Create and run a vulnerability scan in Network Vulnerability Scanner

Procedure

1. Install the Network Vulnerability Scanner service on your deployed Service Gateway.
   1. In Workflow and Automation → Service Gateway Management, click the name of the desired Service Gateway to view details.
   2. Click Manage services to view the list of available services.
   3. Find and install the latest version of the Network Vulnerability Scanner service.

      Note The Network Vulnerability Scanner service requires at least 2 CPUs and 4 GB of virtual memory.

   The Network Vulnerability Scanner service appears in the list of installed services for the Service Gateway.
2. Create a new network vulnerability scan.
   1. In Cyber Risk Exposure Management → Vulnerability Management → Network Vulnerability Scanner, click Create scan from either Network scans or under vulnerability scan in Scan templates.
   2. Specify a name and description for the scan.
   3. Select the Service Gateway to use for the scan. Only Service Gateways with the Network Vulnerability Scanner service installed are available.
   4. Specify up to 10,000 IPv4 addresses, ranges, or FQDNs separated by commas to scan for target network assets. CIDR notation is supported.

      Important Only supported devices running a supported operating system are available for scanning. No device details or vulnerability results are supplied for other network devices at the target IPs. For a list of supported products, see Network Vulnerability Scanner supported products.

   5. Specify your authentication credentials for the target network devices. The following authentication methods are available:
   • Secure shell (SSH) with password (default login port: 22)
   • Secure shell (SSH) with private key (default login port: 22)
   • SNMPv3 with configured port, security level, and algorithms and passwords as required based on the selected security level
   • SNMPv2c with community string and port

   Note Only one set of credentials is currently supported per scan. To scan targets requiring a different set of credentials for authentication, create a separate scan. Passphrase-protected SSH private keys cannot be used to authenticate. SNMPv3 security levels include: Authentication and encryption: Requires both authentication and encryption algorithms and passwords Authentication only: Requires authentication algorithm and password No authentication or encryption

   1. Choose whether to trigger the scan at a specified scheduled interval or to only allow manual scanning.
   2. Click Save only to save the scan and wait for the scan to run according to your configured schedule or Save and run scan to save and trigger the scan immediately.
   The newly configured scan appears on the list in Network scans.
3. After the scan completes, you can download a report containing the scan results from Scan reports. Up to 15 scans can run at the same time.

   Important Only the most recent scan report for each scan is available. To keep a record of an earlier scan, download the report before the next scheduled scan.

4. Manage detected vulnerabilities in Threat and Exposure Management.
   1. After the scan completes, click View latest vulnerability risk events or View latest system configuration risk events.
   2. View and manage risk events and vulnerable devices detected during the scan.