Schedule Scans

Scans are run on a set schedule and are conducted to identify any risk exposures and exploitable attack points across your organization's network.

Scan Types

  • Host discovery scans - Configures the scanner to perform asset discovery. This scan simply and easily sweeps the target networks for live assets.

  • Agent scanning - Agents are installed on endpoints and scan from anywhere with connectivity by automatically detect host changes and send them in near real-time to Fortra VM.

  • Internal network scanning - Checks internal assets for vulnerabilities and firewall issues that leaves it susceptible to an attack from and internal source.

    • Authenticated scan - Obtains accurate vulnerability information on covered devices by authenticating to scanned devices through provided credentials to obtain detailed information specific to the OS, software, configuration, and missing security patches.

  • External network scanning - A vulnerability scan performed from outside the host and network. Designed to mimic actions of an external attacker.

  • Penetration testing - An ethical hacking service that helps organizations identify and validate critical vulnerabilities in their environment.

  • PCI scans - For details, see Fortra PCI Service.

Schedule Scans

For new client accounts, we recommend starting with a host discovery scan to ensure targets are being found by the scanner and that the device count is accurate.

  1. From the navigation menu, select Scans > Scan Activity.

  2. Select +New Scan from the top right of the page.

  3. In Scan name field, choose an appropriate scan name. An example would be "Host Discovery Internal."

  4. In the Policy Options area under Scan Policy, select Host Discovery.

  5. If scheduling the scan for a future time, change the Start scan on to the appropriate settings for the client.

  6. Toggle Add to Active View to OFF. This ensures Active View only contains relevant results when the full vulnerability scans are performed.

  7. In Scan Targets, select the asset group which contains the relevant internal IP addresses.

  8. Select Create and run.

  9. Repeat steps 2-8 for the client's external asset group.

Once both scans have completed their run, you should see them listed in the Scan Activity page. There should be a green bar to the right that reads Completed. Based on the total number of IPs being targeted, the scan times can vary. See What is the difference in scan speeds? for more information.

Under average circumstances, follow up about 24 hours after initializing scans. If the host discovery scans returned the expected number of targets, proceed with creating full vulnerability assessment scans and scheduling them to recur based on client needs. See Create and Run Scans for a full guide.

If the number of targets is lower than expected, see Scan not returning the expected number of assets.

If the number of targets is higher than expected:

  1. Check the asset group for accuracy.

  2. Check the scan results. If there is a large number of hosts with unknown operating system in the results, consider running another host discovery with ICMP only asset detection. See Ghost Hosts for more information.

  3. Discuss the contracted device count with the client.

Vulnerability assessment scans can be set up in a variety of ways. For simplest usage, we recommend setting up 2 recurring scans: a full internal network assessment and a full external network assessment. Below is an example of the set-up for a Quarterly Internal Vulnerability Assessment (IVA).

  1. From the navigation menu, select Scans > Scan Activity.

  2. Select +New Scan from the top right of the page.

  3. In Scan name, choose an appropriate scan name (for example, Quarterly IVA).

  4. Set the Repeat toggle to ON and edit the recurrence schedule to the appropriate settings for the client. In this example, the scan recurs quarterly.

  5. If automatic generation of reports is desired, set the Auto-Generate Reports toggle to ON. You can then select any other desired settings for the report generation.

  6. In the Scan Targets section, select the asset group which contains the relevant IP addresses or hostnames. In this example, the Full Internal Network asset group is selected.

  7. Select Create and run.

Scanning can be optimized for internal assets, external assets or both.

See Create and Run Scans for more information.