USM Anywhere provides several kinds of scans that can be done in different ways. This page gives you clearer information about scans, types of scans, the specific ways of doing a scan, the right order for doing scans and avoid asset duplicity, and so on. See USM Anywhere Scheduler Best Practices for more information.
The following table shows the types of scans that you can run using USM Anywhere.
|Types of Scans||Information Collected||From Where You Can Do It||Sensors||References|
|Active directory (AD)||Inventory Information||
||Microsoft Azure, Microsoft Hyper-V, and VMware||Completing the Azure Sensor Setup, Completing the Hyper-V Sensor Setup, and Completing the VMware Sensor Setup|
|Asset discovery||Discovers assets in your environment, detects changes in assets, and discovers malicious assets in the network||
||All||Completing the Hyper-V Sensor Setup, Completing the VMware Sensor Setup, Adding Assets|
|Asset group scans||Assets||
||All||Running Asset Groups Scans|
||All||Running Asset Scans|
|Authenticated asset group scans||Assets||
||All||Running Authenticated Asset Groups Scans|
|Authenticated asset scans||Assets||
||All||Running Authenticated Asset Scans|
|Log collection scans||Log files from an external data source||Job Scheduler page: log collection jobs are initially preset at installation and can't be modified by a user||All||USM Anywhere Scheduler|
|Scheduled AD scan jobs||Inventory Information||Job Scheduler page||Microsoft Azure, Microsoft Hyper-V, and VMware||Running Active Directory Scans|
|Scheduled API scans||Assets||Job Scheduler page||GCP, Microsoft Azure, Microsoft Hyper-V, and VMware||USM Anywhere Scheduler|
|Scheduled asset scans||Assets||Job Scheduler page||All||Scheduling Asset Scans from the Job Scheduler Page|
|Scheduled asset group scans||Assets||Job Scheduler page||All||Scheduling Asset Groups Scans from the Job Scheduler Page|
|Scheduled Authenticated Asset Scans||Assets||Job Scheduler page||All||Scheduling Asset Scans from the Job Scheduler Page|
|Scheduled authenticated asset group scans||Assets||Job Scheduler page||All||Scheduling Asset Groups Scans from the Job Scheduler Page|
|User scans||Scheduled user behavior monitoring scan jobs||Job Scheduler Page||All||Scheduling User Discovery Jobs from the Job Scheduler Page|
Performance Issues Associated with Scans
When running a scan, keep the following in mind:
- Run API scans first to avoid duplicates and discover the most assets in your environment, and then run asset discovery/asset (group) scans with the Asset Scanner to update the asset. When an asset is discovered through a network scan, and then that asset is discovered through an APIs method, the asset will be duplicated.
- After deploying an agent, link it to existing assets.
- When an AD scan discovers an asset, any asset discovery/asset (group) scan updates the existing asset created by the AD scan.
- Assets discovered by API methods contain far more information than assets discovered by network scans and greatly reduce the risk of having duplicate assets. For example, assets discovered by API methods can include information such as the asset state (powered on, powered off, terminated, and so on), the resources allocated to the asset, or the asset operating system.
- If multiple API methods return the same assets, then use only the method that provides the most assets to prevent duplicate assets. The other API methods can be disabled in the Job Scheduler page. See USM Anywhere Scheduler for more information.
- The following table gives you information about the use of some scan types over other:
|Discovery Type||AD Scan||VMware Scan||AWS Scan||Azure Scan||GCP Scan||Agent||Network Scan||Manually Created|
|Asset OS||Yes||Yes||Yes||Yes||Yes||Yes||Depends on information gathered||No|
|Asset info updates||Yes||Yes||Yes||Yes||Yes||Yes||Depends on information gathered||Depends on information gathered|
|Asset state||No||Yes||Yes||Yes||Yes||No only agent state||No||No|