USM Anywhere provides a simple way to include scans for scheduling using its web user interface (UI). See USM Anywhere Scheduler for more information.
To schedule an asset group scan job from the asset group details window
- Go to Environment > Asset Groups.
Click the icon you want to include in an asset group scan and select Full Details.
- Click Actions > Schedule Scan Job.
The Schedule New Job dialog box opens.
- Enter a name for identifying the job.
- (Optional.) Enter a description.
- In the Action Type field, select Asset Scanner.
- Select a USM Anywhere sensor in case you have more than one installed.
- Select the App Action:
- Select Existing Asset Group: In the Enter asset group name field, search for the asset groups to scan. It refers to an existing asset group that was created before. You can either enter the name of the asset group or browse asset groups.
- Create New Asset Group to Scan Using CIDR Block: You can create a new asset group from a Classless Inter-Domain Routing (CIDR)Classless Inter-Domain Routing, which provides a method for allocating IP addresses, routing Internet protocol packets, and subdividing networks. CIDR notation provides a syntax for specifying a range of IP addresses. block. You need to indicate the CIDR block and the network name you want to scan. This option discovers new assets and scans the discovered assets.
- In the App Action field, the Asset Group Scan is the default option.
Select the scan profile that you want to run:
- Discovery: This profile scans the known ports and services searching for the most-used ports. (There are 457 ports).
- Complete: This profile scans all TCP and UDPSimple transmission protocol that does not require recipient notification and uses datagrams for its messaging. UDP is part of the transport layer in the TCP/IP protocol. ports to find the possible ports in a deploymentEntire process involved in installation, configuration, startup, and testing of hardware and software in a specific environment.. (There are 65535 ports).
- Vulnerability Discovery: Performs general network discovery and checks for specific known vulnerabilities. It only reports results if they are found.
- Extended Vulnerability Discovery: Performs a VulnerabilityA known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security. Discovery scan, which actively discovers more about the network.
- Intensive Vulnerability Discovery: Performs several tasks to discover vulnerabilities, which uses up a significant amount of resources on the targeted machine. Because of this, sensitive targets may perceive a brief disruption on their services.
- (Optional.) Select the assets you want to exclude from the scan.
Select Set Debug Mode if you want to log the results of the scan or if you have a problem with a scan.
This option is disabled by default.
Note: Keep in mind that the Set Debug Mode option must be used only for debugging purposes because it needs a large amount of disk space for the file or files that it generates. Only AT&T Cybersecurity Technical Support should review these files. You can contact this department for more information.
In the Schedule section, specify when USM Anywhere runs the job:
- Select the increment as Minute, Hour, Day, Week, Month, or Year.
Set the interval options for the increment.
The selected increment determines the available options. For example, on a weekly increment you can select the days of the week to run the job.
Or on a monthly increment you can specify a date or a day of the week that occurs within the month.
Set the start time.
This is the time that the job starts at the specified interval. It uses the time zone configured for your USM Anywhere instance (the default is Coordinated Universal Time [UTC]).
Important: USM Anywhere restarts the schedule on the first day of the month if the option "Every x days" is selected.
- Click Save.
Depending on the USM Anywhere Sensor that you have installed, this field can include different options.
Discovers assets in your environment, detects changes in assets, and discovers maliciousActivity in a system that exceeds or misuses that access in a manner that negatively affects the confidentiality, integrity, or availability of the organization's information systems. assets in the network.
Discovers services, operating systemsSoftware that manages computer hardware resources and provides common services for computer programs. Examples include Microsoft Windows, Macintosh OS X, UNIX, and Linux., hostnamesA hostname is a label that is assigned to a device connected to a computer network and is used to identify the device on the network., IP and MAC addressesA unique numeric value assigned by the manufacturer to identify a specific network device or computer, which allows communication over networks. Note that a device’s MAC address can be manipulated., and vulnerabilities of known hostsReference to a computer on a network.. This option scans the assets that are already in the group.
The Asset Group field displays the name of the asset group to scan. You can't modify this field.
The job now displays in the job scheduler list.
Note: See USM Anywhere Scheduler for more information.