Skip to main content

Non Intensive Scan settings for Internal Scanner

Andrew Jonathan
  • Updated

The purpose of this article is to present various methods of optimizing and modifying the settings of the Footprint Platform in order to ensure that scans have enough time to finish executing, all assets are scanned and no redundant scans are scheduled. Hence, following these methods is recommended if there are assets that have not been scanned lately or scans do not have enough time to finish executing.

Method A - Tunning ARP Settings

This method lowers the amount of generated requests, shortening the time it takes for scans to execute.

Default settings are in seconds unless they end in _ms

The commands must be run with root permission

Optimizing for Alive Hosts:

#cd /proc/sys/net/ipv4/neigh/eth0

  1. Set GC Stale time to 5 minutes:

#echo "300" > gc_stale_time

  1. Set unicast solicit number of probes before fallback:

#echo "1" > ucast_solicit

Optimizing for Dead Hosts:

  1. Set number of sent multicast/broadcast probes:

#echo "1" > mcast_solicit

  1. Set retransmission rate to 10 seconds:

#echo 10000 > retrans_time_ms

Reference:
https://www.baeldung.com/linux/arp-settings

Method B - Optimizing Port Scanning Parameters in Footprint

This method ensures that there are no redundant port scans scheduled.

Go to Settings > Scheduler and Select the Internal Scanner by Name.

  1. Use only the Full Perimeter Service Scan (scan against ~65k ports)

  2. Disable the Full Perimeter Service Scan (scan against ~65k ports) and add or remove the ports scanned by the Critical Service Health & Change Monitoring (TCP/ UDP) scans in order to best comply with the most ports that you know of having in your network.

image-20240202-103512.png

Add or remove the ports scanned by the Critical Service Health & Change Monitoring (TCP/ UDP) scans in order to best comply with the most ports that you know of having in your network.

image-20240202-103050.pngimage-20240202-103109.png

image-20240202-103133.pngimage-20240202-103152.png

Method C - Setting a Scan Window or Optimizing Time Frequency of the Scans in Footprint

This method ensures that scans have enough time to execute and finish.

Go to Settings > Scheduler and Select the Internal Scanner by Name.
Edit the following tasks and set the timer to 3x, 5x or 7x the configured time:

  • Full Perimeter Service Scan

  • Health & Change Monitoring(TCP)

  • Critical Service Health & Change Monitoring(TCP)

  • Critical Service Health & Change Monitoring(UDP)

  • Health & Change Monitoring(UDP)

  • Web Application Availability Scan

  • Advanced scanner tasks without brute force scans

  • Advanced scanner tasks with brute force scans

image-20240209-094501.webpimage-1-20240209-094533.webp

 
Go to Scan Surface > Deployed Scanners > Pick the Internal Scanner by Name and click Edit Scan Window. This will set the time when the scanner should not run so you could pick business hours 08:00-18:00 (aligned to the console time). This will prevent scanning during business hours and impact but will leave less time for possible scans to finish. This should be perfectly fine for small subnets or subnets that do not have many alive hosts.

image-20240209-095410.webpUntitled-20240209-095444.png

Related articles

Comments

0 comments

Please sign in to leave a comment.