The network scanner does a continuous scan of a given network range. The scanner looks for new assets and vulnerabilities.
This is a task for IT or someone with technical capabilities.
The scanners works in four stages:
1) identify assets
2) identify running services and related software
3) identify vulnerabilities based on fingerprints
4) prioritize risks based on Skopos threat database
The scanner is a combination of NMap technology and Skopos Risk Engine. Why do we use Nmap? It is the most popular tool by far by hackers, we want to make sure you see exactly the same things that the majority of hackers see. That is our lower threshold. Skopos risk database adds another layer of insights, along with integration in the Skopos dashboard.
Installation of the scanner
Click on the Green Shield and then 'Install a Network Scanner'.
You will be presented the following screen. This is where you create an account and password (API credentials), you will need these later:
Press the button to generate the account and password
The screen will notify you about the new password ONCE for security reasons. Copy it for the installation. Something similar to
At the end of this page, you can download the 'Network scanner', it is made to run on Windows operating system.
You can now install the scanner and provide the credentials above.
Process is similar to the Skopos Agents Teams (employee agent). The scanner will push all the devices and fingerprints found to the Skopos risk engine. Skopos will assess the risk and show this on your dashboard. The scanner will need some extra configuration.
Once you've installed the network scanner a new option will be available in the menu on top of the Skopos portal. Here you will able to view the assets found by the network scanner. You can install multiple scanner, for example for different segments of your network.
Configure the Network Scanner
The network scanner needs some configuration on what to scan and, if needed, what to ignore. Some devices, most of the time some Internet of Things devices can't handle network scans and sometimes you might want to leave critical business systems out of automated scans.
To configure the network scanner go to Settings -> Network Scanner.
Here is a list of the installed scanners. You can see the last time a scanner pushed data and of it still active or not. The initial name is automatically generated, you can change it to a more meaningful name in the settings. Click on Settings to go to the network scanner details.
In the settings you can enable or disable the network scanner, for example this can be useful during maintenance hours or problem solving situations. You can change the name to something more meaningful. This would be even more handy if you have multiple scanners in your network.
In the IP ranges to scan you can use either single IP-addresses, IP ranges using the CIDR notation or IP-ranges using a minus, like 10.0.0.1-10.0.0.15. You can combine these three notations in the settings textboxes, you have to separate the different addresses and ranges using a semicolon.
The scanner will pick up the settings with the next run, this will be a minute if no scan is running. If a scan is running the network scanner will wait for completion of the scan before using the new settings. Of course, you can force the scanner to stop by stopping the Windows service and restarting after saving the settings.
Ensure, under Setting - Networkscanners the scanner is enabled ("ON") and the IP range has been set to enable the network scanner.