Beginning on August 8, Alert Logic Managed Detection & Response customers will have more control over scan scheduling and performance in the Alert Logic console. Enhanced scan scheduling gives you the flexibility to schedule multiple scans at different intervals and duration windows to better meet the demands of you and your customers’ business. With this feature, you can stop in-progress scans and adjust scan intensity within the Alert Logic console to optimize scan performance. You can also leverage existing scan scope selections to perform on-demand scans for more immediate verification of your remediation efforts.
Additionally, five new vulnerability reports are available that provide detailed asset-centric lists of your current vulnerabilities or vulnerable hosts, as well as the variance of resolved and new vulnerabilities for a given day, week, or month.
In This Article:
- Create Multiple Scan Schedules
- Manage Scan Schedules
- Adjust Scan Performance
- New Vulnerability Reports
- Translation of Existing Scan Schedules
- Additional Resources
Create Multiple Scan Schedules
With this release, you can now create multiple scan schedules to scan different assets within your deployment at different times and frequencies. Scan schedules can be created within Configure > Deployments. After selecting a deployment, select Scan Schedules. On the Scan Schedules page, schedules can be managed for discovery scans, internal scans, and external scans.
Prior to this release, the default scan frequency could be modified for each scan type, but you could not create multiple scan schedules. When you first access this page after the release of the enhanced scan scheduling, each type of scan will have a default schedule, and any existing settings you had modified in your scan frequency will be reflected. For more information on how existing settings are converted to the new scan scheduling experience, refer to the Translation of Existing Scan Schedules section of this article.
Define Scan Frequency and Scope
To create a new scan schedule, simply click the 
(Add) icon. The Create a Scan Schedule window displays, where you can define the frequency, scan windows, and scope of the scan.
The Schedule tab includes settings similar to the previous experience, allowing you to choose how often and when to perform the scan. However, you can now further customize to only scan specific assets or IP ranges using the Scope tab.
With the ability to define the scope of the scan, you can choose to scan specific assets at specific times rather than excluding assets from all scans.
For detailed steps on creating scan schedules, refer to our Create a scan schedule documentation.
Manage Scan Schedules
Once your scan schedules are created, you can easily manage the scans on the Scan Schedules page. When you click on a scan schedule, additional details display to provide a quick view of the scan cadence and scope of each scan. To edit the scan details, simply click Edit.
From the Scan Schedule screen, you can also toggle scans between active or inactive as needed.
Note: For data center deployments, the default discovery scan schedule cannot be set as inactive.
Stop Scans on Demand
When necessary, you can also choose to stop a vulnerability scan that is in progress directly on the Scan Schedules page. When a scan is in progress, the “Scan In Progress” text displays in the scan list next to the scan schedule name. To stop the scan, simply click STOP THIS SCAN, and then click STOP THIS SCAN again on the confirmation window that displays.
The scan is stopped and “Incomplete Scan” displays next to the scan name. The scan will start again at the next scheduled time. If you want to stop future scans, you can also deactivate the scan or delete the scan schedule if it is no longer needed.
Adjust Scan Performance
Enhancements are also available in your general scan settings to allow you to adjust your scan performance by determining how many concurrent scans can be run. By default, a maximum of 10 CIDR blocks can be concurrently scanned during discovery scans, and a maximum of 10 IPs can be concurrently scanned during vulnerability scans. Using new controls in the scan settings for each asset, you can now customize these maximum limits.
Note: To access these scan settings, navigate to Investigate > Topology. Specify a deployment or region in the respective drop-down menus, and then click on the asset to manage. In the slideout panel that displays, click Scan Settings.
Selecting a lower number (as low as 1) means fewer concurrent scans will run, which reduces scan traffic but also results in slower scans and a longer scan duration. Selecting a higher number (up to 20) results in a faster scan and shorter scan duration but increases scan traffic. Keep in mind that these numbers are maximum limits – the actual number of concurrent scans will vary based on appliance resource availability and network bandwidth but will not exceed the defined limit.
If you are unsure of the appropriate settings to use for your environment, Alert Logic recommends reaching out to our Support team by submitting a ticket before making changes to these settings.
New Vulnerability Reports
There are several new reports available to help you assess the vulnerability status of your environment and trends for new, resolved, and unresolved vulnerabilities in your environment. The following reports are currently available.
- Current Vulnerabilities Breakdown reports – These reports provide a breakdown of current vulnerability instances and vulnerable hosts ranked by count severity and asset-level or vulnerability details.
- Current Vulnerable Hosts Breakdown – This breakdown report provides asset-level detail.
- Current Vulnerabilities Breakdown – This breakdown report provides vulnerability details.
- Vulnerability Variance reports – These reports provide valuable summary, trending, and detailed lists for new, resolved, and unresolved vulnerabilities in your environment. You can gain insight into the effectiveness of your vulnerability management and remediation efforts. There are three reports available:
- Daily Vulnerability Variance Report – Provides a comparison from the previous day.
- Weekly Vulnerability Variance Report – Provides a comparison from the last day of the previous week.
- Monthly Vulnerability Variance Report – Provides a comparison from the last day of the previous month.
For more information on Vulnerabilities reports, refer to our Vulnerabilities Reports documentation.
Translation of Existing Scan Schedules
If you modified the default scan schedules in the previous scan scheduling experience, your modifications are automatically translated to the default schedules in the new enhanced scan scheduling. The following table provides examples on how existing scan settings are translated to this new experience.
|
Previous Scan Frequency |
Previous Scan Window |
New Scan Frequency |
New Scan Window |
|
Scan as often as necessary (default) |
Scan whenever necessary (default) |
Scan as often as necessary (default) |
Scan any time (default) |
|
Scan once a day |
Scan only during certain times on certain days Start time = 21:00 Scan Days = Saturday |
Scan once a day |
Scan only during certain times
Duration = 8 hrs Start time = 21:00 Selected Day(s) of the Week = Saturday |
|
Scan once a week |
Scan only on a certain day (7-day selector)
Scan Days = Monday, Friday, Saturday |
Scan once a week |
Scan only during certain times
Scan window 1: End day & time = Monday, 23:59
Scan window 2: Start day & time = Friday, 00:00 End day & time = Saturday, 23:59 |
|
Scan once a month |
Scan only on a certain day (31-day selector)
Scan dates = 31st |
Scan once a month |
Scan only during certain times on certain days Start date & time = 31st, 00:00 End date & time = 31st, 23:59 Note: Months without 29, 30, or 31 days will scan on the “last day of the month” instead. |
These examples illustrate some scenarios to help you understand how your specific scan settings have migrated. To view how your particular scan settings transitioned to the new experience, click on each default scan schedule to view a summary of the scan settings. You can then view and modify the scan settings by clicking Edit.
For more information on creating and managing scan schedules, refer to our Manage Scans and Scan Results documentation.
Additional Resources
The following additional articles and documentation may be useful when managing scan schedules using this enhanced experience:
Comments
0 comments
Please sign in to leave a comment.