Discovery Methods
The following table shows the types of scans that you can run using USM Anywhere. Types of Scans in USM Anywhere| Types of Scans | Information Collected | From Where You Can Do It | Sensors | References |
|---|---|---|---|---|
| Active directory (AD) | Inventory Information |
| Microsoft Azure, Microsoft Hyper-V, and VMware | Complete the Azure Sensor Setup, Complete the Hyper-V Sensor Setup, and Complete the VMware Sensor Setup |
| Asset discovery | Discovers assets in your environment, detects changes in assets, and discovers malicious assets in the network |
| All | Complete the Hyper-V Sensor Setup, Complete the VMware Sensor Setup, Adding Assets |
| Asset group scans | Assets |
| All | Running Asset Groups Scans |
| Asset scans | Assets |
| All | Running Asset Scans |
| Authenticated asset group scans | Assets |
| All | Running Authenticated Asset Groups Scans |
| Authenticated asset scans | Assets |
| All | Running Authenticated Asset Scans |
| Log collection scans | Log files from an external data source | Job Scheduler page: log collection jobs are initially preset at installation and can’t be modified by a user | All | USM Anywhere Scheduler |
| Scheduled AD scan jobs | Inventory Information | Job Scheduler page | Microsoft Azure, Microsoft Hyper-V, and VMware | Scheduling Active Directory Scans from the Job Scheduler Page |
| Scheduled API scans | Assets | Job Scheduler page | GCP, Microsoft Azure, Microsoft Hyper-V, and VMware | USM Anywhere Scheduler |
| Scheduled asset scans | Assets | Job Scheduler page | All | Scheduling Asset Scans from the Job Scheduler Page |
| Scheduled asset group scans | Assets | Job Scheduler page | All | Scheduling Asset Groups Scans from the Job Scheduler Page |
| Scheduled Authenticated Asset Scans | Assets | Job Scheduler page | All | Scheduling Asset Scans from the Job Scheduler Page |
| Scheduled authenticated asset group scans | Assets | Job Scheduler page | All | Scheduling Asset Groups Scans from the Job Scheduler Page |
| User scans | Scheduled user behavior monitoring scan jobs | Job Scheduler Page | All | Scheduling User Discovery Jobs from the Job Scheduler Page |
Performance Issues Associated with Scans
When running a scan, keep the following in mind:- Run API scans first to avoid duplicates and discover the most assets in your environment, and then run asset discovery/asset (group) scans with the Asset Scanner to update the asset. When an asset is discovered through a network scan, and then that asset is discovered through an APIs method, the asset will be duplicated.
- After deploying an agent, link it to existing assets.
- When an AD scan discovers an asset, any asset discovery/asset (group) scan updates the existing asset created by the AD scan.
- Enabling vulnerability events will generate System Events for each newly discovered vulnerability. Be prepared for an influx of System Events when enabling this feature. It is recommended to run a few initial vulnerability scans to get a baseline prior to enabling this feature.
- Assets discovered by API methods contain far more information than assets discovered by network scans and greatly reduce the risk of having duplicate assets. For example, assets discovered by API methods can include information such as the asset state (powered on, powered off, terminated, and so on), the resources allocated to the asset, or the asset operating system.
- If multiple API methods return the same assets, then use only the method that provides the most assets to prevent duplicate assets. The other API methods can be disabled in the Job Scheduler page. See USM Anywhere Scheduler for more information.
-
The following table gives you information about the use of some scan types over other:
Scans Differences
Discovery Type AD Scan VMware Scan AWS Scan Azure Scan GCP Scan Agent Network Scan Manually Created API Yes Yes Yes Yes Yes No No No Asset OS Yes Yes Yes Yes Yes Yes Depends on information gathered No Host resources Yes Yes Yes Yes Yes No No No Asset info updates Yes Yes Yes Yes Yes Yes Depends on information gathered Depends on information gathered Asset state No Yes Yes Yes Yes No only agent state No No