Documentation Center
AlienVault® USM Appliance™

Why Do Vulnerability Scans Take So Long in USM Appliance?

Version: 5.3 and later
Deployment: All deployments

In AlienVault USM Appliance version 5.3, you may notice that vulnerability scans are taking longer than they did in the past. This was an intentional change to prevent performance problems that were occurring when scans were run. We have decreased the maximum number of assets that are scanned simultaneously, and the maximum number of checks that are simultaneously performed on each asset, to insure smooth operation while the vulnerability scan is running.

How long should it take to scan a /24 network? It is hard to make an exact estimate as the result depends on multiple factors, including:

  • The number of assets actually present on /24
  • The presence and actual ruleset of any firewalls on every asset in /24
  • The presence and number of services on every asset in /24
  • System load and network services responsiveness on every asset in /24

In most cases the timeout could fall somewhere between 2 and 3 hours. In worst case scenarios, it could take 4 to 6 hours, or even more.