Do I need to get permission from my cloud/hosting provider to carry out vulnerability scanning?

If your servers are hosted by any of the main cloud service providers (AWS, Azure, Google Cloud, Digital Ocean etc), you typically do not need to notify them or get permission for Scan to run.

For smaller providers or dedicated/co-located hosting environments, you should check with your provider as you may need to notify them or get permission in writing.

What IP addresses do you Scan from?

How many targets can I scan?

There is no limit to the number of targets Scan supports. There are however 'tier limits'. Our free, Compliant, tier supports up to 2 targets. If you wish to include more assets than this, you can either add more targets to the Compliant tier or upgrade your subscription here.

Adding or removing targets

You can add or remove targets using the 'Manage Targets' button in the Control panel (top right of your Scan dashboard). A list of inactive targets will appear on the left, and active targets will show on the right. Click to add or remove.

What scanning engine does Scan use?

Scan uses an industry standard scanning engine.

How can I mark a false positive?

A false positive means that the finding has been detected inaccurately and is not actually a security issue. False positives will not show up in future scans or in your report.

To mark a false finding, open the finding and click the flag button next to the affected target on the right of the page.

Is Scan dangerous, will it cause any disruption?

The Scan engine is an industry standard vulnerability scanner. For this reason, it is extremely unlikely for Scan to cause any disruption, performance degradation, outages or any other issues. In exceptionally rare cases, Scan can cause disruption or performance degradation for very old or very poorly configured systems.

What time does Scan run?

Scan runs at different times depending on your subscription and the number of targets in your scan. Typically your first scan will run as soon as you click the play icon on your Scan dashboard. All subsequent scans will run at the same time that you schedule in your first.

Can I run Scan out of hours?

Yes of course, to run an out of hours Scan simply click play on your first scan at the time you want the scan to run. All subsequent scans will take place at this time on your schedule (i.e. the next day, week or quarter).

How long does Scan take?

The duration of a scan varies depending on the number of targets, the kinds of services, plus a bunch of other factors. Scan will attempt to bring back the first results within a couple of minutes, but the full scan can take a few hours or more.

Is Scan Really Free?

Yes, Scan's Compliant tier is free, which entitles you to free scanning of up to 2 targets on monthly basis (every 30 days).

How often does Scan run?

Scan runs at different frequencies depending on your subscription level.

Monthly on our Compliant (free) tier
Weekly on our Scale tier
Daily on our Real-Time tier.

More regular scans mean attackers have less time to exploit any vulnerabilities found in your systems.

What do I do with security vulnerabilities Scan identifies?

When Scan discovers a vulnerability, it will create a Finding on your dashboard. Clicking this Finding provides all the information you’ll need about the vulnerability, as well as detailed remediation instructions.

Is this a pen-test?

No, Scan is not a penetration test, although vulnerability scanning is a small subset of the activity that takes place during a pen-test.

The primary difference between Scan and a pentest is that Scan is fully automated, while pentests are manually completed by an experienced consultant.

Scan How-To

Scan How-To