Create a scan schedule

You can create a new Internal Vulnerability Assessment (IVA) or Agent scan schedule:

Create an IVA scan schedule

You can create a scan schedule to organize a group of scan targets for scanning within a specific scan window. Target scanning starts based on the scan schedule window, scanner capacity, and target availability.

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Data Collection > Scan Schedules.
  3. Click Create New Scan Schedule.
  4. In the Info section, configure these settings:
    • Source — Select Internal Scanner.
    • Name — Enter a name for the schedule.
    • Description — Optional. Enter a description for the schedule.
  5. In the Schedule section, configure these settings:
    • Enabled — This checkbox is selected by default. Clear this checkbox if you do not want the scan schedule to be enabled when it is created.
    • Priority — Select one of these options:
      • Low — The scan runs after all other scans are complete.
      • Medium — The scan runs after high priority scans but before low priority scans.
      • High — The scan completes before all other scans.
        Note:
        • The priority of a scan is used when there are conflicting scan schedules, to determine which scan schedule should be applied. For example, if a target is covered under a daily and a weekly scan, the one with the higher priority would go first. If the priority is the same value, the least recently scanned target is selected. If both schedules are equally least recently scanned, the scans are performed in alphabetical order.
        • If a high priority scan does not complete in the scanning time window, any subsequent low or medium scans never run.
        • If you start a new high priority scan when a low priority scan is in progress, the high priority scan runs after the current scan is complete. Any in-progress scan completes before the new scan starts.
    • Frequency — Select one of these options:
      • Continuous — The scan runs continuously.
      • Daily — The scan runs one time each day.
      • Weekly — The scan runs once per day on one or more selected days during the week. Scans occur at the same time on each selected day.
      • Monthly — The scan runs one time each month.
    • Scan Time — Select the time that you want the scan to start. The time is set using a 24-hour clock.
    • On — Select the days of the week or month when you want the scan to run.
      Note:

      This option is not available if the Frequency is Daily.

    • Scan Window (hours) — Enter the scan window. The default value is 8.
      Note:
      • Scans can only be started in a scan window.
      • If a scanner finishes scanning all of its targets before the end of the window and all other scan schedules have completed, it will continue to scan those targets until the window ends.
      • If a scan does not complete by the end of the window, it will continue until it completes.
  6. In the Scanners section, select the scanner that will run the scan.
  7. Optional: In the Schedule section, if you want to limit host identification scans to occur within the Scan Window (hours), select the Limit Host Identification Scan checkbox.
    Note:
    • The Limit Host Identification Scan checkbox is disabled if you are not running a supported scanner version, if the host ID scan is disabled, or if Frequency is set to Continuous.
    • Host identification scans identify the devices on your network and provide valuable information about the services and operating systems that those devices are running. When you select the Limit Host Identification Scan checkbox, fewer assets could be discovered in your environment. We recommend leaving this checkbox deselected for the most complete coverage.

    When the Limit Host Identification Scan checkbox is clear, host identification scans are automated. Any scheduled network could be scanned at any time of day, including outside of the scan schedule. This is the recommended setting, but it could cause unexpected network degradation.

  8. In the Targets section, do one of these actions:
    Note:
    • Hosts that match a scheduled target are only run at the scheduled time.
    • Arctic Wolf® recommends scanning subnet ranges /16, /20, or /24 and smaller. In your configuration, you can provide a mix of individual IP addresses or IP address ranges, but the total number of IP addresses must not exceed 65,537. Scanning large subnet ranges can cause timeout issues and cause the scanner to go into a degraded state.
  9. Click Create Scan Schedule.

Target formats

Acceptable target formats are:

  • A single IP address. For example,
    CODE 
    192.168.0.2
  • A contiguous IP address range. For example,
    CODE 
    192.168.0.3-192.168.0.6
    CODE 
    192.168.0.2-192.168.11.254
  • A non-contiguous IP address range. For example,
    Note: This format is not acceptable for scan exclusion configuration. For more information, see Configure scan exclusions.
    CODE 
    192.168.0-6.1
  • A CIDR notation for a single IP. For example,
    CODE 
    192.168.0.2/32
  • A CIDR notation range. For example,
    CODE 
    192.168.0.4/30

Import file format

The scan schedule target import file:

  • Is a CSV file.
  • Can include a single IP address, IP address range, or CIDR notation per row. For more information about target formats, see Target formats.
  • Does not include a header row.
  • The import file uses this format:
    PRE CODEBLOCK LANGUAGE-_SHELL 
    192.168.0.2
192.168.0.3-6
192.168.0.3-192.168.0.6

192.168.1.4/30
Click Create Scan Schedule.

Create an Agent scan schedule

You can create an Agent scan schedule to organize a group of scan targets for scanning within a specific scan window. Target scanning starts based on the scan schedule window, scanner capacity, and target availability.

Do one of these actions for successful scans:
  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Data Collection > Scan Schedules.
  3. Click Create New Scan Schedule.
  4. In the Info section, configure these settings:
    • Source — Select Agent.
    • Name — Enter a name for the schedule.
    • Description — Optional. Enter a description for the schedule.
  5. In the Scan Type section, select one or both scan types:
    • Vulnerability — Performs a complete vulnerability scan on the scan targets.
    • Benchmark — Performs a scan on the scan targets against best practices benchmarks.
  6. In the Schedule section, configure these settings:
    • Enabled — This checkbox is selected by default. Clear this checkbox if you do not want scan schedule to be enabled when it is created.
    • Frequency — Select one of these options:
      • Daily — The scan runs one time each day.
      • Weekly — The scan runs one time each week.
      • Monthly — The scan runs one time each month.
    • Scan Time — Select the time that you want the scan to start. The time is set using a 24-hour clock.
    • On — Select the days of the week or the day of the month that you want the scan to run on.
      Note:

      This option is not available if the Frequency is Daily.

    • Scan Window (hours) — Enter the scan window. The default value is 8.
      Note:
      • If you schedule a large scan in a short window, the scan might never complete.
      • If a scan cannot complete within a scheduled window, the scan resumes where the previous scan stopped the next time the scan is scheduled to run.
  7. Optional: If you want new Agents added to the schedule as they are deployed, in the Targets section, select Auto-Enroll newly deployed clients.
  8. Optional: Use filters to search for Agents in the Targets section:
    • Conditional Search — Select a modifier from the list and enter a keyword to search for Agent Name values that match the condition.
    • Status — Select one or more statuses from the list to show Agents with Status values that match any of the selections.
    • Asset Tags — Select one or more tags to show Agents with all selected tags applied.
    • Not Applied to Existing Schedule — Click the toggle to the on position to only show Agents that are not part of an existing scan schedule.
  9. Optional: Click Export to download a CSV list of Agents in the Targets section.
    The downloaded list reflects any filters applied.
  10. In the Targets section, select one or more Agents to include in the scan schedule.
  11. Click Create Scan Schedule.