As we have reached out to customers for feedback on Adaptive Security use cases (see: Adaptive Security Overview for details on this feature), we have found that many customers would like to control the outcome of the “New Asset discovered” trigger. They want to be able to not just kick a scan since they either have some restrictions as to when to scan, or they don't scan everything that comes out of DHCP (or other dynamic source of assets), for some networks they do spot checking and don't want to scan everything.

The video below illustrates the usage of adaptive security's “New Asset Discovered” trigger and how to pick the actions taken when new assets are added to your environment. The video shows that you can do multiple things to answer to the trigger:

  • Add the assets to a site and scan them

  • Add the assets to a site and not scan right away

  • Add assets that meet a certain rule (ie. ip range 10.1.0.0 - 10.1.255.255) to a site and scan, while assets that meet another rule (ie. ip range 10.2.0.0 - 10.2.255.255) to be added to the site but not immediately scanned.

The video shows how a Dynamic Site based on a DHCP connection is different than a Static site with Automated actions for new assets discovered. Furthermore the video explains that you have full control of your scanning windows and the fact that a “New Asset Discovered” action triggered does not mean you have to scan the asset right away, you have full control. Also, blackouts, both site level and global are ALWAYS respected by the Adaptive security feature, therefore, if a trigger that starts a scan happens in between a blackout, the scan will be held/queued until the blackout is completed and then kicked.

I hope you enjoy the video and you can put in practice these concepts to automate further the Vulnerability Management program at your organization.