce the load placed on system resources thus ensuring optimum performance and responsiveness at all times.
If you wish to run a vulnerability scan on a large network such as 10.10.0.0/16, it is advisable to segment this network into smaller subnets for scanning purposes.
A suggested breakdown of this network would be the following:
This effectively breaks down a large /16 network into 16 smaller /20 networks for more effective and efficient scanning.
Now that the network has been segmented you can schedule Vulnerability Scan Jobs as normal using the network addresses above.
To create a new vulnerability scan
- Go to Environment > Vulnerabilities > Scan Jobs > New Scan Job.
- Define Job Name, Sensor, Profile, Schedule Method and Advanced settings as required.
- When defining which networks to scan, you should enter the network address manually in the search box.
- In this case use the CIDR notation like in the example above.
- Once you have finished entering the network you wish to scan, select NEW JOB to create the scan.
- Repeat for each subnet in the segmented network that you wish to scan.