Alert Logic® Managed Detection & Response customers can select pre-defined port groups or custom ports to scan, as well as configure specific ports to exclude from scans. Customers can use the Alert Logic console to control which ports are scanned within their scan policies, allowing for easy customization of scans.
In This Article
Select Pre-Defined or Custom Ports to Scan
When creating or editing an internal or external network scan schedule in the Alert Logic console, you can select port groups and specify custom ports to scan.
To access the new features, navigate to (navigation menu) > Configure > Deployments > select a Deployment > Scan Schedules. To add a new scan schedule, click (Add), or to edit an existing schedule, click View for the schedule and then click Edit. On the Scan Schedule window that displays, a new Ports tab is available. Click this tab to access the new port scanning options.
Note: The Scan only ports from AWS security groups option only displays for Amazon Web Services (AWS) deployments.
When you first access this tab, two or three options display:
- Scan only ports from AWS security groups (default for AWS deployments)
- Scan all TCP and common UDP ports (new default for data center and Azure deployments)
- Scan selected ports
When you select the Scan selected ports option, two additional sections display – Select Port Groups to Scan and Specify Custom Ports. In the Select Port Groups to Scan section, you can select one or multiple check boxes to identify pre-defined groups of ports you want to scan. For more information about which ports are included in each group, click the link under the Select Port Groups to Scan section title to display documentation listing the ports.
Note: Existing scan schedules for data center deployments will still be set to scan all TCP ports; however, you can modify this default using these new options as needed.
In the Specify Custom Ports section, you can define specific UDP and TCP ports to be scanned. Simply select the protocol, enter the port number or range, and click ADD CUSTOM PORTS to add the entered port to the scan schedule. You can identify and add multiple specific ports to scan as needed.
To save your defined settings, click the SAVE or UPDATE button at the top of the window. With these settings saved, the ports you defined will be scanned based on the scan schedule you defined.
For more information about using these new port scanning features, refer to our Manage Scan Schedules documentation.
Exclude Ports from Scanning
In addition to selecting ports to include on specific scan schedules, you can also now exclude specific ports and port ranges from external and internal network scans within a deployment. This feature can be helpful when scanning a specific port or port range may have an adverse impact on your environment. By excluding the port(s) for an asset within the deployment, the ports will not be scanned even if the asset and port is included in default or custom settings within your scan schedules for that deployment.
To access this new exclusion feature, navigate to (Navigation Menu) > Configure > Deployments > select a deployment > Scan Exclusions. On the Scan Exclusions screen, select the External Scans or Internal Scans tab, depending on where you want to exclude ports, and then select Ports.
To exclude a port or range of ports from scanning, first search for and select the asset(s) for which you want to exclude ports from scanning. Once an asset is selected, enter the protocol and port(s) to exclude, then click EXCLUDE AND ADD ANOTHER. To exclude a port for all protocols, select * in Protocol.
The port you entered is added to the Exclude from Internal/External Network Scans list, and you can continue to enter additional ports to exclude as needed.
For more information about excluding ports from scanning, refer to our Exclusions documentation.