How does it work?
Our internal scanning is 'agent-based' – meaning you have to download software onto each machine that you wish to check for vulnerabilities. Once a scan has completed, the agent will send the results back to Intruder, and should we detect any weaknesses, you'll see them appear on your issues page.
What internal targets do you support?
We only support machines running Windows, Linux, or macOS.
How do I install the agent?
Using the in-app wizard, select if you'd like to deploy a single agent or make use of mass deployment:
For single targets, you'll see this wizard:
If you choose mass deployment, you'll instead find the values you'll need to add to your script:
We also have some support articles and videos, should you need them:
Best practice recommendations
Timing
We recommend scanning desktop or laptop targets during working hours (preferably at the very start of the day) as the scan can take several hours to complete, depending on the target's file sizes, complexity, etc, and you don't want the machine going offline when the team clocks off.
For server-type targets that have high uptime, we're more concerned with system resourcing and so we'd recommend scheduling outside of working hours (when the demand will be lower).
Organising a large number of targets
Where you have a large number of targets, we'd recommend leveraging our tagging functionality. It can be especially helpful if you have teams in different time zones, as you can schedule scans to run during the appropriate local working hours.
Where can I find a list of all the internal checks?
You can find them on our checks page. Simply head to Dashboard > Checks > filter by Internal checks, and you'll see them all listed below.
How do I know when it was last scanned?
You can find this information in two places:
The Licenses page:
The target's detail page:
Last scanrefers to the last time the target was successfully scanned. (ie. The target was responsive, and we were able to scan it for vulnerabilities.)Licensetells you what type of license it's consuming and when the license is due for release, which will be 30 days after you last kicked off a scan, regardless of whether the target was responsive or not.
What do the statuses mean?
You may have noticed an amber status under the Latest Activity column, like this:
These statuses give an insight into the current status of the installation or linking process.
Status Message | Meaning |
Ready  | The agent is successfully installed and linked, and the target is ready to scan. |
Agent!  | The target has been added to Intruder, but the agent needs to be installed and/or linked.
|
Agent!  | There is an issue with the agent. Confirm the agent is properly installed and linked.
|
Having trouble with the installation?
If you're having issues with the installation, we recommend having a read of the troubleshooting article first and then contacting the team, who will be more than happy to help.
FAQs
Do you scan internal networks?
We don't scan internal networks in the traditional sense (via an appliance), but you can install an agent on any device that supports Windows, Linux, or macOS. (And if you're interested, we wrote a blog on why we think agents are superior to appliances when it comes to scanning internal devices.)
How many resources will the agent use?
Our scanners are designed to have minimal impact on your systems, but as the local agent will consume some resources if the target is resource-limited, it can have a minor impact on the target's performance.
The minimum requirements for the agent are a dual-core CPU with a speed >= 1GHz and 1GB or more of RAM. Provided these resource requirements are met, the scanner will not experience any issues (such as running out of memory or CPU capacity). That said, the agent will scan slightly slower if the target is at the lower end of the requirements, to try and avoid overwhelming your target.
Can you run the internal agent alongside Device Management tools?
Yes! Running the agent alongside an MDM or device management solution should be no problem at all. It could be worthwhile confirming that the device management platform will not interfere with the Nessus Agent service or prevent it from running at startup.
Note: Internal vulnerability scanning is available to anyone on the Pro, Enterprise, and Vanguard plans.