Managed Risk


Risk Dashboard

Updated Jan 26, 2024

Verify scanner health

Each month or quarter, do these actions to review IVA Scanner and Arctic Wolf® Agent scanning health:

Check IVA Scanner connectivity

Arctic Wolf alerts you if IVA Scanners go offline, but you should also verify that online IVA Scanners are working as expected and that assets are scanned on time.

For each scanner you want to verify, complete these steps:

  1. Sign in to the Risk Dashboard.

  2. In the navigation menu, click Config > Scanner Config.

  3. In the Scanner Configuration section, for Scanner ID, click Details.

    The Scanner Select dialog appears.

  4. In the Search bar, click a scanner ID.

  5. In the Scanner Configuration section, verify that the Connection Status is Connected, and that the Scanning Status is Scanning. If the:

    • Connection Status is Disconnected — Make sure the network scanner is online and that the network communication is not blocked. For example, by a firewall.

      Tip: Sign in to the Arctic Wolf Unified Portal, and then click > Allowlist Requirements, to view a list of IP address and ports that Arctic Wolf requires on your allowlist. Contact your Concierge Security® Team (CST) at security@arcticwolf.com if you need support.

    • Scanning Status is Degraded — Restart the network scanning appliance. If it comes back online and the status is still Degraded, contact your CST at security@arcticwolf.com.

Check the IVA Scanner rate

Make sure assets are scanned with an appropriate interval. In general, a scanner scans approximately 150–250 assets in an 8-hour period. This number changes based on the type of system and environment. For example, if several large subnets of assets are only given a weekly scan for an 8-hour scan window, it can take more than a month to complete a full cycle of scanning. If you have concerns about your environment not being scanned in a timely manner, contact your CST at security@arcticwolf.com to review your scan scheduling.

To optimize scanning without increasing the scan window time, you can deploy additional physical scanners. This would allow you to scan multiple subnets in parallel. Adding resources to virtual scanners would not result in any meaningful increase in scan throughput because they would consume additional resources.

See Managed Risk Scanner FAQ for more information.

Check Agent scanning health

Agent scans are set and managed by your CST, but you can view the results of Agent scans and identify assets that were scanned or missed.

  1. Sign in to the Risk Dashboard.

  2. In the navigation menu, click Agent.

  3. In the Agent Scan Details section, enter a date that is prior to the scan date you want to verify, and then click Apply.

  4. Click Get Data.

  5. Review the Status of each scan to identify if the scan was successful.

    See View Agent Scan Details for more information. If an asset with the Agent is not being scanned correctly or if assets are missing from the scan schedule, contact your CST at security@arcticwolf.com.

    Tip: Copy the information from the Agent Scan Details section, and then paste it into a Microsoft Excel spreadsheet. The table structure is maintained for easier analysis.

  6. (Optional) In the Scans Detail column, click Details, to view more information about a scan.