> ## Documentation Index
> Fetch the complete documentation index at: https://docs.levelblue.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Scheduling Asset Group Scans from Asset Groups

|                       |               |                  |             |             |
| --------------------- | ------------- | ---------------- | ----------- | ----------- |
| **Role Availability** | **Read-Only** | **Investigator** | **Analyst** | **Manager** |

USM Anywhere provides a simple way to include scans for scheduling using its web user interface (UI). See [USM Anywhere Scheduler](../scheduler/scheduler) for more information.

## Scheduling Asset Group Scans

**To schedule an asset group scan job from the asset group details window**

1. Go to **Environment > Asset Groups**.

2. Click the <img src="https://mintcdn.com/levelblue-5324744e/T1hrc0hK0aza_DCc/images/central-any-app/buttons/chevron-down.svg?fit=max&auto=format&n=T1hrc0hK0aza_DCc&q=85&s=417e8bbfd7386ba83a4b629d5a935a80" style={{ height: "1em", verticalAlign: "middle", display: "inline-block", margin: "0 0.25em" }} width="20" height="20" data-path="images/central-any-app/buttons/chevron-down.svg" /> icon you want to include in an asset group scan and select **Full Details**.

3. Click **Actions > Schedule Scan Job**.

   The Schedule New Job dialog box opens.

   <Frame>
     <img src="https://mintlify.s3.us-west-1.amazonaws.com/levelblue-5324744e/images/usm-anywhere/user-guide/scheduler/schedulenewjob.webp" />
   </Frame>

4. Enter the name and description for the job.

   The description is optional, but it is a best practice to provide this information so that others can easily understand what it does.

5. In the Action Type field, select **Asset Scanner**.

   Depending on the USM Anywhere Sensor that you have installed, this field can include different options.

6. Select a USM Anywhere sensor in case you have more than one installed.

7. Select the **App Action**:

   <AccordionGroup>
     <Accordion title="Asset Discovery">
       Discovers assets in your environment, detects changes in assets, and discovers <Tooltip tip="Activity in a system that exceeds or misuses that access in a manner that negatively affects the confidentiality, integrity, or availability of the organization's information systems.">malicious</Tooltip> assets in the network.

       * **Select Existing Asset Group**: In the Enter asset group name field, search for the asset groups to scan. These asset groups are already existing, and you can search for them by entering the name of the asset group or by browsing for them.
       * **Create New Asset Group to Scan Using CIDR Block**: You can create a new asset group from a <Tooltip tip="Classless Inter-Domain Routing, which provides a method for allocating IP addresses, routing Internet protocol packets, and subdividing networks. CIDR notation provides a syntax for specifying a range of IP addresses.">Classless Inter-Domain Routing (CIDR)</Tooltip> block. You need to indicate the CIDR block and the network name you want to scan. This option discovers new assets and scans the discovered assets.

             <Warning>
               **Important:** Use the Create New Asset Group to Scan Using CIDR Block option for creating new CIDR-based asset groups without leaving the scheduler form. After clicking **Save**, a new asset group based on the selected CIDR is created.

               Your scan job will have the Select Existing Asset Group option selected and the CIDR-based asset group assigned automatically.
             </Warning>

             <Warning>
               **Important:** Make sure when you use a virtual private network (VPN) using a Cisco Firewall, that arp-proxy is enabled in the <Tooltip tip="Virtual or physical device designed to defend against unauthorized access to data, resources, or a private network. A firewall’s primary purpose is to create segregation between two or more network resources, blocking undesirable traffic between them.">firewall</Tooltip>. Otherwise, all the assets will be reported using the same media access control (MAC) address, and USM Anywhere will consider all of them to be different interfaces for the same asset.
             </Warning>
     </Accordion>

     <Accordion title="Asset Group Scan">
       Discovers services, <Tooltip tip="Software that manages computer hardware resources and provides common services for computer programs. Examples include Microsoft Windows, Macintosh OS X, UNIX, and Linux.">operating systems</Tooltip>, <Tooltip tip="A hostname is a label that is assigned to a device connected to a computer network and is used to identify the device on the network.">hostnames</Tooltip>, IP and <Tooltip tip="A unique numeric value assigned by the manufacturer to identify a specific network device or computer, which allows communication over networks. Note that a device’s MAC address can be manipulated.">MAC addresses</Tooltip>, and vulnerabilities of known <Tooltip tip="Reference to a computer on a network.">hosts</Tooltip>.

       The Asset Group field displays the name of the asset group to scan. You can't modify this field.
     </Accordion>
   </AccordionGroup>

8. In the App Action field, the Asset Group Scan is the default option.

9. Select the scan profile that you want to run:

   * **Discovery**: This profile scans the known ports and services searching for the most-used ports. (There are 457<Tooltip tip="This list is for information only. Scanned ports may be updated without notice: 1,7,9,13,19,21-23,25,37,42,49,53,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1494,1521,1530,1533,1581-1582,1604,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4322,4433,4444-4445,4659,4672,4679,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6050,6060,6070,6080,6101,6106,6112,6262,6379,6405,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8087,8090-8091,8095,8161,8180,8205,8222,8300,8303,8333,8400,8443-8444,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8999-9005,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10443,10616,10628,11000-11001,11099,11211,11234,11333,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32764,32913,33000,34205,34443,37718,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,50000-50004,50013,50050,50500-50504,52302,52869,55553,57772,62078,62514,65535">¹</Tooltip> ports.)
   * **Complete**: This profile scans all TCP and <Tooltip tip="Simple transmission protocol that does not require recipient notification and uses datagrams for its messaging. UDP is part of the transport layer in the TCP/IP protocol.">UDP</Tooltip> ports to find the possible ports in a <Tooltip tip="Entire process involved in installation, configuration, startup, and testing of hardware and software in a specific environment.">deployment</Tooltip>. (There are 65535 ports.)
   * **Vulnerability Discovery**: Performs general network discovery and checks for specific known vulnerabilities. It only reports results if they are found.
   * **Extended Vulnerability Discovery**: Performs a <Tooltip tip="A known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security.">Vulnerability</Tooltip> Discovery scan, which actively discovers more about the network.
   * **Intensive Vulnerability Discovery**: Performs several tasks to discover vulnerabilities, which uses a significant number of resources on the targeted machine. Because of this, sensitive targets may perceive a brief disruption on their services.

10. (Optional) Select the assets you want to exclude from the scan.

11. Select **Set Debug Mode** if you want to log the results of the scan or if you have a problem with a scan.

    This option is disabled by default.

    <Note>
      **Note:** The Set Debug Mode option must be used only for debugging purposes because it needs a large amount of disk space for the file or files that it generates. Only LevelBlue Technical Support should review these files. You can contact this department for more information.
    </Note>

12. In the Schedule section, specify when USM Anywhere runs the job:

    a. Select the increment as **Minute**, **Hour**, **Day**, **Week**, **Month**, or **Year**.

    <Danger>
      **Warning:** After a frequency change, monitor the system to check its performance. For example, you can check the system load and CPU. See [USM Anywhere System Monitor](../system-status/system-monitor) for more information.
    </Danger>

    b. Set the interval options for the increment.

    The selected increment determines the available options. For example, on a weekly increment, you can select the days of the week to run the job.

    <Frame>
      <img src="https://mintcdn.com/levelblue-5324744e/qGB1vLsu4TWqy-rq/images/usm-anywhere/deployment-guide/shared-procedures/schedule-weekly.webp?fit=max&auto=format&n=qGB1vLsu4TWqy-rq&q=85&s=b88ed259d3031acccecdb9a10940416f" width="1026" height="574" data-path="images/usm-anywhere/deployment-guide/shared-procedures/schedule-weekly.webp" />
    </Frame>

    Or on a monthly increment, you can specify a date or a day of the week that occurs within the month.

    <Frame>
      <img src="https://mintcdn.com/levelblue-5324744e/qGB1vLsu4TWqy-rq/images/usm-anywhere/deployment-guide/shared-procedures/schedule-monthly.webp?fit=max&auto=format&n=qGB1vLsu4TWqy-rq&q=85&s=cb18feb8df63f26a57c23af9018b4875" width="1036" height="504" data-path="images/usm-anywhere/deployment-guide/shared-procedures/schedule-monthly.webp" />
    </Frame>

    <Warning>
      **Important:** USM Anywhere restarts the schedule on the first day of the month if the option "Every x days" is selected.
    </Warning>

    c. Set the start time.

    This is the time that the job starts at the specified interval. It uses the time zone configured for your USM Anywhere instance (the default is Coordinated Universal Time \[UTC]).

13. Click **Save**.

    The job now displays in the job scheduler list.

    <Note>
      **Note:** See [USM Anywhere Scheduler](../scheduler/scheduler) for more information.
    </Note>