Guide to Probe Scanning in CYRISMA
Probe scanning in CYRISMA allows users to conduct internal vulnerability scans without deploying agents on every endpoint. This method enables a single probe device to scan and identify vulnerabilities across the network using authentication credentials.
Written by Liam Downward
Updated at March 13th, 2025
- User Manual
- Agents
- The Cyber Risk Assessment Process
- API Documents
- General Questions and Troubleshooting
- The Cyber Risk Assessment Process (Video Tutorials)
- Sales and Prospecting Articles
- CYRISMA Partner Portal Access
- Glossary
- CYRISMA Change Log
- Support Ticket SLA
- Onboarding Framework
- PSA Integrations
- Billing Questions
- Self Onboarding Guide
Table of Contents
When to Use Probe Scanning
If a client or prospect is not ready to deploy agents on all endpoints.
When performing preliminary internal scans during the sales or prospecting phase.
If network-wide credentialed scanning is preferred over deploying agents on each device.
How Probe Scanning Works
1. Deploying the Probe Agent
Install a CYRISMA agent on one endpoint (preferably a server or a machine with network-wide visibility).
This device will act as the probe to scan other devices within the network.
2. Configuring Probe Credentials
In Admin > Scan Agents, enter the domain admin credentials for scanning.
Ensure the credentials are accurate to allow scanning of multiple devices.
3. Performing Network Discovery
Navigate to Targets > Network Discovery.
Enter the subnet range (e.g., 10.11.37.1/24) to identify active endpoints.
Use the probe agent to detect all available devices on the network.
The scan will attempt to authenticate with the provided credentials and pull device details.
4. Merging and Selecting Targets for Scanning
Once network discovery is complete, review the list of discovered devices.
Merge identified targets into the scannable list.
This step ensures that only selected devices are added to licensed scanning.
5. Running an Internal Vulnerability Scan
Navigate to Vulnerability Scan > Schedule a Scan.
Select Authenticated Scan and choose the probe agent as the scanning source.
Choose the discovered targets to be scanned.
Start the scan to assess internal vulnerabilities on the selected devices.
Advantages of Probe Scanning
✅ Reduces Deployment Overhead – No need to install agents on every endpoint.
✅ Ideal for Prospecting – Perform an internal vulnerability scan before agent deployment.
✅ Centralized Scanning – Use a single machine to scan the entire network.
✅ Easy Credential Management – Scan multiple devices with a single credential setup.
Limitations of Probe Scanning
❌ Requires Domain Admin Credentials – Limited functionality if credentials are unavailable.
❌ Endpoint Protection May Block Scans – Ensure whitelisting of CYRISMA agents.
❌ Limited Depth vs. Agent-Based Scanning – Direct agent-based scans provide more granular data.
Best Practices for Successful Probe Scanning
Deploy at least one agent within the network.
Use domain administrator credentials for broader scan coverage.
Whitelist CYRISMA agent folders in security tools like SentinelOne or CrowdStrike.
Perform network discovery first to ensure all devices are detected before scanning.
Consider agent-based scanning for full coverage if deeper analysis is required.