This document will cover the various scan types that can be initiated in V4 and provide some helpful insight into troubleshooting common issues for failed scans.
...
V4 Scan Types - Table of Contents
Table of Contents | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
V4 Scan Types
SCAN DATA | Vulnerability | Asset Discovery | SNMP | Active Directory | Compliance | PII |
---|---|---|---|---|---|---|
SCAN TYPE | ||||||
Full | Yes | Yes | Yes | Yes | Yes | No |
Network | Yes | Yes | Yes | No | No | No |
Active Directory | Yes | Yes | No | Yes | No | No |
Firewall | Yes | No | No | No | No | No |
PII | No | No | No | No | No | Yes |
External | Yes | No | No | No | No | No |
Compliance | No | No | No | No | Yes | No |
Attack Surface Mapper | Yes | No | No | No | No | No |
Remote Install | ||||||
Validate Credential |
...
Full Scan (Probe Scan)
The Full Scan initiates Asset Discovery, Vulnerability, SNMP, Firewall, and Active Directory Scans using configured parameters under Discovery Settings and Credentials.
...
The following methods are used to communicate with assets:
Windows
It attempts to use the Admin SMB (Admin$) share to send a small executable called the Dissolvable Agent, which then runs on the remote machine to fetch the details. It probes the shares using standard SMB tools and does an NFS discovery to check any NFS shares.
Active Directory
It uses LDAP to query the users and groups from the Credentials provided during the AD setup in the AD/Master credentials. It runs PowerShell commands to figure out GPOs, Security Groups, and Memberships of the Groups.
Linux
It uses SSH credentials to log into the asset and determine what processes run using Linux commands.
Network Devices
It uses SNMP to discover the SysObjectID, look up the device's version, and query vulnerabilities for that version. It also connects to OEM APIs to get vulnerability details.
Active Directory Scan
To use this scan with your Probe agents, you need to configure the Active Directory Credentials associated with your Probe. If SMB is available, we use a dissolvable agent, creating PowerShell in memory to execute. If SMB is unavailable, we use LDAP directly without the PowerShell scripts.
Active Directory Scan Method
A vulnerability scan is performed on the computers detected during the Active Directory scan.
If any of the Active Directory computers have a Lightweight Agent installed, the asset will be skipped as it is being scanned by the Lightweight agent locally.
The scan utilizes NMAP device discovery on the remaining computers.
Active Directory Prerequisite
Enable Audit Events - To perform an Active Directory Audit on a Domain Controller, it is essential first to enable Audit Events. Once enabled, the ConnectSecure Scan Agent will read the Audit Events every 15 minutes and push those updates to your ConnectSecure portal.
...
AUDITPOL /SET /SUBCATEGORY:"Kerberos Authentication Service" /SUCCESS:ENABLE /FAILURE:ENABLE
Compliance Scan
A compliance scan can be initiated for Compliance types (such as CIS, HIPAA, PCI-DSS, NIST-800-53, NISt-800-171, CyberEssentials, Essential 8, GDPR) set under settings at the company level or global level. Compliance scans assess adherence to a specific compliance framework. Compliance scans are built to locate and assess flaws in system hardening configurations for a specific framework.
SNMP Scan
The ConnectSecure Scan Agent detects and scans SNMP-enabled devices. It reads the SNMP description using the defined SNMP Credentials (from the Probe) and initiates a vulnerability scan automatically for supported network devices.
Vulnerability Scan
This scan helps you identify vulnerabilities based on the installed application and/or security updates. It uses the SMB protocol for scanning purposes. Sometimes, you may need to provide the credentials and/or user privileges to scan an asset.
...
Supported Operating Systems for Vulnerability Scanning in V4
Ubuntu 22.04 LTS | Jammy Jellyfish |
Ubuntu 20.04 LTS | Focal Fossa |
Ubuntu 18.04 LTS | Bionic Beaver |
Ubuntu 16.04 LTS | Xenial Xerus |
Ubuntu 14.04 LTS | Trusty Tahr |
CENT OS | |
CentOS - 4 | |
CentOS - 5 | |
CentOS - 6 | |
CentOS - 7 | |
CentOS - 8 | |
REDHAT LINUX OS | |
RHEL 4 | Nahant |
RHEL 5 | Tikanga |
RHEL 6 | Santiago |
RHEL 7 | Maipo |
RHEL 8 | Ootpa |
DEBIAN OS | |
Debian 7 | Wheezy |
Debian 8 | Jessie |
Debian 9 | Stretch |
Debian 10 | Buster |
Debian 11 | Bullseye |
MAC OS | |
OS X 10.9 | Mavericks (Cabernet) |
OS X 10.10 | Yosemite (Syrah) |
OS X 10.11 | El Capitan (Gala) |
macOS 10.12 | Sierra (Fuji) |
macOS 10.13 | High Sierra (Lobo) |
macOS 10.14 | Mojave (Liberty) |
macOS 10.15 | Catalina (Jazz) |
macOS 11 | Big Sur (GoldenGate) |
macOS 12 | Monterey (Star) |
macOS 13 | Ventura |
macOS 14 | Sonoma |
Microsoft Windows OS | |
Windows 10 (64-bit) | |
Windows 11 (64-bit) | |
Windows Server 2012 (64-bit) | |
Windows Server 2012 R2 (64-bit) | |
Windows Server 2016 (64-bit) | |
Windows Server 2019 (64-bit) | |
Windows Server 2022 (64-bit) |
...
How To Initiate Scans in V4
Lightweight Agent Scans
The Lightweight Agent scan in V4 automatically runs every 15, 30, 60, 90, or 120 minutes, based on your LW Agent Scan Interval in the Global > Overview > Settings menu.
...