Skip to main content
Role AvailabilityRead-OnlyInvestigatorAnalystManager
In USM Anywhere you can run:
An verifies scanned IPs and detects vulnerabilities, , and software. The USM Anywhere initiates a credentialed (Linux), WinRM (Windows), or MacOS connection to the and remotely runs a series of commands for host-based assessment. See Managing Credentials in USM Anywhere. You can run authenticated asset scans from these pages:
Warning: An authenticated scan may fail if the local mail exchanger, which applies to Linux hosts, is enabled in the target asset.You cannot scan USM Anywhere sensors.
Use an asset scan to discover services, , , IP and , and vulnerabilities of known hosts in the deployed network. You can run non-authenticated asset scans from these pages:
Note: See USM Anywhere Scans Best Practices for more information.

Commands Used in Authenticated Scans

When you run an authenticated scan in USM Anywhere, there are multiple commands executing at the same time. These commands change constantly and there are new definitions released every day. You can also verify which commands have been executing at any given moment.
Linux-authenticated scans use privilege escalation over ssh. Commands are logged in the audit log:
  • /var/log/secure*
  • /var/log/auth*
Windows-authenticated scans perform file and registry checks to determine the version of the installed patch.

Running an Asset Scan from Vulnerabilities

  1. Go to Environment > Vulnerabilities.
  2. Click New Scan. The Authenticated Asset Scan dialog box opens.
  3. Select the assets you want to scan:
    • Single Asset. You need to enter the name of the target you want to scan or select it from a list of your targets.
    • Asset Group Name. You need to enter the name of the you want to scan or click Select from List for selecting it from a list of your asset groups.
    • Network ranged. You need to enter the network range you want to scan.
  4. Click Next. A new Authenticated Asset Scan dialog box opens.
  5. Click Assign Credentials for assigning credentials to the assets and devices you want to scan. Click Create New Credentials for creating a credential. See Managing Credentials in USM Anywhere for more information.
  6. Click Select Another Target if you want to come back.
  7. You can select the targets to scan if you have more than one.
  8. Click Start Scan. The scan starts. Depending on the selected asset, the scan can last several minutes. When the scan finishes, you can see the status and if the scan found vulnerabilities. If you want to view the results of your scan, you need to go to the asset details page. See Viewing Assets Details for more information.
  9. Click Continue Scanning And Close. While the scan is running, a Scanning button shows. When the scan finishes, the message Scan finished. Refresh to view scan results displays.
  10. Click Refresh Scan Results to update the list.
I