Opportunistic system scanning
First Claim
1. At least one machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- identify that a particular computing device has re-entered a network of a computing environment based on detection of the computing device on the network by an asset detection tool, wherein the particular computing device comprises a computing device previously detected on the network;
determine that the particular computing device is included in a listing of a particular plurality of computing devices previously detected on the network for which vulnerability scans are to be opportunistically performed when each of the plurality of computing devices are re-detected on the network;
determine an opportunity to perform at least two of a plurality of scans on the detected particular computing device based on the detection of the particular computing device, wherein the at least two scans comprises a first scan to detect whether the particular computing device possesses at least a first vulnerability and a second scan to detect whether the particular computing device possesses a different, second vulnerability;
identify a first scan engine, in a plurality of scan engines, associated with the asset detection tool and adapted to perform at least the first scan;
identify a second scan engine, in the plurality of scan engines, associated with the asset detection tool and adapted to perform the second scan; and
cause the first scan engine to perform the first scan on the detected particular computing device and the second scan engine to perform the second scan on the detected particular computing device while the detected particular computing device remains on the network, wherein causing the first scan to be performed comprises sending a scan request to the identified first scan engine, and the scan request includes a scan script executable by the first scan engine to cause the first scan engine to perform the first scan.
10 Assignments
0 Petitions
Accused Products
Abstract
Opportunistic scans can be performed by identifying, using at least one processing device, a detection of a particular computing device on a network of a computing environment. At least one scan to be performed on the detected particular computing device can be is identified and a particular scan engine, in a plurality of scan engines, is identified that is adapted to perform the at least one scan. The at least one scan is caused to be performed on the detected particular computing device while the detected particular computing device is on the network using the particular scan engine.
-
Citations
19 Claims
-
1. At least one machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
identify that a particular computing device has re-entered a network of a computing environment based on detection of the computing device on the network by an asset detection tool, wherein the particular computing device comprises a computing device previously detected on the network; determine that the particular computing device is included in a listing of a particular plurality of computing devices previously detected on the network for which vulnerability scans are to be opportunistically performed when each of the plurality of computing devices are re-detected on the network; determine an opportunity to perform at least two of a plurality of scans on the detected particular computing device based on the detection of the particular computing device, wherein the at least two scans comprises a first scan to detect whether the particular computing device possesses at least a first vulnerability and a second scan to detect whether the particular computing device possesses a different, second vulnerability; identify a first scan engine, in a plurality of scan engines, associated with the asset detection tool and adapted to perform at least the first scan; identify a second scan engine, in the plurality of scan engines, associated with the asset detection tool and adapted to perform the second scan; and cause the first scan engine to perform the first scan on the detected particular computing device and the second scan engine to perform the second scan on the detected particular computing device while the detected particular computing device remains on the network, wherein causing the first scan to be performed comprises sending a scan request to the identified first scan engine, and the scan request includes a scan script executable by the first scan engine to cause the first scan engine to perform the first scan. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method comprising:
-
identifying, using at least one processing device, that a particular computing device has re-entered a network of a computing environment based on detection of the computing device on the network by an asset detection tool, wherein the particular computing device comprises a computing device previously detected on the network; determining that the particular computing device is included in a listing of a particular plurality of computing devices previously detected on the network for which vulnerability scans are to be opportunistically performed when each of the plurality of computing devices are re-detected on the network; determining an opportunity to perform at least two of a plurality of scans on the detected particular computing device based on the detection of the particular computing device, wherein the at least two scans comprises a first scan to detect whether the particular computing device possesses at least a first vulnerability and a second scan to detect whether the particular computing device possesses a different, second vulnerability; identifying a first scan engine, in a plurality of scan engines, associated with the asset detection tool and adapted to perform at least the first scan; identify a second scan engine, in the plurality of scan engines, associated with the asset detection tool and adapted to perform the second scan; and causing the first scan engine to perform the first scan on the detected particular computing device and the second scan engine to perform the second scan on the detected particular computing device while the detected particular computing device remains on the network, wherein causing the first scan to be performed comprises sending a scan request to the identified first scan engine, and the scan request includes a scan script executable by the first scan engine to cause the first scan engine to perform the first scan.
-
-
17. A system comprising:
-
at least one processor device; at least one memory element; and an asset manager, comprising code operable, when executed by the at least one processor device, to; identify that a particular computing device has re-entered a network of a computing environment based on detection of the computing device on the network by an asset detection tool, wherein the particular computing device comprises a computing device previously detected on the network; determine that the particular computing device is included in a listing of a particular plurality of computing devices previously detected on the network for which vulnerability scans are to be opportunistically performed when each of the plurality of computing devices are re-detected on the network; determine an opportunity to perform at least two of a plurality of scans on the detected particular computing device based on the detection of the particular computing device, wherein the at least two scans comprises a first scan to detect whether the particular computing device possesses at least a first vulnerability and a second scan to detect whether the particular computing device possesses a different, second vulnerability; identify a first scan engine, in a plurality of scan engines, associated with the asset detection tool and adapted to perform at least the first scan; identify a second scan engine, in the plurality of scan engines, associated with the asset detection tool and adapted to perform the second scan; and cause the first scan engine to perform the first scan on the detected computing device and the second scan engine to perform the second scan on the detected particular computing device while the detected computing device remains on the network, wherein causing the first scan to be performed includes sending a scan request to the identified first scan engine, and the scan request includes a scan script that, when executed by the first scan engine, causes the first scan engine to perform the first scan. - View Dependent Claims (18, 19)
-
Specification