Scan Engine Data Collection - Rules and Details

This article explains the rules and details that may apply to Scan Engine data collection in specific scanning scenarios.

Enumeration Limitations on Active Directory Domain Controllers

When a vulnerability scan successfully authenticates to a target asset, the Scan Engine enumerates all individual user accounts and user groups found on that asset. Due to their nature and purpose, assets that have been deployed as Active Directory domain controllers can often have thousands of these user accounts and user groups.

Scan Engines will collect and assess policies related to all individual users and user groups, but only a maximum of 2,000 users and groups can be stored by the console and displayed in UI.