USM Anywhere™

Running Authenticated Asset Scans

Role Availability Read-Only Analyst   Manager

An authenticated assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. scan verifies scanned Internet Protocol (IP) addresses and detects vulnerabilities. Log inLog in (verb): Process in which an individual gains access to a computer system after providing sufficient credentials to authenticate their unique identity. Login (noun): User credentials, typically a username and matching password. as administrator or rootHigh-level user account with full administrative privileges. to perform an authenticated scanAuthenticated scans are performed from inside the machine using a user account with appropriate privileges.. See Managing Credentials in USM Anywhere for more information.

Warning: Keep in mind that an authenticated scan may fail if the local mail exchanger, which applies to Linux hostsReference to a computer on a network., is enabled in the target asset.

You cannot scan USM Anywhere Sensors.

Asset Scan Credentials and Escalation Options
Operating System Method and Credentials Escalation
Linux, BSD, Solaris, or macOS SSHProgram to securely log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another through Secure Copy (SCP). password or public keyCryptographic key that can be used by anyone to encrypt messages intended for a particular recipient, such that the encrypted messages can be deciphered only by using a second key that is known only to the recipient (the private key). authenticationProcess used to verify the identity of a user, user device, or other entity, usually through a username and password. sudoA program for UNIX-like computer operating systems that allows users to run programs with the security privileges of another user, by default the superuser. or su
Cisco IOS SSH password enable password


Windows username and password through WinRM None

To run an authenticated asset scan from Assets

  1. Go to Environment > Assets.
  2. Complete one of these options to open the Assets dialog box:
    • Next to the asset name that you want to scan, click the icon , select Full Details, and then select Actions > Authenticated Scan.


    • Next to the asset name you want to scan, click the icon and select Authenticated Scan to directly start the asset scan. If the option is not enabled, you will need to add a credential, see Managing Credentials in USM Anywhere.

    A message displays at the top of the page to inform you that the authenticated scan is in progress.

    Important: Credentials assigned directly to an asset have higher priority than those assigned to an asset group.

  3. In the asset details page, click Scan History in the table area to display the results of the scan. You can see the status of each scan and its details, which informs you if the scan is unsuccessful due to bad credentials or a connectivity issue between the USM Anywhere SensorSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. and the asset you are attempting to scan. Each asset will have a Scan Details link you can click to download a zip file containing the details of the recent scan. The link will only be present for the most recent scan of each asset, and will be available for one week after the scan has been run.
  4. Below the Vulnerabilities tab, you can see the vulnerabilities that the scan has found.

    Vulnerabilities Tab on an Asset Details page

    You can also see the vulnerabilities that the scan has found by going to Environment > Vulnerabilities. While the scan is running, a Scanning button displays. When the scan finishes, the message Scan finished. Refresh to view scan results displays. Click the Refresh Scan Results button to update the list.

Note: See Scheduling Authenticated Asset Scans from Assets and Scheduling Asset Scans from the Job Scheduler Page for more information about how to schedule an authenticated asset scan.