Enable complementary scanning for Scan Engines and Insight Agents
If you deploy Scan Engines and Insight Agents together to assess your assets for vulnerabilities, you can enable complementary scanning to improve Scan Engine efficiency. Complementary scanning can significantly reduce the time it takes for your Scan Engines to scan your assets.
Complementary scanning makes your Scan Engines more efficient by allowing them to skip the authenticated vulnerability checks that the Insight Agent runs on its own. By skipping these redundant checks during a scan, your Scan Engines can specialize in running only unauthenticated (remote) vulnerability checks and policy checks. This behavior reduces the time it takes to complete scans and integrate the collected scan data into the Security Console.
How complementary scanning works
The Insight Agent keeps a record of the vulnerability assessments it runs for the asset on which it is installed. When complementary scanning is enabled, your Scan Engine consults this record to determine if running authenticated vulnerability checks is necessary. As long as the last Insight Agent assessment was successful and ran within the normal data collection schedule, the Scan Engine skips all authenticated vulnerability checks for that asset.
Complementary scanning does not affect the Insight Agent
Enabling complementary scanning only affects what actions the Scan Engine will be responsible for during a scan job. The feature itself will not direct an Insight Agent to collect new data if the Scan Engine determines that the last agent assessment did not run successfully, or if the agent did not collect new data as scheduled.
You must satisfy the following requirements for your Scan Engines to follow the new behavior after enabling complementary scanning:
- Root permissions are required for the Scan Engine to log in to the asset and verify that the Agent has successfully run a recent data collection. This allows the Scan Engine to then skip subsequent authenticated scans and move on to the next target asset.
- Your asset must be running Insight Agent version 2.7.17 or later.
Enable complementary scanning
You can enable this feature by adjusting your scan template configuration. All scan templates with the Vulnerabilities check type enabled have this feature available.
- In your Security Console, click the Administration tab in your left menu.
- In the Scan Options section, click manage next to Templates.
- Browse to and open the scan template you want to configure by clicking its name link.
- On the Scan Template Configuration page, click the Vulnerability Checks tab.
- In the Check Configuration section, check the Skip checks performed by the Insight Agent box.
- Click Save.
Complementary scanning is enabled!
Your Scan Engines now have the ability to skip authenticated vulnerability checks using this scan template when the engine detects an installed Insight Agent.