Create Scan and Notification Tasks

Once you have installed the VulScan appliance for your site, it's time to configure Scan and Notification Tasks. Scan and Notification Tasks are the heart of VulScan.

  • Scan tasks allow you to configure, schedule, and perform vulnerability scans on the site network at regular intervals. See Create Internal Scan Task and Create External Scan Task.
  • Notification tasks allow you to send email reports of identified vulnerabilities to your technicians and/or customers. You can also configure notification tasks to export this data as tickets in your chosen PSA system. See Create Notification Tasks.

Create Internal Scan Task

In order to collect vulnerability data from the target network, you need to set up scan tasks. Follow these steps to create an internal vulnerability scan task with VulScan:

  1. From your site, go to Vulnerability ScannerSettingsScan and Notification Tasks.
  2. From the Scan Tasks tab, click Create Scan Task.
  3. From Scan Type, select Internal Vulnerability Scan and click next.
  4. Select the Appliance from the drop-down menu and click Next.
  5. This feature is used when multiple IVS appliances are assigned to scan the target network. See Provision VulScan.

    In this case, create separate internal scan tasks to assign to the individual appliances. Define a sub-set of the IP range for each scan task to distribute the work between the available appliances. This can reduce overall scan time on larger networks.

    Do not use multiple appliances to scan the same subnet or IP range. This may produce errors in your scan results.

  6. Select the Scan Profile. You can select from the available profiles, or you can use your own Custom Scan Profiles.
  7. The available options are in the table below. Click Next.

    Scan Profile Description Notes
    Low Impact Scan Standard TCP ports and Top 1000 UDP Does not include brute force login attempts
    Standard Scan Standard TCP ports and Top 1000 UDP  
    Comprehensive Scan All TCP (1-65535) and Top 1000 UDP Comprehensive scans may take a significant amount of time and incur increased load on network

  8. Next select IP ranges. The VulScan appliance will automatically suggest an IP Range for the scan. If you do not wish to scan the default IP Range, select it and click Clear All Entries. Use this screen to enter additional IP Addresses or IP Ranges and click Add.
  9. Do not use multiple appliances to scan the same subnet or IP range. This may produce errors in your scan results.

    From this screen you can also:

    • Click Reset to Auto-detected to reset to the automatically suggested IP Range.
    • Exclude IPs or IP ranges from the scan.
    • Key network component IP addresses should be excluded in order to prevent scans being performed from impacting the performance of a device when it is being scanned. For example, a company might want to exclude the IP Address range for their voice over IP telephone system if they are performing a scan during business hours.

      If you are using multiple appliances to perform internal vulnerability scans for a site, define a sub-set of the IP range for the scan task. Create multiple scan tasks to distribute the work between the available appliances.

  10. Click Next Page once you have configured the IP ranges for the scan.
  11. From the Credentials for Authenticated Scans screen, select whether you use credentials for the internal scan. Note that you must first have entered these credentials from Scan Credentials.
  12. For each protocol, select the credentials you wish to use from the drop-down menu. When you're finished, click Next.

    • SSH: Use this protocol to scan for devices that use the SSH protocol.
    • SMB: Use this protocol to scan for network shares, such as file and printing shares.
    • EXSi: Use this protocol to scan for VMware hosts.
    • SNMP: Use this protocol to scan for devices such as switches, bridges, routers, access servers, computer hosts, hubs, and printers.
  13. From the Verify and Schedule menu, configure the scan task:
    1. Select whether to send an email notification when the scan completes — then enter an email recipient for the notification.
    2. Enter a task label to describe the scan task.
    3. Select the time zone from the drop-down menu.
    4. Next choose a day and time to schedule the scan.
    5. Choose whether to skip devices that have all ports filtered.
  14. Click Save.
  15. The internal vulnerability Scan Task will be created. You can see the details for the task in the scan tasks table.

Scan Task "Run Now" 

You can choose to run a scheduled scan task immediately. To do this, click Run Now next to the chosen task. The vulnerability scan will then enter the scan queue and will begin as soon as any current scan finishes.

Edit/Delete Scan Task

  • To edit a scan task, click the pencil icon next to a task. Make and save your changes.
  • To delete a scan task, click the trash icon next to a task.

Create External Scan Task

Before you can create an external vulnerability scan task, you first need to provision and install an external vulnerability scan appliance. See Install VulScan Appliance and Provision VulScan.

Follow these steps to create an external vulnerability scan task with VulScan:

  1. From your site, go to Vulnerability ScannerSettingsScan and Notification Tasks.
  2. From the Scan Tasks tab, click Create Scan Task.
  3. From Scan Type, select External Vulnerability Scan and click Next.
  4. Select the Appliance from the drop-down menu and click Next.
  5. Enter the IP addresses for the external vulnerability scan. Click Next Page.
  6. You must ensure that no other Network Detective or Compliance Manager products are being used to perform an External Vulnerability Scan on the same external IP Address range at the same time. Allow at least several hours between repeat external vulnerability scans. Scheduling external scans at the same time will result in reports with missing or incomplete data.

    IP ranges for the external vulnerability scan are not supported at this time. Please enter individual IPs for the external scan.

  7. From the Credentials for Authenticated Scans screen, select whether you use credentials for the internal scan. Note that you must first have entered these credentials from Scan Credentials.
    • For each protocol, select the credentials you wish to use from the drop-down menu. When you're finished, click Next.
    • SSH: Use this protocol to scan for devices that use the SSH protocol.
    • SMB: Use this protocol to scan for network shares, such as file and printing shares.
    • EXSi: Use this protocol to scan for VMware hosts.
    • SNMP: Use this protocol to scan for devices such as switches, bridges, routers, access servers, computer hosts, hubs, and printers.
  8. From the Verify and Schedule menu, configure the scan task:
    1. Select whether to send an email notification when the scan completes — then enter an email recipient for the notification.
    2. Enter a task label to describe the scan task.
    3. Select the time zone from the drop-down menu.
    4. Next choose a day and time to schedule the scan.
  9. Click Save.
  10. The external vulnerability Scan Task will be created. You can see the details for the task in the scan tasks table.

Create Notification Tasks

The results of your scan tasks will appear in the Vulnerability Scanner Dashboard for your site, where you can drill down into detected issues. In addition, you can send the results of your vulnerability scans as email notifications to assigned recipients. Likewise, you can configure notification tasks to export identified issues as tickets in your chosen PSA system. To do this:

  1. From your site, navigate to Vulnerability ScannerSettingsScan and Notification Tasks.
  2. From the Notification Tasks tab, click Create Notification Task.
  3. From the Notification Task Type menu, select whether to send an email. Enter the notification email recipient and subject line.
  4. Select whether to Create PSA Ticket. This option only becomes available once you have enabled a Connection for your site from Global Settings. It will then display the name of the Connection.
  5. You will need to set up the integration between your VulScan site and your chosen PSA system before you can use this feature. See Set Up and Assign a Ticketing/PSA System Integration to a Site for a complete walkthrough.

  6. Alternatively, you can choose Export to RocketCyber. This action will make detected issues available to browse in RocketCyber. See Export Notification Tasks to RocketCyber.
  7. Click Next.
  8. Choose from among the available notification parameters:
    • Issue Type: Select whether to notify for all detected issues or only the most recently detected issues.
    • Issue Discovery Time Range: Select whether to filter vulnerability issues by the available time ranges.
    • Grouping: Choose whether to organize issues by vulnerability type (OID) or by device.
    • Issue Detail Verbosity: Select whether to provide only a summary or detailed vulnerability data.
    • Truncate Returned Results After: Select whether to truncate ("cut off") after X number of issues. By default no records are truncated (value="0").
    • CVSS Filter: Select whether to filter issues by CVSS (Common Vulnerability Scoring System). For example, you can set the value to be >=7 and <=10, thus notifying only for issues with a 7-10 CVSS score.
    • Host/IP Filter: Choose whether to include all scanned IP addresses or a specified range. Specify a range in the same way you specify a range for the scan task.
  9. From Select Schedule, enter a task label and schedule your notifications. Click Save.
  10. The created item will appear under notification tasks.

Edit/Delete Notification Task

  • To edit a notification task, click the pencil icon next to a task. Make and save your changes.
  • To delete a notification task, click the trash icon next to a task.