An internal scan runs from an Alert Logic® appliance in your environment. When you define a scan, you can specify credentials to use with the internal scan. If you provide credentials, Alert Logic will attempt to log on to each host on your network and collect additional detailed information about the host while it performs comprehensive vulnerability checks. This includes registry checks, file system checks, WMI calls, and more. If you do not provide credentials, Threat Manager scans your network without logging on to each host and performs as many checks as possible. These checks are limited compared to a credentialed scan, but may better simulate what an attacker can observe of your network.
An external scan runs from the Alert Logic data centers against your environment. External scans will simulate what an external attacker can see and how the attacker may attempt to infiltrate your environment. The attack surface for an external scan is limited to only externally-facing components in your infrastructure, which are often the most attacked and targeted.
For more information about the types of supported scans and scanning best practices, see our Scans documentation.