Views:

Configure network vulnerability scans to scan target network assets on a specified network segment with no agent deployment required.

Important
Important
This is a "Pre-release" feature and is not considered an official release. Please review the Pre-release disclaimer before using the feature.
To configure scans in Network Vulnerability Scanner, you need:
  • A deployed Service Gateway virtual appliance with the Network Vulnerability Scanner service version 1.1.0 or later installed
  • IP addresses or FQDNs for the target network segment for vulnerability and discovery scans or target assets for external attack surface scans
  • Authentication credentials for the target network assets for vulnerability scans
Available scan templates include:
    • Identifies live hosts, open ports, and basic system information within a network segment
    • Helps security teams map out their organization’s attack surface within the network and understand what assets are connected
    • Has a low impact on system resources
    • Does not require credentials
    • Conducts a deep security assessment by logging into network devices using valid credentials
    • Identifies vulnerabilities that require authenticated access, such as missing patches, user permission issues, misconfigurations, and outdated applications
    • Requires credentials such as SSH authentication private keys or passwords
    • Detects unexpected exposures and other vulnerabilities in internet-facing assets
    • Helps organizations understand their security posture from an external attacker's view
    • Focuses on public IPs, domains, and subdomains
    • Identifies misconfigurations, outdated software, and leaked services
Results from scans can be downloaded from Scan reports or viewed and managed in asset profile screens in Attack Surface Discovery or on risk event lists in Threat and Exposure Management.