Configure network vulnerability scans to scan target network assets on a specified network segment for vulnerabilities with no agent deployment required.

Important
Important
This is a "Pre-release" feature and is not considered an official release. Please review the Pre-release disclaimer before using the feature.
Note
Note
This feature is not available in all regions.
To configure a basic network vulnerability scan, you need:
  • A deployed Service Gateway virtual appliance with the Network Vulnerability Scanner service installed
  • IP addresses or FQDNs for the target network segment
  • Authentication credentials for the target network assets

Procedure

  1. Install the Network Vulnerability Scanner service on your deployed Service Gateway.
    1. Deploy a Service Gateway virtual appliance to the network environment you wish to scan if no Service Gateway is currently deployed. For more information, see Getting started with Service Gateway.
    2. In Workflow and AutomationService Gateway Management, click the name of the desired Service Gateway to view details.
    3. Click Manage services to view the list of available services.
    4. Find and install the Network Vulnerability Scanner service.
      Note
      Note
      The Network Vulnerability Scanner Service requires at least 0.5 CPUs and 500 MB of virtual memory.
      The Network Vulnerability Scanner service appears in the list of installed services for the Service Gateway.
  2. Create a new network vulnerability scan.
    1. In Cyber Risk Exposure ManagementVulnerability ManagementNetwork Vulnerability Scanner, click Create scan from either the Network scans tab or under Network Vulnerability Scan in the Scan templates tab.
      The Network Vulnerability Scan template appears.
    2. Specify a name and description for the scan.
    3. Select the Service Gateway to use for the scan. Only Service Gateways with the Network Vulnerability Scanner service installed are available.
    4. Specify up to 300 IPv4 addresses, ranges, or FQDNs separated by commas to scan for target network assets. CIDR notation is supported.
      Important
      Important
      Only Cisco network devices running Cisco IOS version 12 or 15 are currently supported for scanning. No device details or vulnerability results are supplied for other network devices at the target IPs.
    5. Specify your authentication credentials for the target network devices.
      1. Choose whether to authenticate to the network device using SSH with a password or a private key.
      2. Provide your username and either the password or private key used to authenticate.
        Note
        Note
        Only one set of credentials is currently supported per scan. To scan targets requiring a different set of credentials for authentication, create a separate scan.
    6. Choose whether to trigger the scan at a specified scheduled interval or to only allow manual scanning.
    7. Click Save.
      The newly configured scan appears on the list in the Network scans tab.