After Creating the first scan configuration of a Discovery Scanner, you can add new scan configurations as explained below.
To add a scanner configuration to a Discovery Scanner
- Log in as an administrator with the global_admin role.
- Go to Find > Discovery.
- In the content pane, click the checkbox of the Discovery Scanner for which you want to add a configuration.
- Click Configure.
- In the Configure dialog, click New.
- Configure the following scan settings.
- Click Save.
Scan Name
The name of the scan configuration.
Description
A brief description of the scan configuration.
Priority
If scans might overlap, this setting determines which scan (if any) should take precedence. Use this setting to avoid impacting the performance of other scheduled scans by over-stressing network bandwidth.
Priority | Scan execution |
|---|---|
Low | Only run if no high or normal priority scan is running. Thus, when starting a normal or high-priority scan, low-priority scans stop executing until the other, higher-priority scans finish. |
High | Always. Suspend any other normal or low-priority scans until they are complete. |
Normal | When no high-priority scan runs, any normal-priority scans can run simultaneously. |
Some configurations can prevent low-priority scans from running at all.
Custom Ports
The ports to run the certificate scan for every host listed in the Custom Hosts field. This field supports 255 characters in one of the following syntaxes.
- An individual port. For example 1443
- A comma-separated list of ports. For example 1400, 1443
- A port range. For example, 1400-1443
Please use a second scan if you require more space to specify ports.
The certificate scan will fail when providing invalid custom ports.
Custom Hosts
The hosts to scan for certificates. The value of this setting supports the following syntaxes.
Syntax | Example |
|---|---|
An individual hostname | |
An individual IP address | 192.51.100.20 |
A comma-separated list of IP addresses or hostnames | www.example.com,192.51.100.2 |
A range of IP addresses using CIDR notation | 192.51.100.0/24 |
A range of IP addresses, using a dash to separate the range | 192.51.100.0-24 |
Schedule / Run Frequency
Select:
- Manual to run the scans when manually triggered.
- Hourly, Daily, Weekly, Monthly, to run the scans periodically at the specified moment.
Advanced / Hosts to Exclude
List of the hosts excluded from the scan, in any of the following formats.
192.0.2.0-100192.0.2.0/24www.example.comwww.example.com/16Advanced / Resolve Hostnames
Configure the hostname resolution.
Option | Hostname resolution |
|---|---|
Always | Performs a reverse DNS lookup of the hostname before contacting each host. |
Never | Do not resolve hostnames. Select this option for better performance. |
Advanced / Check If Host's Alive First
Select whether to ping the hosts to check whether they are alive.
Option | Scanned hosts |
|---|---|
Check node before scan | Only the hosts that respond to an initial ping. |
Assume all hosts are alive | All hosts. The agent will attempt to perform scans on every host until the scan is successful or it times out. Select this option if the ping response is disabled in some hosts. |
Advanced / Host Order
Select the scan order.
Option | Scan order |
|---|---|
Normal | Order in which hosts appear in the list. |
Randomized | Random order. This option slows the scan rate but prevents false alarms triggered by intrusion detection systems. |
Advanced / Scan Rate
Select the rate of the queries executed by each scan to discover certificates.
Higher rates are resource-consuming and can trigger false alarms in intrusion detection systems.
Scan Rate | Initial scan delay (ms) | Max attempts to reach host port | Max time before sending another probe (ms) | Max scan delay (ms) |
|---|---|---|---|---|
Slowest | 300000 | 10 | 300000 | 300000 |
Slower | 15000 | 10 | 15000 | 15000 |
Slow | 400 | 10 | 10000 | 1000 |
Normal | 0 | 10 | 10000 | 1000 |
Aggressive | 0 | 6 | 1250 | 10 |
Very Aggressive | 0 | 2 | 300 | 5 |