Alert Logic® Managed Detection & Response customers can select pre-defined port groups or custom ports to scan, as well as configure specific ports to exclude from scans. Previously, scan policies scanned all TCP ports for data center and Azure deployments by default, and this could only be changed by contacting Alert Logic. Customers can now use the Alert Logic console to control which ports are scanned within their scan policies, allowing for easy customization of scans.
In This Article
Select Pre-Defined or Custom Ports to Scan
When creating or editing a scan schedule in the Alert Logic console, new features allow you to select port groups and specify custom ports to scan.
To access the new features, navigate to (navigation menu) > Configure > Deployments > select a Deployment > Scan Schedules. To add a new scan schedule, click (Add), or to edit an existing schedule, click View for the schedule and then click Edit. On the Scan Schedule window that displays, a new Ports tab is available. Click this tab to access the new port scanning options.
Note: The Scan only ports from AWS security groups option only displays for Amazon Web Services (AWS) deployments.
When you first access this tab, two or three options display:
- Scan only ports from AWS security groups (default for AWS deployments)
- Scan all TCP and common UDP ports (new default for data center and Azure deployments)
- Scan selected ports
When you select the Scan selected ports option, two additional sections display – Select Port Groups to Scan and Specify Custom Ports. In the Select Port Groups to Scan section, you can select one or multiple check boxes to identify pre-defined groups of ports you want to scan. For more information about which ports are included in each group, click the link under the Select Port Groups to Scan section title to display documentation listing the ports.
Note: Existing scan schedules for data center deployments will still be set to scan all TCP ports; however, you can modify this default using these new options as needed.
In the Specify Custom Ports section, you can define specific UDP and TCP ports to be scanned. Simply select the protocol, enter the port number or range, and click ADD CUSTOM PORTS to add the entered port to the scan schedule. You can identify and add multiple specific ports to scan as needed.
To save your defined settings, click the SAVE or UPDATE button at the top of the window. With these settings saved, the ports you defined will be scanned based on the scan schedule you defined.
For more information about using these new port scanning features, refer to our Manage Scan Schedules documentation.
Exclude Ports from Scanning
In addition to selecting ports to include on specific scan schedules, you can also now exclude specific ports and port ranges from external and internal scans within a deployment. This feature can be helpful when scanning a specific port or port range may have an adverse impact on your environment. By excluding the port(s) for an asset within the deployment, the ports will not be scanned even if the asset and port is included in default or custom settings within your scan schedules for that deployment.
To access this new exclusion feature, navigate to (Navigation Menu) > Configure > Deployments > select a deployment > Scope of Protection > Exclusions. On the Exclusions window, select the External Scanning or Internal Scanning tab, depending on where you want to exclude ports, and then select Ports.
To exclude a port or range of ports from scanning, first search for and select the asset(s) for which you want to exclude ports from scanning. Once an asset is selected, enter the protocol and port(s) to exclude, then click EXCLUDE AND ADD ANOTHER. To exclude a port for all protocols, select * in Protocol.
The port you entered is added to the Excluded from External Scanning Section, and you can continue to enter additional ports to exclude as needed. After all necessary ports have been excluded, close the window and then click Save on the Scope of Protection screen to save your exclusions.
For more information about excluding ports from scanning, refer to our Exclusions documentation.