Documentation Center
AlienVault® USM Appliance™

Running Vulnerability Scans on Large Networks

Version: All versions before 5.3
Deployment: All deployments

This topic discusses how to run vulnerability scans on large networks and best practices when doing so. Breaking up a large network is not needed if you are running AlienVault USM Appliance version 5.3 or later.

Best Practices

Attempting to run a vulnerability scan on a very large network in a single scan job is not advisable, because vulnerability scans can consume large amounts of system resources and reduce overall system performance.

Best practice is to divide a large network into smaller segments for the purpose of the scan. This will ensure more rapid results as a scan on a smaller network segment will finish far more quickly than a scan on a larger segment.

This will also reduce the load placed on system resources thus ensuring optimum performance and responsiveness at all times.


If you wish to run a vulnerability scan on a large network such as, it is advisable to segment this network into smaller subnets for scanning purposes.

A suggested breakdown of this network would be the following:

This effectively breaks down a large /16 network into 16 smaller /20 networks for more effective and efficient scanning.

Now that the network has been segmented you can schedule Vulnerability Scan Jobs as normal using the network addresses above.

To create a new vulnerability scan

  1. Go to Environment > Vulnerabilities > Scan Jobs > New Scan Job.
  2. Define Job Name, Sensor, Profile, Schedule Method and Advanced settings as required.
  3. When defining which networks to scan, you should enter the network address manually in the search box.
  4. In this case use the CIDR notation like in the example above.
  5. Once you have finished entering the network you wish to scan, select NEW JOB to create the scan.
  6. Repeat for each subnet in the segmented network that you wish to scan.