Running infrastructure tests

Important: Before running any scan ensure you have created a new product, where the scan results will be stored.

ScanSuite supports several infrastructure checks, such as:

Network Scan includes scanners to be run against the set of IPs or hostnames to identify open ports, listening services and their vulnerabilities.

Specify the scan frequency and set up a schedule if required.

Choose if hosts have to be pinged before scan the ports options. Ping is more actual for internal scans as it saves time when scanning large subnets.

Network Scanners:

• OpenVAS - an open source infrastructure vulnerability scanner. Should be installed separately, as described in Administration section.

• Nmap - basic TCP/UDP discovery scan. Useful to maintain inventories of active hosts and open ports.

• Nuclei - another popular vulnerability scanner.

• Nuclei (My Rules) - runs the rules maintained via "My Rules" menu.

• Nessus Pro - connection setup is similar to OpenVAS and is described in Administration section of this manual.

Local Server Checks:

Linux patching - performs the local patch checks over SSH using OVAL definitions from various vendors. Currently does not accept IP subnets, but the list of individual hostnames or IP addresses. Currently the next OS are supported for patch checks:

• Ubuntu 16.04 - 24.04

• Red Hat 7 - 9

• Debian 9 -12

Ensure you have provided the server username and SSH key via Settings menu before running such scan.

Subdomain Enumeration discovers subdomains and active hosts for given domain names and optionally checks them for open ports. The list of discovered subdomains will be accessible via the Report button once the scan is finished. Expects the comma separated list of domains to perform the enumeration against:

Docker Scan identifies local packages vulnerabilities in docker images. Provide the image_name:tag of docker images, it will be downloaded and checked by the scanner: