Knowledge base
Knowledge base
Breadcrumbs

Network Scan Against Multiple Assets

Last Updated: 2025-09-30



Purpose

This article shows how to perform a network scan against multiple assets.

Introduction

Network Scan Against Multiple Assets allows you to run a single scan configuration over different identifiers (such as IPs, hostnames) tied to the same logical asset. This means that assets with multiple endpoints can all be assessed in one go, giving you flexibility in targeting and enabling you to see how changes in configuration affect scan coverage or performance.

Scan Data Preparation

Cloud Credentials

  1. Create AWS credentials on the Account/Credentials page.

  2. Create a new Scan policy with the credentials to be used in the Network host assessment scan configuration.

image-20250731-093749.png

Cloud Asset

  1. Prepare a cloud asset for scanning. To learn more about discover cloud assets, refer to the Cloud Discovery article.

  2. Tag the cloud asset that is discovered in the process of Cloud Discovery mentioned in step 1. This tag will be used in the network scan configuration.

  3. Set Scan setting for each asset identifier. Users can target specific identifiers for an asset by including these identifiers and excluding others from a scan. HOSTNAME identifiers have another Scan setting option named Vhost only which allow them to be used only as a Vhost.

    Portal_Scanning_NetworkScan_2.png

Network Asset

  1. Prepare a network asset for scanning. To learn more about discover network assets, refer to the Network Discovery article.

  2. Tag the network asset that is discovered in the process of Network Discovery mentioned in step 1 with the same tag you used for the cloud asset so that the network scan can pick up both the cloud asset and this network asset.

  3. Specify which identifiers should be included in a scan against the asset.

    Portal_Scanning_NetworkScan_3.png


Network Scan

  1. Create a new Network host assessment scan configuration with the created Scan policy and the tag used for the discovered assets.

    netsecmultipleassets.png


  2. Set the Scanner settings. For better understanding of the settings, please refer to Network Host Assessment. In this specific case, we will tweak the settings as followed:

    1. Enable the Scan all resolved IPs option to scan all the IP addresses resolved from assets.

    2. Disable the Ignore scanner on asset identifiers option so that the asset associations will only be scanned using scanners that match the specified scanner field. To view the specified scanner for each asset identifier in an asset, click on the asset and check the Scanner column under the ASSOCIATIONS tab.

      Portal_Scanning_NetworkScan.png


    3. Disable the Scan cloud assets without credentials option so that any assets with no cloud credentials are skipped.

    4. Limit the maximum number of concurrent scans by setting the Max concurrent scans to two.

    5. Limit the maximum number of concurrent scans against a single asset by setting the Max concurrent scans per asset to one.

  3. Run the network scan.

    Portal_Scanning_NetworkScan_4.png


    1. A NETWORK LOOKUP scan will run before the actual network scans are triggered. This scan will resolve all the IP addresses from the assets and prepare them for the following network scans.

    2. Since we opted for the Scan all option, all resolved IP addresses will be scanned. In this case, we have three triggered network scans corresponding to three resolved targets.



Related Articles