Arctic Wolf Appliances


Nmap Scans

Updated Feb 2, 2024

Nmap scans

Nmap is an open-source technology utilized by Arctic Wolf® Sensors and Managed Risk Scanners to identify hosts in your environment.

Sensors and scanners use Nmap scans in different ways:

Scan frequency

Sensors perform Nmap scans continuously.

Scanners start a new Nmap scan five minutes after the previous Nmap scan completes. Precise timing depends on how long it takes for the scan to complete. If Nmap scans take 60 seconds to complete, the Nmap scans would run every six minutes (5 + 1 minutes). If it is a complex network and the Nmap scan takes 15 minutes to run, the Nmap scans would run every 20 minutes (5 + 15 minutes).

Network impact

Nmap scans typically have a very low impact on your network.

However, some devices do not react well to Nmap scans. These can include printers, Voice over Internet Protocol (VoIP) phones, and network Internet-of-Things (IoT) devices. Occasionally, Nmap scans might cause issues, such as:

For information about excluding these devices from Nmap scanning, see Exclude devices from Nmap scanning.

Exclude devices from Nmap scanning

See also