All Collections
Internal vulnerability scanning
Internal Vulnerability Scanning
Internal Vulnerability Scanning

What about your internal systems; are they covered?

Naomi Purvis avatar
Written by Naomi Purvis
Updated this week

How does it work?

Our internal scanning is 'agent-based' (we believe this approach is superior to the traditional network-based approach) and requires you to install an agent (a piece of software that scans your device for weaknesses and reports them back to our portal) onto each machine you want to protect.

What internal targets do you support?

We only cover machines that support Windows, Linux or MacOS.

How do I install the agent?

Using the in-app wizard select if you'd like to deploy a single agent or make use of mass deployment:

For single targets you'll see this wizard:

If you chose mass deployment you'll instead find the values you'll need to add to your script:

  • We also have some support articles and videos, should you need them:

Where can I find a list of all the internal checks?

You can find them on our checks page. Simply head to Dashboard > Checks > filter by internal checks and you'll see them all listed below.

How do I know when it was last scanned?

You can find this information in two places:

The Licenses page:

The target's detail page

Last scan refers to the last time the target was successfully scanned. (ie. The target was responsive and we were able to scan it for vulnerabilities.)

License tells you what type of license its consuming and when the license is due for release – which will be 30 days after you last kicked off a scan, regardless of whether the target was responsive or not.

What do the statuses mean?

You may noticed an amber status under the Latest Activity column, like this:

These status given an insight into the current status in the installation or linking process.

Status Message


Added. Awaiting agent.

The target has been added to the Intruder portal but the agent is not yet linked and reporting back from the target.

Agent unlinked/uninstalled.

The agent has been unlinked or removed from the target, this would indicate something has happened locally on the target to remove the connection to Intruder.

Having trouble with the installation?

If you're having issues with the installation, we recommend having a read of the troubleshooting article first and then contacting the team who will be more than happy to help.

Note: Internal vulnerability scanning is available to anyone on the Pro, Premium and Vanguard plan.

Did this answer your question?