A common request we hear from customers is for the ability to schedule scans on individual assets, or on subsets of assets.

Currently, you can start a manual scan and choose specific IPs, engine and template, but you need to have permissions to create sites in order to schedule such a scan.

Good news!

In version 6.4.18 version of Nexpose, released Jan 25th 2017, we've addressed this! Now individual site owners can create schedules and choose specific IP's, ranges or asset groups to kick off at a later time, or on a regular basis. Additionally, you can give manual or scheduled scans a name – making it much easier to understand what's being scanned and when.

With these enhancements you can:

  • Schedule single assets, subsets of assets, or asset groups to scan (one-off or repeating)
  • Name all manual or scheduled scans for ease of tracking
  • Choose any engine available to you for any scheduled scan - scheduled scans are no longer constrained to the site default engine
  • See who started, stopped, paused or resumed each scan

How to Use It

(1) Name your scan

(2) Choose to use the default engine for this particular schedule, or any other engine available to you

(3) Check the 'Specify Subset of Assets' box to give you the ability to choose to scan specific assets for this schedule.

(Site default is unchecked so the schedule would scan the full site)

When you check the box to 'Specify Subset of Assets', you can be more explicit with your inclusions and exclusions for this schedule.

Tables such as current scans and past scans on the homepage and scan history pages will now show the name of the scan, and the name of the person who triggered the scan.

The Small Print

  1. When creating a scheduled or manual scan, the name field is not required.

If you do not enter a name, we'll just use the time and date the scan started to fill the current scans and past scans tables for tracking.

  1. Since we currently use string comparison for the validation of assets and asset groups, there is a limitation to the functionality.

Here is an example of valid and invalid use of this new functionality

Valid

Site Asset Range x.x.x.1 - x.x.x.255. You choose to schedule a scan only for a range x.x.x.10 - x.x.x.25

Invalid

Create New Asset group. Subset A = x.x.x.10 - x.x.x.25
Site Asset Range x.x.x.1 - x.x.x.255. You choose to schedule a scan only by specifying by group 'Subset A'