Unable to disable default Discovery scan in Enhanced Scanning after add new schedules



  • Official comment
    Kirsten Flores

    Hi Kevin,

    Thank you for your continued feedback! I have passed your feedback on to our Product team.

    Are you specifically only referring to Discovery scans? You should be able to disable the default internal and external vulnerability scan schedules. but you are correct that the default discovery scan schedule cannot be disabled. Discovery scans are required for Data Center deployments to help Alert Logic measure entitlement usage, maintain its Managed Detection & Response assets service for accurate visibility into the protection scope, and enrich detected incidents, as well as identify active services/ports on hosts prior to vulnerability scanning. The default discovery scan schedule must be run at least weekly on all networks and cannot be disabled so that Alert Logic can ensure that it can deliver the MDR services and value to the customer.

    That said, you can modify the scan frequency and window for the default Discovery scan schedule and create custom discovery scan schedules to be defined for specific networks/assets for a specific frequency and window. The default Discovery scan schedule remains active to cover any current or future gaps in your custom discovery scan schedules. Are there settings you would like to see available in the default scan schedule that are not available?

  • Avatar
    Kevin Buckley

    Hi Kirsten,

    Thanks for the reply. Yes we are referring to the Discovery scans. If is very disappointing that you are forcing customers to scan devices that they deem critical, and do not want to scan. Is is also unreasonable for customers to be expected to have a minimum of an 8 hour scan window, and not a defined time. We run critical process and backups, etc, and cannot afford for your scans to start within a 8 hour time frame from of the scheduled start time. Even the scan now function doesn't work correctly, as the scan doesn't start immediately which is very frustrating.

    If we cannot disable the default Discovery scan, then custom scans are pointless as the default scan will run anyway. We need to be able schedule our own Discovery scans, when the schedules suits our business, not when it suits AL, we also need to exclude certain IP addresses from the discovery scans, which currently we can not do, as yet again you are forcing us to scan devices we do not want to. As stated above this is causing us to run manual scans which is unsustainable, and makes the product unusable. If you are not going let the customer define their own scans, then please allow us to define the scope within the default scan, so we can exclude default gateways, ilo's, printers and other fragile devices


  • Avatar
    Tessa Blackmon

    This is still an issue today. I have machine that gets 300K + request during the discovery scans and I cannot exclude it from the default discovery scan.


Please sign in to leave a comment.