Table of Contents | ||||
---|---|---|---|---|
|
Info |
---|
External Scan - Now CyberCNS helps with deep external scan with an ability to customise the port selection. |
At the Company Level, navigate to the External Scan to create your own profile.
...
An external vulnerability scan is a scan that is conducted from outside of the network. These scans target WAN IP addresses, scanning perimeter defences like websites, web applications, and network firewalls for weaknesses. CyberCNS provides external scans with configurable profiles so that you have control over the depth of the scan that needs to be performed. |
Info |
---|
In order for the external scan to work the IP and hostname will be scanned from the following IP Addresses based on the region. Your region is the suffix on your portal URL. E.g. If your URL is portaluseast2.mycybercns.com then your region is useast2. The IPs are as listed below. |
Region | Originating IP Address for External Scan |
---|---|
USWEST2 | 44.231.123.15 |
EUCENTRAL1 | 35.158.55.215 |
EUWEST2 | 13.41.172.255 |
APSOUTHEAST2 | 54.206.202.191 |
USEAST2 | 3.22.165.174 |
Running External Scans using CyberCNS
Choose a company for which you need to run a scan, and navigate to External Scan to create a profile.
Profiles
Users can create different profiles based on the requirement and attach them to assets to be scanned for external scans.
In the profile sections, you can create your own profiles and can add these profiles in the Configurations section.
There are three Default Profiles, those that are
🔹 Quick Scan: This covers the top 1000 ports defined by IANA, which covers up to 65% risk profile.
...
🔹 Deep Scan: This will scan all 65535 ports, this can take 10 minutes to hours.
Info |
---|
CyberCNS uses Connect Scan protocol for default profiles. |
If you want to create your own Custom Profiles click on +Add.
...
🔹 IP Range: Discovery Type selected as IP Range, then please provide the Start IP and End IP of the range selected.
...
The created profile can be chosen here if required, if not can select the Scan profile.
...
Enter the secure Ignore ports for the required IP address. Once you add the "ignore ports" option, CyberCNS will no longer generate alerts, even if the port is open
To enter add multiple ports, press the enter key or enter a comma before adding the next port.
...
enter a port and press comma or press enter to add.
...
Once all the details are provided, click on Save.
Can select Select the checkbox in case need to exclude the IP from scanning.
...
of Exclude from scanning in case an IP exclusion is required.
...
Select the Scan Later option, to save the credentials and scan later.
...
Ports that have been added as Ignore ports will not be considered for alerts.
If any ignored port has been added and it contains vulnerabilities, those vulnerabilities will contribute to the calculated risk score and will not be ignored.
If the IP has been discovered with four open ports if we add all four discovered ports as ignored ports added as 20, and 8080 contributes to the calculated risk score will be low.
If four ports are discovered if the two ports are ignored the risk score will remain the same, if we add all the discovered ports contribute to the calculated risk score will be low.
...
The external scan result will be the same as before.
...
In general, when you designate a specific port as an ignored port, such as port 443, it means that alerts will not be triggered specifically for that port. Instead, alerts will only be generated for the remaining open port, such as port 80. This allows you to focus on monitoring and receiving alerts for the designated open port while disregarding alerts for the ignored port.
...
In general, if you designate port 443 as the ignored port in the configuration, the alerts for that port will not be received. However, if you edit the configuration to make port 22 secure and initiate a scan for old results only, the status for that port will show as closed. Conversely, if you remove port 22 from the secure list and initiate the scan again, a new entry will be created in the old alerts list with the status set as open until the port is removed from the ignore ports.
...
To start the scan, select the checkbox to Scan the added IP and then click on Scan Now under Global Actions, or under the Action select the option as Scan Now.
...
Click on Upload Bulk IP CSV File.
...
Click on Upload to upload bulk in CSV file format. You can make use of a sample CSV file to upload the correct format data.
...
There is an option to Edit or Delete the Discovery Type using the Action column. Any Discovery Type can be edited or deleted if needed.
...
Click on Delete to delete the External Scan Endpoints under configuration, and it will prompt if to delete External Scan History associated with the provided configuration.
...
Please select if the associated data to be deleted.
...
Jobs
Info |
---|
All the jobs for the external scan will be shown in the Jobs tab. This will list all jobs which were initiated and with their include the information like Job status. |
When the scan begins, navigate to the Jobs section to check the Job Completion.
...
.
...
At the company level.
External scan tags fall under the scheduler as well, only the selected tagged assets will trigger scan in the external scan.
Excluded tags will not trigger the scan.
Excluded IPs also will not trigger the scan if we add the tag of the excluded IP.
Multiple tags can be considered while the scan.
Info |
---|
Created, JOB ID, Scheduler Name, and Last Discovered are few additional columns which can be helpful. These columns can be selected to be displayed and these are not seen in the default view. |
...
At the global level
The selected tag/s will trigger for all the companies where the tag matches the external scan.
Results
Info |
---|
All the Results for the external scan are shown in the Results tab. |
Once the scan is completed, navigate to the Results section, to view the details of the added IP.
...
For the added IP can get the details based on the Selected profile.
...
Click on status here are the tow status Active and Deprecated.
...
The Asset Active days and Timings in the Updated column in External Scan results
...
The Asset detection days to deprecate the external scan results. The updated column records will give the day and time when they entered the deprecated state. Once the 'updated' column is subsequently timestamped with the latest scan time, the result moves back to the active state.
...
Multiple Results can be Deleted and get the Details if chosen usingthe Actions menuas shown below.
...
Configuration Deleted information can be easily checked under results using the additional column available. Click on the columns button and select the Configuration Deleted.
...
Information such as Ports Scan, Protocol Scan, Service Detections, OverAll Grade, Open Ports, Vulnerabilities, and Operating System Details will be displayed.
...
Choose the Service Detections as required and click on Save.
...
Select the Discovery Type as required and the created profile can be chosen here if required, if not can select the Scan profile.
Once all the details are provided, click on Save.
In case of exclusion of certain IP/IPs from scanning, select the checkbox of “Exclude from scanning”.
...
To start the scan, select the checkbox for the added IP and use Global Actions OR under the Action column select the option to Scan Now.
There is an option to Edit or Delete the Discovery Type using the Action column. Any Discovery Type can be edited or deleted if needed.
...
Info |
---|
All the jobs for the external scan will be shown in the Jobs tab. The list of jobs which are initiated are shown with their status. |
When the scan begins, navigate to the Jobs section to check the Job Completion.
...
Info |
---|
All the Results for the external scan will be shown in the Results tab. |
Once the scan is completed, navigate to the Results section, to view the details of the added IP.
...
For the added IP can get the details based on the Selected profile.
Overall Grade, Open Ports, Vulnerabilities, Operating System Details, Common SSL Vulnerabilities, and Certificate details will be displayed.
...
One can download the individual External Scan result by clicking on the download icon( ).
...
Web Vulnerabilities
Click View Details under the Vulnerabilities section to get more information about the vulnerabilities.
Details such as Category, CVSS, Severity, Remediation, Impact, and Description are captured for Vulnerabilities.
...
SSL Attacks and Certificates
Common SSL Vulnerabilities like DROWN, POODLE & HEARTBLEED are checked for.
SSL Certificates if any are found on the system, the details as shown below will be available in this section.
...
This completes the documentation of for External Scan.