Distributed execution of a network vulnerability scan
First Claim
Patent Images
1. A system, comprising:
- an electronic data store configured to store a plurality of results received during a network scan;
and a network scanning system in communication with the electronic data store and comprising one or more hardware computing devices configured to execute specific computer-executable instructions that upon execution cause the network scanning system to;
receive information identifying a plurality of functions each implementing a corresponding test of a plurality of tests, the plurality of functions including;
a first function corresponding to a first test of the plurality of tests;
a second function corresponding to a second test of the plurality of tests, the second test identifying a first condition and a first result, of the first test, that satisfies the first condition;
a third function corresponding to a third test of the plurality of tests; and
a plurality of dependent functions that require execution of the third function in order to be ready for execution, wherein to be ready for execution, the third function requires a second condition to be satisfied, the second condition being dependent upon the first result;
select, from the plurality of functions, a first group of functions that are ready to execute, the first group of functions including the first function;
cause a network accessible services system to execute the first group of functions in parallel to perform a first portion of the network scan on a first target, the first result being produced by executing the first function and being stored in the electronic data store;
obtain the first result;
determine that the first result satisfies the first condition;
determine, based on the first result satisfying the first condition, that the second function is ready to execute;
select, from the plurality of functions subsequent to execution of the first group of functions, a second group of functions that are ready to execute, the second group of functions including the second function;
cause the network accessible services system to execute the second group of functions in parallel;
determine that the first result does not satisfy the second condition; and
determine that the third function and the plurality of dependent functions are not required to be executed to complete the network scan for the first target.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems for performing a network scan of one or more targets are provided. The systems select, from functions related to performing a network scan of a target, a first group of functions that are ready to execute at a first time. The first group of functions may be executed by a distributed computing system in parallel to generate first and second results. A third function may then be identified as ready to execute based on the first result, and a fourth function may be excluded from the network scan based on the second result.
20 Citations
20 Claims
-
1. A system, comprising:
-
an electronic data store configured to store a plurality of results received during a network scan; and a network scanning system in communication with the electronic data store and comprising one or more hardware computing devices configured to execute specific computer-executable instructions that upon execution cause the network scanning system to; receive information identifying a plurality of functions each implementing a corresponding test of a plurality of tests, the plurality of functions including; a first function corresponding to a first test of the plurality of tests; a second function corresponding to a second test of the plurality of tests, the second test identifying a first condition and a first result, of the first test, that satisfies the first condition; a third function corresponding to a third test of the plurality of tests; and a plurality of dependent functions that require execution of the third function in order to be ready for execution, wherein to be ready for execution, the third function requires a second condition to be satisfied, the second condition being dependent upon the first result; select, from the plurality of functions, a first group of functions that are ready to execute, the first group of functions including the first function; cause a network accessible services system to execute the first group of functions in parallel to perform a first portion of the network scan on a first target, the first result being produced by executing the first function and being stored in the electronic data store; obtain the first result;
determine that the first result satisfies the first condition;determine, based on the first result satisfying the first condition, that the second function is ready to execute; select, from the plurality of functions subsequent to execution of the first group of functions, a second group of functions that are ready to execute, the second group of functions including the second function; cause the network accessible services system to execute the second group of functions in parallel; determine that the first result does not satisfy the second condition; and determine that the third function and the plurality of dependent functions are not required to be executed to complete the network scan for the first target. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system, comprising one or more hardware computing devices configured to execute specific computer-executable instructions that upon execution cause the one or more hardware computing devices to:
-
select, from a plurality of functions implementing a network scan of a target, a first group of functions that are ready to execute, the first group of functions including a first function and a second function; cause a distributed computing system to execute the first group of functions in parallel, wherein execution of the first function generates a first result, and execution of the second function generates a second result; determine, based on the first result, that a third function of the plurality of functions is ready to execute; cause the distributed computing system to execute the third function; determine that a fourth function of the plurality of functions cannot be executed as part of the network scan based on the second result; and in response to determining that the fourth function cannot be executed as part of the network scan, inhibit the fourth function from being executed in connection with performing the network scan. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A method, comprising:
-
selecting, from a plurality of functions related to performing a network scan of a target, a first group of functions that are ready to execute at a first time, including a first function and a second function; causing a distributed computing system to execute the first group of functions in parallel, wherein execution of the first function causes information to be sent to the target and generates a first result, and execution of the second function generates a second result; determining that a third function of the plurality of functions is ready to execute based on the first result, wherein the third function was not ready to execute at the first time; determining that the target is unavailable at a time when the third function is ready to execute; in response to determining that the target is unavailable, waiting to cause the third function to be executed until the target becomes available; causing, subsequent to the target becoming available, the third function to be executed by the distributed computing system; determining that a fourth function of the plurality of functions cannot be executed as part of the network scan based on the second result; in response to determining that the fourth function cannot be executed as part of the network scan, inhibiting the fourth function from being executed in connection with performing the network scan. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification