USM Anywhere provides a simple way to include scans for scheduling using its web user interface (UI). See USM Anywhere Scheduler for more information.
Scheduling Asset Group Scans
To schedule an asset group scan job from the asset group details window
- Go to Environment > Asset Groups.
Click the icon you want to include in an asset group scan and select Full Details.
- Click Actions > Schedule Scan Job.
The Schedule New Job dialog box opens.
Enter the name and description for the job.
The description is optional, but it is a best practice to provide this information so that others can easily understand what it does.
- In the Action Type field, select Asset Scanner.
- Select a USM Anywhere sensor in case you have more than one installed.
- Select the App Action:
- Select Existing Asset Group: In the Enter asset group name field, search for the asset groups to scan. These asset groups are already existing, and you can search for them by entering the name of the asset group or by browsing for them.
- Create New Asset Group to Scan Using CIDR Block: You can create a new asset group from a Classless Inter-Domain Routing (CIDR)Classless Inter-Domain Routing, which provides a method for allocating IP addresses, routing Internet protocol packets, and subdividing networks. CIDR notation provides a syntax for specifying a range of IP addresses. block. You need to indicate the CIDR block and the network name you want to scan. This option discovers new assets and scans the discovered assets.
- In the App Action field, the Asset Group Scan is the default option.
Select the scan profile that you want to run:
- Discovery: This profile scans the known ports and services searching for the most-used ports. (There are 4571 ports.)
- Complete: This profile scans all TCP and UDPSimple transmission protocol that does not require recipient notification and uses datagrams for its messaging. UDP is part of the transport layer in the TCP/IP protocol. ports to find the possible ports in a deploymentEntire process involved in installation, configuration, startup, and testing of hardware and software in a specific environment.. (There are 65535 ports.)
- Vulnerability Discovery: Performs general network discovery and checks for specific known vulnerabilities. It only reports results if they are found.
- Extended Vulnerability Discovery: Performs a VulnerabilityA known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security. Discovery scan, which actively discovers more about the network.
- Intensive Vulnerability Discovery: Performs several tasks to discover vulnerabilities, which uses a significant number of resources on the targeted machine. Because of this, sensitive targets may perceive a brief disruption on their services.
- (Optional.) Select the assets you want to exclude from the scan.
Select Set Debug Mode if you want to log the results of the scan or if you have a problem with a scan.
This option is disabled by default.
Note: The Set Debug Mode option must be used only for debugging purposes because it needs a large amount of disk space for the file or files that it generates. Only AT&T Cybersecurity Technical Support should review these files. You can contact this department for more information.
In the Schedule section, specify when USM Anywhere runs the job:
Select the increment as Minute, Hour, Day, Week, Month, or Year.
Warning: After a frequency change, monitor the system to check its performance. For example, you can check the system load and CPU. See USM Anywhere System Monitor for more information.
Set the interval options for the increment.
The selected increment determines the available options. For example, on a weekly increment, you can select the days of the week to run the job.
Or on a monthly increment, you can specify a date or a day of the week that occurs within the month.
Set the start time.
This is the time that the job starts at the specified interval. It uses the time zone configured for your USM Anywhere instance (the default is Coordinated Universal Time [UTC]).
Important: USM Anywhere restarts the schedule on the first day of the month if the option "Every x days" is selected.
- Click Save.
Depending on the USM Anywhere Sensor that you have installed, this field can include different options.
Discovers assets in your environment, detects changes in assets, and discovers maliciousActivity in a system that exceeds or misuses that access in a manner that negatively affects the confidentiality, integrity, or availability of the organization's information systems. assets in the network.
Important: Use the Create New Asset Group to Scan Using CIDR Block option for creating new CIDR-based asset groups without leaving the scheduler form. After clicking Save, a new asset group based on the selected CIDR is created.
Your scan job will have the Select Existing Asset Group option selected and the CIDR-based asset group assigned automatically.
Important: Make sure when you use a virtual private network (VPN) using a Cisco Firewall, that arp-proxy is enabled in the firewallVirtual or physical device designed to defend against unauthorized access to data, resources, or a private network. A firewall’s primary purpose is to create segregation between two or more network resources, blocking undesirable traffic between them.. Otherwise, all the assets will be reported using the same media access control (MAC) address, and USM Anywhere will consider all of them to be different interfaces for the same asset.
Discovers services, operating systemsSoftware that manages computer hardware resources and provides common services for computer programs. Examples include Microsoft Windows, Macintosh OS X, UNIX, and Linux., hostnamesA hostname is a label that is assigned to a device connected to a computer network and is used to identify the device on the network., IP and MAC addressesA unique numeric value assigned by the manufacturer to identify a specific network device or computer, which allows communication over networks. Note that a device’s MAC address can be manipulated., and vulnerabilities of known hostsReference to a computer on a network.. This option scans the assets that are already in the group.
The Asset Group field displays the name of the asset group to scan. You can't modify this field.
The job now displays in the job scheduler list.
Note: See USM Anywhere Scheduler for more information.