Scan blackouts
Scan blackouts allow you to prevent scans from taking place during specified times when you need to keep the network available for other traffic. For example, if your company makes extensive backups on Fridays, you could create a recurring blackout period from 9 am to 9 pm every Friday to prevent scans from running at that time.
There are two types of scan blackouts:
- Global blackouts apply throughout Nexpose. Global blackouts are created and managed from the * Site-level blackouts apply only for specific sites. They are created and managed from the On the Site Configuration page. Site-level blackouts can be created and managed by Global Administrators or by Site Managers for that site. page. They can only be created and managed by Global Administrators.
- Site-level blackouts apply only for specific sites. They are created and managed from the On the Site Configuration page. Site-level blackouts can be created and managed by Global Administrators or by Site Managers for that site.
During a blackout period, any scheduled scans will not start. If anyone tries to start a manual scan during a blackout period, they will see a message informing them of the blackout period. Global Administrators will have the option to scan anyway. Others will be unable to proceed with the scan.
If a scan is already in progress when a blackout period begins, the scan will be paused by the system for the duration of the blackout period. The scan will resume once the blackout period is over, in most cases. The exception is if a scheduled scan is paused by the system for a blackout and meets its maximum duration during the blackout period. In that case, the scan duration will take precedence and the blackout duration will not resume.
Each scan takes approximately 30 seconds to shut down, and the scans shut down sequentially. There will be network activity at the beginning of the blackout period while the scans shut down. If you are creating a blackout period because you cannot have network activity during a certain time period, set the blackout to begin earlier to allow for all the scans to shut down.
Creating a global blackout
Only Global Administrators can create global blackouts.
Before creating a global blackout, you may want to review the existing global blackouts in order to avoid creating a new one that overlaps or conflicts.
To review existing global blackouts:
- Go to the Administration page.
- In the Scans > Blackouts section, click Manage Global Blackouts.
- Review the existing global blackout periods.
To create a global blackout:
- Go to the Administration page, and click Scans > Manage Global Blackouts.
- Click Create Blackouts.
- Specify the desired settings: Timezone, start date and time, whether to repeat the blackout (and, if so, a repetition schedule), and a maximum duration. Toggle Enable global blackout on or off to determine whether the blackout will take effect.
- Click Save.
Managing global blackouts
Only Global Administrators can manage global blackouts.
Note: If you modify a blackout that is currently in effect, it will be stopped and any running scans will resume.
Review existing global blackouts
- Go to the Administration page, and click Scans > Blackouts > Manage Global Blackouts.
- Review the existing global blackout periods.
Enable or disable a global blackout
- Go to the Administration page, and click Scans > Blackouts > Manage Global Blackouts.
- Toggle Enable global blackout on or off.
Site blackouts can be administered from the Scan Configuration for that site.
Edit a global blackout
- Click the blackout you want to edit.
- Edit the desired settings: Timezone, start date and time, whether to repeat the blackout (and, if so, a repetition schedule), and a maximum duration. Toggle Enable global blackout on or off to determine whether the blackout will take effect.
- Click Save.
Managing site-level blackouts
To create and edit a site-level blackout, you must be a Site Manager for that site or a Global Administrator.
Review existing blackouts that may affect a site
Before creating a new site-level blackout, you may want to review the existing site-level and global blackouts that may apply to this site. Doing so will help you avoid creating overlapping or conflicting blackouts.
- On the Site Configuration page, go to the Schedule tab.
- In the left navigation, select Manage Blackouts.
- Review the existing blackout periods. The page shows both site-level and global blackouts.
Create a site-level blackout
- On the Site Configuration page, go to the Schedule tab.
- In the left navigation, select Create Blackout.
- Specify the desired settings: Start date and time, maximum duration, whether to repeat the blackout, and, if so, a repetition schedule. Select or clear the Enable blackout checkbox to determine whether the blackout will take effect.
- Click Save on the Create Blackout page.
- Click Save on the Site Configuration page.
Edit a site-level blackouts
Note: If you modify a blackout that is currently in effect, it will be stopped and any running scans will resume.
- On the Site Configuration page, go to the Schedule tab.
- In the left navigation, select Manage Blackouts.
- You can view the list of site-level and global blackouts.
- To enable or disable a site-level blackout, select or clear the Enable check box. Global blackouts can only be edited on the Administration page by Global Administrators.
- To edit a site-level blackout, click the start date, edit the settings, and then click Save on the Create Blackout and Site Configuration pages.
Export scan schedules
You can export your scan schedules at the site level for a view of your site calendar and any potential scheduled scans that may impact performance.
Depending on the schedule data you want, you can use the Command Console for all sites and the API for more extensive results.
Export all schedules for all sites using the Command Console
Access the Command Console from the /admin/global/diag_console.html Run dialogue.
In the Command Console, enter
show schedule
.
Refine your export using the API
1$Rapid7_User = Get-Credential2$Rapid7_Headers = @34{Authorization = "Basic $([System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("$($Rapid7_User.UserName):$($Rapid7_User.GetNetworkCredential().password)")))"}5$Rapid7_BaseUrl = 'https://<Rapid7 Host>:3780/api/3'67$Rapid7_Sites = (Invoke-RestMethod -Uri "$Rapid7_BaseUrl/sites?size=500" -Headers $Rapid7_Headers).resources8$Rapid7_Sites_Info = @()9foreach($Rapid7_Site in $Rapid7_Sites) {10$Rapid7_Site_Schedules = (Invoke-RestMethod -Uri "$Rapid7_BaseUrl/sites/$($Rapid7_Site.id)/scan_schedules" -Headers $Rapid7_Headers).resources | select id,scanName,enabled,scanTemplateId,repeat11$Rapid7_Site_Tags = (Invoke-RestMethod -Uri "$Rapid7_BaseUrl/sites/$($Rapid7_Site.id)/tags" -Headers $Rapid7_Headers).resources | select id,name,source,type12#$Rapid7_Site_Users = (Invoke-RestMethod -Uri "$Rapid7_BaseUrl/sites/$($Rapid7_Site.id)/users" -Headers $Rapid7_Headers).resources | select id,enabled,login13$Rapid7_Site_Assets = (Invoke-RestMethod -Uri "$Rapid7_BaseUrl/sites/$($Rapid7_Site.id)/assets" -Headers $Rapid7_Headers).resources | select id,ip,hostname,os14$Rapid7_Site_IncludedTargets = (Invoke-RestMethod -Uri "$Rapid7_BaseUrl/sites/$($Rapid7_Site.id)/included_targets" -Headers $Rapid7_Headers).resources15$Rapid7_Site_ExcludedTargets = (Invoke-RestMethod -Uri "$Rapid7_BaseUrl/sites/$($Rapid7_Site.id)/excluded_targets" -Headers $Rapid7_Headers).resources16$Rapid7_Site_IncludedAssetGroups = (Invoke-RestMethod -Uri "$Rapid7_BaseUrl/sites/$($Rapid7_Site.id)/included_asset_groups" -Headers $Rapid7_Headers).resources | select id,name,type,searchCriteria17$Rapid7_Site_ExcludedAssetGroups = (Invoke-RestMethod -Uri "$Rapid7_BaseUrl/sites/$($Rapid7_Site.id)/excluded_asset_groups" -Headers $Rapid7_Headers).resources | select id,name,type,searchCriteria1819$Rapid7_Sites_Info += [pscustomobject]@2021{ ID = $Rapid7_Site.id Name = $Rapid7_Site.name ScanTemplate = $Rapid7_Site.scanTemplate Type = $Rapid7_Site.type Schedules = $Rapid7_Site_Schedules Tags = $Rapid7_Site_Tags #Users = $Rapid7_Site_Users Assets = $Rapid7_Site_Assets IncludedTargets = $Rapid7_Site_IncludedTargets ExcludedTargets = $Rapid7_Site_ExcludedTargets IncludedAssetGroups = $Rapid7_Site_IncludedAssetGroups ExcludedAssetGroups = $Rapid7_Site_ExcludedAssetGroups }22}2324$Rapid7_Sites_Info | select ID,Name,ScanTemplate,Type,@{name=’Schedules’; expression={if($_.Schedules -eq $null)2526{0} elseif ($.Schedules.GetType().Name -eq 'PSCustomObject') {1} else {$.Schedules.count}}},@{name=’Tags’; expression={if($_.Tags -eq $null) {0}27elseif ($_.Tags.GetType().Name -eq 'PSCustomObject')2829{1} else {$.Tags.count}}},@{name=’Assets’; expression={if($.Assets -eq $null) {0} elseif ($_.Assets.GetType().Name -eq 'PSCustomObject') {1}30else {$.Assets.count}}},@{name=’IncludedTargets’; expression={if($.IncludedTargets -eq $null)3132{0} elseif ($.IncludedTargets.GetType().Name -eq 'PSCustomObject') {1} else {$.IncludedTargets.count}}},@{name=’ExcludedTargets’; expression={if($_.ExcludedTargets -eq $null) {0}33elseif ($_.ExcludedTargets.GetType().Name -eq 'PSCustomObject')3435{1} else {$.ExcludedTargets.count}}},@{name=’IncludedAssetGroups’; expression={if($.IncludedAssetGroups -eq $null) {0} elseif ($_.IncludedAssetGroups.GetType().Name -eq 'PSCustomObject') {1}36else {$.IncludedAssetGroups.count}}},@{name=’ExcludedAssetGroups’; expression={if($.ExcludedAssetGroups -eq $null)3738{0}39elseif ($_.ExcludedAssetGroups.GetType().Name -eq 'PSCustomObject')4041{1}42else {$_.ExcludedAssetGroups.count}}} | Export-Csv -Path .\Downloads\Rapid7_Sites.csv -NoTypeInformation