Understanding Agent-Based Scanning vs. Sensor-Based Scanning
When scheduling scans in CYRISMA, it’s important to configure your scans correctly based on the type of scan and scanning method you choose. Misconfiguration is one of the most common reasons for failed scans. This guide will help you understand agent-based scanning versus sensor-based scanning and how to properly set up each method.
Written by Liam Downward
Updated at November 27th, 2024
- User Manual
- Agents
- The Cyber Risk Assessment Process
- API Documents
- General Questions and Troubleshooting
- The Cyber Risk Assessment Process (Video Tutorials)
- Sales and Prospecting Articles
- CYRISMA Partner Portal Access
- Glossary
- CYRISMA Change Log
- Support Ticket SLA
- Onboarding Framework
- PSA Integrations
- Billing Questions
- Self Onboarding Guide
Table of Contents
Agent-Based Scanning
Agent-based scanning utilizes agents installed directly on the target devices. These agents handle the scanning process locally, without requiring remote access.
When to Use Agent-Based Scanning
- Authenticated Vulnerability Scans: For scans that require login credentials to analyze system vulnerabilities.
- Secure Baseline Scans: To ensure compliance with baseline configurations.
How It Works
- Self-Scanning: Targets with agents installed perform their own scans.
- Agent Groups: When scheduling a scan, select "Agent Group" as the target group. This ensures that each target scans itself rather than relying on a single agent to scan multiple devices.
Common Issues with Agent-Based Scanning
- Users mistakenly select a single agent to scan all targets, which fails without the necessary credentials or service accounts.
- Targets without agents installed will not appear in the scan's target list.
Benefits
- Eliminates the need for remote access.
- Reduces the risk of scanning failures due to credential or network issues.
Sensor-Based Scanning
Sensor-based scanning relies on a single agent (or sensor) to scan multiple targets remotely. This method is effective for network-wide scans or when agents cannot be installed on all devices.
When to Use Sensor-Based Scanning
- External Scans: To identify vulnerabilities on external-facing devices.
- Network Scans: For assessing multiple devices within a network.
How It Works
- A designated sensor (agent) scans all configured targets within its scope.
- The sensor requires appropriate credentials and network access to perform the scan.
Common Issues with Sensor-Based Scanning
- Scans fail if credentials are missing or incorrectly configured.
- Network permissions or firewall rules may block access to targets.
Benefits
- Centralized scanning for environments where agent installation is not possible.
- Easier to manage for large networks with consistent configurations.
Configuring Scans Correctly
Check Your Scan Type:
- Use Agent-Based Scanning for authenticated or secure baseline scans.
- Use Sensor-Based Scanning for external or broad network scans.
Select the Right Target:
- For agent-based scans, ensure each target has an agent installed and select "Agent Group" in the target list.
- For sensor-based scans, verify the sensor has appropriate credentials and access.
Verify Credentials:
- Ensure all necessary credentials or service accounts are correctly configured for sensor-based scans.
Review Agent Installation:
- Targets without agents will not be available for agent-based scans. Ensure all targets are properly provisioned with agents.
Troubleshooting Failed Scans
Agent-Based Scans:
- Confirm that each target has an agent installed.
- Ensure the scan is configured to use "Agent Group" as the target.
Sensor-Based Scans:
- Verify credentials and network permissions for the sensor.
- Check for firewall rules or connectivity issues that may block access to targets.
By understanding the differences between agent-based and sensor-based scanning, and ensuring correct configuration, you can avoid common issues and ensure successful scan results. For further assistance, feel free to contact CYRISMA Support.