Managed Risk


Risk Dashboard

Updated Jan 25, 2024

Scanner Config page

The Risk Dashboard Scanner Config page allows you to make changes to your scanning configuration and scanning schedules. The page includes these sections:

By default, the scanner scans all devices on the same network subnet as the IP or mask that is provisioned. If needed, you can add more devices for scanning, if they are reachable through a gateway.

The scanner virtual machine (VM) is designed for rapid and continuous scanning to process all the network hosts as quickly as possible. It is normal for the scanner to consume all of the virtual CPU (vCPU) allocated to it. This could be undesirable in a highly overloaded ESXi environment, and allocating more resources may be difficult in the short term. In this situation, Arctic Wolf® recommends using the minimum system requirements as described in the Install an Arctic Wolf vScanner for your environment. If CPU consumption is an issue, try deploying a physical scanner as described in Install an Arctic Wolf Scanner. But, Arctic Wolf only recommends a physical scanner if your ESXi environment is unable to manage the vScanner resource requirements.

By design, company-identifying information is not sent out of your network. Each scanner is provisioned with a globally unique identifier (GUID). The customer-to-GUID mapping is stored within the Arctic Wolf secure network.

The scan frequency for a host depends on a number of factors, including:

Arctic Wolf recommends that you scan each host on the network once every 10-14 days at a minimum. You may require more scanners based on your network size and complexity.

Note: EVA scans run monthly. Arctic Wolf does not recommend scanning too frequently because this could conflict with firewall rules or generate too much noise.

The Risk Scanner operates in stages when determining which hosts to scan next. Scans begin five minutes after the previous scan completes. During this process, the Risk Scanner: