Before you launch or schedule vulnerability scans, follow these steps to ensure your scans are successful and you get the most out of your scans.
Option profiles contain scan configuration settings for vulnerability scans. Several profiles are provided by the service for your convenience. Customize an option profile to fine-tune the scan settings to your specific needs. See Managing Option Profiles.
For vulnerability scans, authenticated trusted scanning is optional but recommended. Many vulnerabilities in the KnowledgeBase require authenticated scanning for detection. Authentication records identify credentials used to authenticate to target hosts during scans. Add authentication records and then enable one or more authentication types in an option profile and apply that profile to the scan task. See Getting Started with Trusted Scanning.
For scanner appliance users, you'll be required to select a scanner option for the scan task: Default (for default scanner in asset group), External (for external scanners), All Scanners in Asset Group (for scanner parallelization), or a scanner appliance name. Think about which scanner option best applies to the target hosts. See Scanner Appliance Selection for Scans.
You can find out if hosts on your network are vulnerable to brute force attacks by performing password brute force tests at scan time. To do so, enable password brute forcing in an option profile and then apply that profile to your scan task. See About Password Brute Forcing and Creating Password Brute Force Lists.
Windows Share Enumeration checks for Windows shares that are readable by Everyone and returns the number of files for each share on each host. To use this feature, enable Windows Share Enumeration in an option profile and apply that profile to your scan task. This feature requires the Dissolvable Agent. See Windows Share Enumeration.
Scan by Hostname is a subscription-level feature that allows users to scan hosts by their DNS and/or NetBIOS hostnames. The hostnames are assigned to asset groups, which can be selected as part of the scan target. See Scan by Hostname.
If you scan an IP address that is assigned a tracking method of DNS or NetBIOS hostname, then the service must be able to resolve the target IP address to a hostname. If the hostname is not resolved, then the host will not be scanned and security audit results will not be reported. See Tracking Method.