Manage Vulnerability Scan Schedules
Alert Logic performs scans on all assets in your deployments. When you create a deployment, Alert Logic automatically creates default scan schedules to perform internal and external network vulnerability scans on all non-excluded assets and ports that vary according to deployment type. You can enable the default schedule for agent-based scans, which detect vulnerabilities and missing patches on hosts with an agent installed.
You can also schedule when you want to perform specific scans. From the Scan Schedules page in the Alert Logic console, you can edit the default schedule and create additional schedules for all or selected assets and ports within the of the deployment.
For more information about scan types that you can schedule and managing scan schedules, see:
- Vulnerability scan types
- Default scan schedules
- Create a scan schedule
- View scan schedules and details
- Stop a scan in progress
- Activate or deactivate a scan schedule
- Edit a scan schedule
- Delete a scan schedule
- Exclude assets and ports from scans
PCI scan management and discovery scan management for Data Center deployments are not covered in this topic. For information about PCI scans, see Manage PCI Scans. For information about discovery scans, see Manage Discovery Scan Schedules.
Exclusions, scan frequency, and scheduling options apply only to assets that are scanned using Alert Logic appliances. Cloud configuration checks performed using cloud APIs, such as checks that are part of the CIS Foundations benchmark, are not affected.
Vulnerability scan types
You can schedule the following types of vulnerability scans:
- Agent-Based Scans—Scan for vulnerabilities and missing patches on hosts with an Alert Logic agent installed. Agent-based scans are available for all deployments, but you must enable agent-based scanning if you want to run them.
- Internal Network Scans—Scan for vulnerable assets and ports, internally, from an Alert Logic appliance in your environment. Internal network vulnerability scans are available for all deployments.
- External Network Scans—Scan for vulnerable assets and ports, externally, from the Alert Logic system against your environment. This type of scan simulates attacks from outside your network and identifies potential issues from these attack types. External network scans are available for all deployments.
After you define the scope of protection for your deployment, you can create and manage your scan schedules at any time.
For more information about scan types and scanning best practice, see About Alert Logic Scans.
Default scan schedules
Alert Logic default schedules for vulnerability scans vary according to deployment type.
Data Center deployment
If you enable agent-based scanning for the deployment, the default agent-based scan schedule for a Data Center deployment scans all hosts with the Alert Logic agent installed that are in the scope of protection twice a day, at any time. You can change the scan frequency, window, and asset scope of the default agent-based scan but not the schedule name. You can make the default agent-based scan schedule inactive, but you cannot delete it. You can also choose to use the default internal network scan schedule for agent-based scans if you prefer to manage fewer schedules. For more information, see Agent-Based Scanning
The default internal network scan schedule for a Data Center deployment scans all assets in the scope of protection once a week, at any time. The default schedule for ports is the same and includes all TCP ports and common UDP ports that are in the scope of protection. You can change the scan frequency, window, asset scope, and port scope of the default schedule but not the schedule name. The default schedule is inactive when you create a deployment. If you want to use the default schedule, activate it when ready. You can leave the default schedule inactive, but you cannot delete it.
The default external network scan schedule for a Data Center deployment scans all assets once a week, at any time. The default schedule for ports is the same and includes all TCP ports and common UDP ports. You can change the scan frequency, window, asset scope, and port scope of the default schedule but not the schedule name. The default schedule is inactive when you create a deployment. If you want to use the default schedule, activate it when ready. You can leave the default schedule inactive, but you cannot delete it.
AWS deployments
If you enable agent-based scanning for the deployment, the default agent-based scan schedule for AWS deployments scans all hosts with the Alert Logic agent installed that are in the scope of protection twice a day, at any time. You can change the scan frequency, window, and asset scope of the default agent-based scan but not the schedule name. You can make the default agent-based scan schedule inactive, but you cannot delete it. You can also choose to use the internal network scan schedules for agent-based scans if you prefer to manage fewer schedules. For more information, see Agent-Based Scanning
The default internal network scan schedule for AWS deployments scans all assets in the scope of protection as often as necessary (once a day, or twice a day if significant changes to an asset are detected), at any time. The default schedule for ports is the same and includes all ports in AWS security groups that are in the scope of protection. You can change the scan frequency, window, asset scope, and port scope of the default schedule but not the schedule name. The default schedule is inactive when you create a deployment. If you want to use the default schedule, activate it when ready. You can leave the default schedule inactive, but you cannot delete it.
The default external network scan schedule for AWS deployments scans all assets as often as necessary (once a day, or twice a day if significant changes to an asset are detected), at any time. The default schedule for ports is the same and includes all ports in AWS security groups. You can change the scan frequency, window, asset scope, and port scope of the default schedule but not the schedule name. The default schedule is inactive when you create a deployment. If you want to use the default schedule, activate it when ready. You can leave the default schedule inactive, but you cannot delete it.
Azure deployments
If you enable agent-based scanning for the deployment, the default agent-based scan schedule for Azure deployments scans all hosts with the Alert Logic agent installed that are in the scope of protection twice a day, at any time. You can change the scan frequency, window, and asset scope of the default agent-based scan but not the schedule name. You can make the default agent-based scan schedule inactive, but you cannot delete it. You can also choose to use the internal network scan schedules for agent-based scans if you prefer to manage fewer schedules. For more information, see Agent-Based Scanning
The default internal network scan schedule for Azure deployments scans all assets in the scope of protection as often as necessary (once a day, or twice a day if significant changes to an asset are detected), at any time. The default schedule for ports is the same and includes all TCP ports and common UDP ports that are in the scope of protection. You can change the scan frequency, window, asset scope, and port scope of the default scan but not the schedule name. The default schedule is inactive when you create a deployment. If you want to use the default schedule, activate it when ready. You can leave the default schedule inactive, but you cannot delete it.
The default external network scan schedule for Azure deployments scans all assets as often as necessary (once a day, or twice a day if significant changes to an asset are detected), at any time. The default schedule for ports is the same and includes all TCP ports and common UDP ports. You can change the scan frequency, window, asset scope, and port scope of the default schedule but not the schedule name. The default schedule is inactive when you create a deployment. If you want to use the default schedule, activate it when ready. You can leave the default schedule inactive, but you cannot delete it.
Create a scan schedule
You can choose the frequency of scans and when you want Alert Logic to perform scans for each deployment. For agent-based scans, you can choose whether to scan all or selected assets within the scope of protection, but only hosts with the Alert Logic agent will be scanned. For internal and external network vulnerability scans, you can choose whether to scan all or selected assets and ports within the scope of protection.
To create a scan schedule:
- In the Alert Logic console, click the menu icon ().
- Click Configure, click Deployments, and then click the deployment for which you want to create a scan schedule.
- In the left panel, click Scan Schedules.
- On the Scan Schedules page, click Agent-Based Scans, Internal Network Scans, or External Network Scans.
- Click the add icon ().
- Type a descriptive name for the scan schedule. The name cannot exceed 127 characters.
- If you want the schedule to be active, turn on Schedule Is Active. Turn it off if you want to save the schedule but not activate it yet.
Agent-based scans
Schedule how often to scan
To schedule how often you want to scan for vulnerabilities and missing patches on hosts with an Alert Logic agent installed, choose one of the following scan frequency options:
- Scan as often as necessary—Select this option if you want to scan your hosts up to twice a day or when significant changes are detected, such as the addition of a network. This option automatically scans all assets selected on the Scope tab at least once in a 24-hour period. The option attempts a second scan depending on resources and changes to your environment. Scans on networks or hosts added that day, for example, occur immediately and take priority over second scans. Assets that were not scanned twice take priority the next day.
- Scan once a day
- Scan once a week
- Scan once every two weeks
- Scan once a month
- Scan once—Select this option if you want to scan assets selected on the Scope tab once, starting at a specific time. For example, to verify a patch or remediation action, you can use this option to schedule a scan of several assets to start within the next five minutes instead of waiting for the next regularly scheduled scan.
Schedule when to scan
To scan for vulnerabilities and missing patches on hosts with an Alert Logic agent installed, choose one of the following scan window options:
- Scan any time—Select this option if you do not want to limit scans to certain days or times.
- Scan only during certain times—Select this option to choose the specific days and hours for this scan. You can define multiple scan windows if you chose Scan as often as necessary, Scan once a week, Scan once every two weeks, or Scan once a month as the frequency. If all assets are not scanned during a window, the unscanned assets take priority at the start of the next scan window.
- Scan only during certain times on certain days (available if you choose Scan once a month as the scan frequency)
- Scan only during a certain week on a certain day (available if you choose Scan once a month as the scan frequency)
If you chose Scan once as the frequency, specify the time zone, start day and time, and end day and time for the scan.
Define the scope of the scan
Alert Logic scans all current and future assets in the scope of protection by default. You can choose to scan specific assets for this schedule instead. To exclude assets from all scans, not just this schedule, exclude them on the Scan Exclusions page for the deployment.
To select specific assets that you want to scan within the scope of protection, click the Scope tab and choose one of the following options:
- Scan all assets—Click this option to scan all current and future assets in the scope of protection.
- Scan only selected assets—Click this option to search for and choose assets and AWS tags (for AWS deployments) that you want to include in the scan schedule. You can also enter IP addresses, IP address ranges, or CIDRs. When you finish selecting assets, click ADD TO SCAN SCOPE.
You can select hosts that do not have an Alert Logic agent installed on them yet, but the agent-based scan does not occur until you actually install the agent on the hosts. In the list that allows you to search for assets, an agent icon () indicates hosts with an Alert Logic agent installed.
Click SAVE, and then click NEXT.
Internal network scans and external network scans
Schedule how often to scan
To schedule how often you want to scan for vulnerabilities on your internal or external networks, choose one of the following scan frequency options:
- Scan as often as necessary—Select this option if you want to scan assets for vulnerabilities up to twice a day or when significant changes to an asset are detected, such as the addition of a network. This option automatically scans all the assets you selected on the Scope tab at least once in a 24-hour period. The option attempts a second scan depending on resources and changes to your environment. Scans on networks or hosts added that day, for example, occur immediately and take priority over second scans. Assets that were not scanned twice take priority the next day.
- Scan once a day
- Scan once a week
- Scan once every two weeks
- Scan once a month
- Scan once a quarter
- Scan once—Select this option if you want to scan assets selected on the Scope tab once, starting at a specific time. For example, to verify a patch or remediation action, you can use this option to schedule a scan of several assets to start within the next five minutes instead of waiting for the next regularly scheduled scan.
Schedule when to scan
To schedule when you want to scan for vulnerabilities, choose one of the following scan window options:
- Scan any time—Select this option if you do not want to limit scans to certain days or times.
- Scan only during certain times—Select this option to choose the specific days and hours for this scan. For a quarterly scan, you can also choose the specific month of the quarter for this scan. You can define multiple scan windows if you chose Scan as often as necessary, Scan once a week, Scan once every two weeks, Scan once a month, or Scan once a quarter as the frequency.
- Scan only during certain times on certain days (available if you choose Scan once a month or Scan once a quarter as the scan frequency)
- Scan only during a certain week on a certain day (available if you choose Scan once a month as the scan frequency)
If you chose Scan once as the frequency, specify the time zone, start day and time, and an option for the end day and time for the scan:
- No end date (scan until done)
- Specify end date and time
Define the scope of the assets to scan
For internal network scans, Alert Logic scans all current and future assets in the scope of protection by default. For external network scans, Alert Logic scans all current and future assets by default. You can choose to scan specific assets for this schedule instead. To exclude assets from all scans, not just this schedule, exclude them on Scan Exclusions page for the deployment.
To select specific assets that you want to scan within the scope of protection, click the Scope tab and choose one of the following options:
- Scan all assets—Click this option to scan all current and future assets in the scope of protection.
- Scan only selected assets—Click this option to search for and choose assets and AWS tags (for AWS deployments) that you want to include in the scan schedule. You can also enter IP addresses, IP address ranges, or CIDRs. When you finish selecting assets, click ADD TO SCAN SCOPE.
Define the ports to scan
For Data Center and Azure deployments, Alert Logic scans all TCP ports and common UDP ports in the scope of protection by default. For AWS deployments, Alert Logic scans all current ports from your security groups included in the scope of protection by default. You can choose to scan specific ports for this schedule instead. You can choose one or more port groups to scan and/or enter a list of custom ports. For advice on scan frequencies, see Port scan frequency recommendations. To exclude ports from all scans, not just this schedule, exclude them on the Scan Exclusions page for the deployment.
To select specific ports that you want to scan within the scope of protection, click the Ports tab and choose one of the following options:
- Scan only ports from security groups—(AWS deployments only) Click this option to scan all current ports from your AWS security groups.
- Scan all TCP and common UDP ports—Click this option to scan all TCP ports and common UDP ports. For specific ports included in these groups, see Port groups.
- Scan selected ports—Click this option if you want to select one or more specific port groups and/or a custom list of ports to scan. For specific ports included in groups listed under Select Port Groups to Scan, see Port groups.
Under Specify Custom Ports, you can enter custom port lists.
Custom ports can overlap with selected port groups and do not result in scanning the same port twice.
To specify custom ports:
- Under Specify Custom Ports, select the port protocol: UDP or TCP.
- In the Port(s) field, enter one or more ports that you want to include in the scan schedule. Use a dash or colon to indicate a range (for example, 1-10001). Separate multiple ports or port ranges with a comma (for example, 11234, 11311, 12000- 12010).
- Click ADD CUSTOM PORTS.
Click SAVE, and then click NEXT.
Port groups
Port group name | Ports |
---|---|
Common TCP Ports (1000) | 1, 3, 4, 6, 7, 9, 13, 17, 19, 20, 21, 22, 23, 24, 25, 26, 30, 32, 33, 37, 42, 43, 49, 53, 70, 79, 80, 81, 82, 83, 84, 85, 88, 89, 90, 99, 100, 106, 109, 110, 111, 113, 119, 125, 135, 139, 143, 144, 146, 161, 163, 179, 199, 211, 212, 222, 254, 255, 256, 259, 264, 280, 301, 306, 311, 340, 366, 389, 406, 407, 416, 417, 425, 427, 443, 444, 445, 458, 464, 465, 481, 497, 500, 512, 513, 514, 515, 524, 541, 543, 544, 545, 548, 554, 555, 563, 587, 593, 616, 617, 625, 631, 636, 646, 648, 666, 667, 668, 683, 687, 691, 700, 705, 711, 714, 720, 722, 726, 749, 765, 777, 783, 787, 800, 801, 808, 843, 873, 880, 888, 898, 900, 901, 902, 903, 911, 912, 981, 987, 990, 992, 993, 995, 999, 1000, 1001, 1002, 1007, 1009, 1010, 1011, 1021, 1022, 1023, 1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1032, 1033, 1034, 1035, 1036, 1037, 1038, 1039, 1040, 1041, 1042, 1043, 1044, 1045, 1046, 1047, 1048, 1049, 1050, 1051, 1052, 1053, 1054, 1055, 1056, 1057, 1058, 1059, 1060, 1061, 1062, 1063, 1064, 1065, 1066, 1067, 1068, 1069, 1070, 1071, 1072, 1073, 1074, 1075, 1076, 1077, 1078, 1079, 1080, 1081, 1082, 1083, 1084, 1085, 1086, 1087, 1088, 1089, 1090, 1091, 1092, 1093, 1094, 1095, 1096, 1097, 1098, 1099, 1100, 1102, 1104, 1105, 1106, 1107, 1108, 1110, 1111, 1112, 1113, 1114, 1117, 1119, 1121, 1122, 1123, 1124, 1126, 1130, 1131, 1132, 1137, 1138, 1141, 1145, 1147, 1148, 1149, 1151, 1152, 1154, 1163, 1164, 1165, 1166, 1169, 1174, 1175, 1183, 1185, 1186, 1187, 1192, 1198, 1199, 1201, 1213, 1216, 1217, 1218, 1233, 1234, 1236, 1244, 1247, 1248, 1259, 1271, 1272, 1277, 1287, 1296, 1300, 1301, 1309, 1310, 1311, 1322, 1328, 1334, 1352, 1417, 1433, 1434, 1443, 1455, 1461, 1494, 1500, 1501, 1503, 1521, 1524, 1533, 1556, 1580, 1583, 1594, 1600, 1641, 1658, 1666, 1687, 1688, 1700, 1717, 1718, 1719, 1720, 1721, 1723, 1755, 1761, 1782, 1783, 1801, 1805, 1812, 1839, 1840, 1862, 1863, 1864, 1875, 1900, 1914, 1935, 1947, 1971, 1972, 1974, 1984, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2013, 2020, 2021, 2022, 2030, 2033, 2034, 2035, 2038, 2040, 2041, 2042, 2043, 2045, 2046, 2047, 2048, 2049, 2065, 2068, 2099, 2100, 2103, 2105, 2106, 2107, 2111, 2119, 2121, 2126, 2135, 2144, 2160, 2161, 2170, 2179, 2190, 2191, 2196, 2200, 2222, 2251, 2260, 2288, 2301, 2323, 2366, 2381, 2382, 2383, 2393, 2394, 2399, 2401, 2492, 2500, 2522, 2525, 2557, 2601, 2602, 2604, 2605, 2607, 2608, 2638, 2701, 2702, 2710, 2717, 2718, 2725, 2800, 2809, 2811, 2869, 2875, 2909, 2910, 2920, 2967, 2968, 2998, 3000, 3001, 3003, 3005, 3006, 3007, 3011, 3013, 3017, 3030, 3031, 3052, 3071, 3077, 3128, 3168, 3211, 3221, 3260, 3261, 3268, 3269, 3283, 3300, 3301, 3306, 3322, 3323, 3324, 3325, 3333, 3351, 3367, 3369, 3370, 3371, 3372, 3389, 3390, 3404, 3476, 3493, 3517, 3527, 3546, 3551, 3580, 3659, 3689, 3690, 3703, 3737, 3766, 3784, 3800, 3801, 3809, 3814, 3826, 3827, 3828, 3851, 3869, 3871, 3878, 3880, 3889, 3905, 3914, 3918, 3920, 3945, 3971, 3986, 3995, 3998, 4000, 4001, 4002, 4003, 4004, 4005, 4006, 4045, 4111, 4125, 4126, 4129, 4224, 4242, 4279, 4321, 4343, 4443, 4444, 4445, 4446, 4449, 4550, 4567, 4662, 4848, 4899, 4900, 4998, 5000, 5001, 5002, 5003, 5004, 5009, 5030, 5033, 5050, 5051, 5054, 5060, 5061, 5080, 5087, 5100, 5101, 5102, 5120, 5190, 5200, 5214, 5221, 5222, 5225, 5226, 5269, 5280, 5298, 5357, 5405, 5414, 5431, 5432, 5440, 5500, 5510, 5544, 5550, 5555, 5560, 5566, 5631, 5633, 5666, 5678, 5679, 5718, 5730, 5800, 5801, 5802, 5810, 5811, 5815, 5822, 5825, 5850, 5859, 5862, 5877, 5900, 5901, 5902, 5903, 5904, 5906, 5907, 5910, 5911, 5915, 5922, 5925, 5950, 5952, 5959, 5960, 5961, 5962, 5963, 5987, 5988, 5989, 5998, 5999, 6000, 6001, 6002, 6003, 6004, 6005, 6006, 6007, 6009, 6025, 6059, 6100, 6101, 6106, 6112, 6123, 6129, 6156, 6346, 6389, 6502, 6510, 6543, 6547, 6565, 6566, 6567, 6580, 6646, 6666, 6667, 6668, 6669, 6689, 6692, 6699, 6779, 6788, 6789, 6792, 6839, 6881, 6901, 6969, 7000, 7001, 7002, 7004, 7007, 7019, 7025, 7070, 7100, 7103, 7106, 7200, 7201, 7402, 7435, 7443, 7496, 7512, 7625, 7627, 7676, 7741, 7777, 7778, 7800, 7911, 7920, 7921, 7937, 7938, 7999, 8000, 8001, 8002, 8007, 8008, 8009, 8010, 8011, 8021, 8022, 8031, 8042, 8045, 8080, 8081, 8082, 8083, 8084, 8085, 8086, 8087, 8088, 8089, 8090, 8093, 8099, 8100, 8180, 8181, 8192, 8193, 8194, 8200, 8222, 8254, 8290, 8291, 8292, 8300, 8333, 8383, 8400, 8402, 8443, 8500, 8600, 8649, 8651, 8652, 8654, 8701, 8800, 8873, 8888, 8899, 8994, 9000, 9001, 9002, 9003, 9009, 9010, 9011, 9040, 9050, 9071, 9080, 9081, 9090, 9091, 9099, 9100, 9101, 9102, 9103, 9110, 9111, 9200, 9207, 9220, 9290, 9415, 9418, 9485, 9500, 9502, 9503, 9535, 9575, 9593, 9594, 9595, 9618, 9666, 9876, 9877, 9878, 9898, 9900, 9917, 9929, 9943, 9944, 9968, 9998, 9999, 10000, 10001, 10002, 10003, 10004, 10009, 10010, 10012, 10024, 10025, 10082, 10180, 10215, 10243, 10566, 10616, 10617, 10621, 10626, 10628, 10629, 10778, 11110, 11111, 11967, 12000, 12174, 12265, 12345, 13456, 13722, 13782, 13783, 14000, 14238, 14441, 14442, 15000, 15002, 15003, 15004, 15660, 15742, 16000, 16001, 16012, 16016, 16018, 16080, 16113, 16992, 16993, 17877, 17988, 18040, 18101, 18988, 19101, 19283, 19315, 19350, 19780, 19801, 19842, 20000, 20005, 20031, 20221, 20222, 20828, 21571, 22939, 23502, 24444, 24800, 25734, 25735, 26214, 27000, 27352, 27353, 27355, 27356, 27715, 28201, 30000, 30718, 30951, 31038, 31337, 32768, 32769, 32770, 32771, 32772, 32773, 32774, 32775, 32776, 32777, 32778, 32779, 32780, 32781, 32782, 32783, 32784, 32785, 33354, 33899, 34571, 34572, 34573, 35500, 38292, 40193, 40911, 41511, 42510, 44176, 44442, 44443, 44501, 45100, 48080, 49152, 49153, 49154, 49155, 49156, 49157, 49158, 49159, 49160, 49161, 49163, 49165, 49167, 49175, 49176, 49400, 49999, 50000, 50001, 50002, 50003, 50006, 50300, 50389, 50500, 50636, 50800, 51103, 51493, 52673, 52822, 52848, 52869, 54045, 54328, 55055, 55056, 55555, 55600, 56737, 56738, 57294, 57797, 58080, 60020, 60443, 61532, 61900, 62078, 63331, 64623, 64680, 65000, 65129, 65389 |
Common UDP Ports (108) | 7, 9, 17, 19, 49, 53, 67, 68, 69, 80, 88, 103, 104, 105, 111, 120, 123, 135, 136, 137, 138, 139,158, 161, 162, 177, 427, 443, 445, 497, 500, 514, 515, 518, 520, 593, 601, 623, 626, 631, 660996, 997, 998, 999, 1022, 1023, 1025, 1026, 1027, 1028, 1029, 1030, 1433, 1434, 1645,1646, 1701, 1718, 1719, 1812, 1813, 1900, 2000, 2048, 2049, 2222, 2223, 3283, 3456,3703, 4444, 4500, 5000, 5060, 5353, 5632, 9200, 10000, 17185, 20031, 30718, 31337,32768, 32769, 32771, 32815, 33281, 49152, 49153, 49154, 49156, 49181, 49182, 49185,49186, 49188, 49190, 49191, 49192, 49193, 49194, 49200, 49201, 50924, 51704, 52768, 65024 |
Typically Vulnerable TCP Ports (10,071) | 1-10001, 10008, 10110, 10202-10203, 11234, 11311, 12000, 12010, 12168, 12174, 12221, 12345, 12397, 12401, 12754, 13701, 13722, 13724, 13782, 13838, 14206, 14247, 14942, 15104, 16102, 16388, 16660, 17000, 17781, 18264, 18302, 19300, 20031, 20101, 20222, 20432, 21700, 23472, 25072, 27017, 27374, 27665, 28017, 29005, 32982, 33270, 33567-33568, 34443-34444, 36010, 36794, 36890, 37452, 38292, 40080, 40180, 41002, 4 1080, 41443, 41523, 42800, 50000-50001, 51100, 54345, 55555, 57772, 60008, 62078 |
Typically Vulnerable UDP Ports (108) | 7, 9, 17, 19, 49, 53, 67, 68, 69, 80, 88, 103, 104, 105, 111, 120, 123, 135, 136, 137, 138, 139,158, 161, 162, 177, 427, 443, 445, 497, 500, 514, 515, 518, 520, 593, 601, 623, 626, 631, 660996, 997, 998, 999, 1022, 1023, 1025, 1026, 1027, 1028, 1029, 1030, 1433, 1434, 1645,1646, 1701, 1718, 1719, 1812, 1813, 1900, 2000, 2048, 2049, 2222, 2223, 3283, 3456,3703, 4444, 4500, 5000, 5060, 5353, 5632, 9200, 10000, 17185, 20031, 30718, 31337,32768, 32769, 32771, 32815, 33281, 49152, 49153, 49154, 49156, 49181, 49182, 49185,49186, 49188, 49190, 49191, 49192, 49193, 49194, 49200, 49201, 50924, 51704, 52768, 65024 |
All TCP Ports | 1-65535 |
View scan schedules and details
On the Scan Schedules page, you can view a list of all scan schedules, including default scan schedules, in your deployment. When you browse the list, you can see the following information:
- Indication of the scan cadence, such as automatic, daily, weekly, monthly, or once
- Scan progress, which includes the last scan date, an indication that the scan is in progress, or notice that the last scan was incomplete
- Number of targets in the scan scope. This is the number of target hosts in the assets selected on the Scope tab.
- Scan schedule status: Active or Inactive
- For agent-based scans, whether agent-based scans use internal network scan schedules instead of agent-based scan schedules
You can sort the list of scan schedules by:
- Schedule name
- Active or inactive schedule
- Latest scan
- Next scan
- Number of assets included in the scope
You can also stop a scan in progress, activate or deactivate the schedule, and view additional schedule details from the list.
Access the Scan Schedules page
To access the Scan Schedules page and view your list of schedules, access the deployment for which you want to view scan schedules, and then click Scan Schedules in the left panel.
View the details of a scan schedule
On the Scan Schedules page, click View next to a listed schedule to see scan schedule details, scan frequency and window, asset scope, and ports.
Scan schedule details
- Date created
- Last scan date
- Next scan date
- Scan targets last scanned (number of successfully scanned assets in scope)
Scan frequency and window
- Scan frequency
- Scan window
- Time Zone
- Start date and time
- End date and time
View and export scan results
To view and export scan schedule breakdown reports in a new tab, click the report that you want to access in the bottom left of the scan schedule details view.
Stop a scan in progress
You can stop a scan that is already in progress from the Scan Schedules page.
To stop a scan
- Access the deployment for which you want to stop the scan, and then click Scan Schedules in the left panel.
- On the Scan Schedules page, find the scheduled scan that is in progress.
- Click STOP THIS SCAN.
Activate or deactivate a scan schedule
You can make a schedule active or inactive from the Scan Schedules page.
To activate or deactivate a scan schedule
- Access the deployment for which you want to activate or deactivate the scan schedule, and then click Scan Schedules in the left panel.
- On the Scan Schedules page, find the scheduled scan that you want to activate or deactivate.
- Choose Active to activate the schedule or Inactive to deactivate it.
Edit a scan schedule
You can edit a schedule from the Scan Schedules page.
To edit a scan schedule
- Access the deployment for which you want to edit the scan schedule, and then click Scan Schedules in the left panel.
- On the Scan Schedules page, find the scan schedule that you want to edit.
- Click View next to the schedule, and then click the EDIT icon.
- On the Edit a Scan Schedule page, change any of the settings, and then click SAVE.
Delete a scan schedule
You can delete scan schedules that you create. The default scan schedules that Alert Logic creates cannot be deleted.
To delete a scan schedule
- Access the deployment from which you want to delete the scan schedule, and then click Scan Schedules in the left panel.
- On the Scan Schedules page, find the scan schedule that you want to delete.
- Click View next to the schedule, and then click the DELETE icon.
Exclude assets and ports from scans
You can exclude deployment assets from agent-based scans. You can exclude deployment assets and ports from internal and external network scans. By setting exclusions globally, you can avoid managing them in each schedule. Excluding an asset or port from scans prevents future scans of the assets or ports, but does not stop scans in progress. Exposures from previous scans are still reflected on the excluded assets and ports.
Exclusions from agent-based scans
To exclude assets or AWS tags from agent-based scans:
- Access the deployment for which you want to configure exclusions, and then click Scan Exclusions in the left navigation panel.
- Select the Agent-Based Scans tab.If you chose to use internal network scan schedules for agent-based scans, choose the Internal Network Scans tab instead.
- To exclude assets, click ASSETS to search for available assets to exclude, and then click EXCLUDE for the asset you want to exclude.
- (AWS deployments only) To exclude assets by using AWS tags, click TAGS to search for available tags to exclude, and then click EXCLUDE for the tag you want to exclude.
- On the Scan Exclusions page, click SAVE EXCLUSIONS.
Exclusions from internal network scans
To exclude assets, ports, or AWS tags from internal network scans:
- Access the deployment for which you want to configure exclusions, and then click Scan Exclusions in the left panel.
- Select the Internal Network Scans tab.
- To exclude assets, click ASSETS to search for available assets to exclude, and then click EXCLUDE for the asset you want to exclude.
- To exclude ports, click PORTS, and then do the following:
- Search for the host, subnet, or network that has the ports you want to exclude from internal network scans.
- In the Protocol field, select the port protocol: UDP or TCP.
- Enter one or more ports that you want to exclude. Use a dash or colon to indicate a range (for example, 1-10001). Separate multiple ports or port ranges with a comma (for example, 11234, 11311, 12000-12010).
- Click EXCLUDE AND ADD ANOTHER.
- (AWS deployments only) To exclude assets by using AWS tags, click TAGS to search for available tags to exclude, and then click EXCLUDE for the tag you want to exclude.
- On the Scan Exclusions page, click SAVE EXCLUSIONS.
Exclusions from external network scans
To exclude assets or ports from external network scans:
- Access the deployment for which you want to configure exclusions, and then click Scan Exclusions in the left panel.
- Select the External Network Scans tab.
- To exclude assets, click ASSETS to search for available assets to exclude, and then click EXCLUDE for the asset you want to exclude.
- To exclude ports, click PORTS, and then do the following:
- Search for the host, subnet, or network that has the ports you want to exclude from external network scans.
- In the Protocol field, select the port protocol: UDP or TCP.
- Enter one or more ports that you want to exclude. Use a dash or colon to indicate a range (for example, 1-10001). Separate multiple ports or port ranges with a comma (for example, 11234, 11311, 12000-12010).
- Click EXCLUDE AND ADD ANOTHER.
- On the Scan Exclusions page, click SAVE EXCLUSIONS.