Skip to main content

Internal Vulnerability Scanning

What about your internal systems; are they covered?

Updated over 3 weeks ago

How does it work?

Our internal scanning is 'agent-based' – meaning you have to download software onto each machine that you wish to check for vulnerabilities. Once a scan has completed, the agent will send the results back to Intruder and should we detect any weaknesses, you'll see them pop up on your issues page.

What internal targets do you support?

We only support machines running Windows, Linux or MacOS.

How do I install the agent?

  1. Using the in-app wizard select if you'd like to deploy a single agent or make use of mass deployment:

  2. For single targets you'll see this wizard:

  3. If you chose mass deployment you'll instead find the values you'll need to add to your script:

We also have some support articles and videos, should you need them:
Linux
MacOS
Windows

Best practice recommendations

Timing

  • We recommend scanning desktop or laptop targets during working hours (preferably at the very start of the day) as the scan can take several hours to complete depending on the target's file sizes, complexity, etc; and you don't want the machine going offline when the team clocks off.

  • For server-type targets that have high uptime, we're more concerned with system resourcing and so we'd recommend scheduling outside of working hours (when the demand will be lower).

Organizing a large number of targets

Where you have a large number of targets, we'd recommend leveraging our tagging functionality. They can be especially helpful if you have teams in different timezones as you can schedule scans to run during the appropriate local working hours.

Where can I find a list of all the internal checks?

You can find them on our checks page. Simply head to Dashboard > Checks > filter by internal checks and you'll see them all listed below.

How do I know when it was last scanned?

You can find this information in two places:

The Licenses page:

The target's detail page

  • Last scan refers to the last time the target was successfully scanned. (ie. The target was responsive and we were able to scan it for vulnerabilities.)

License tells you what type of license its consuming and when the license is due for release – which will be 30 days after you last kicked off a scan, regardless of whether the target was responsive or not.

What do the statuses mean?

You may noticed an amber status under the Latest Activity column, like this:

These status given an insight into the current status in the installation or linking process.

Status Message

Meaning

Added. Awaiting agent.

The target has been added to the Intruder portal but the agent is not yet linked and reporting back from the target.

Agent unlinked/uninstalled.

The agent has been unlinked or removed from the target, this would indicate something has happened locally on the target to remove the connection to Intruder.

Having trouble with the installation?

If you're having issues with the installation, we recommend having a read of the troubleshooting article first and then contacting the team who will be more than happy to help.

FAQs

Do you scan internal networks?

We don't scan internal networks in the tradition sense (via an appliance), but you can install an agent onto any device that supports Windows, Linux or MacOs. (And if you're interested, we wrote a blog on why we thing agents are superior to appliances when it comes to scanning internal devices.)

How much resources will the agent use?

Our scanners are designed to have minimal impact on your systems, but as the local agent will consume some resources if the target is resource-limited it can have an impact on target performance.

The minimum requirements for the agent is a dual core CPU with a speed >= 1GHz and 1GB or more of RAM. Provided these resource requirements are met the scanner will not experience any issues (such as running out of memory or CPU capacity). That said, the agent will scan slightly slower if the target is at the minimum end of the requirements to try and avoid overwhelming your target.

Can you run the internal agent alongside Device Management tools?

Yes! Running the agent alongside an MDM or device management solution should be no problem at all. It could be worthwhile confirming that the device management platform will not interfere with the Nessus Agent service or prevent it running at startup.

Note: Internal vulnerability scanning is available to anyone on the Pro, Enterprise, and Vanguard plan.

Related Articles
Linux: Install via the wizard
How to delete internal targets (and remove the agent)
How to restore an internal target
🎥 Video: How to install the macOS Internal Agent
🎥 Video: How to install the Windows Internal Agent
Did this answer your question?