Discovery scans are run to identify number of live IPs/assets in a network. So .. Why we need to know the count? Imagine you have a subscription of 2000 IPs. Now, when you try to scan a /16 or /20 subnet, you should better know the scope you are going to encounter. Otherwise if you blindly run a full vulnerability scan without any verification then the scan might fail if there are more than 2000 assets in the network.
Discovery scans are fast and free of cost. Another benefit is, you get to know what kind of OSes you are going to encounter which will further help you in creating "Asset Groups" and "Authentication Records".
Discovery scans can be authenticated or unauthenticated. There is a debate around authenticated discovery scans as in if it should be run or not. Can anyone tell why?
Happy Learning !!
No comments:
Post a Comment