Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management.

Visit http://www.aanval.com/ for more information.

Aanval:Network Host Scanning

From Aanval Wiki
Jump to: navigation, search
Network Host Scanning.png

Aanval SAS provides Network Host Scanning, which automatically scans the parent network for new and existing host activity, and feeds console events into Aanval's Live Monitor, alongside network events.

Powered by Nmap, Network Host Scanning finds newly connected network hosts and creates an interface based on the gathered IP, adding the new host to console's list of devices.

Getting Started

To enable Network Host Scanning, ensure Nmap is downloaded and configured to Aanval. See the following article for assistance: Nmap - Getting Started.

To enable Network Host Scanning

  1. Click Console Configuration (in the console's lower right-hand corner, the gear icon).
  2. Under the General settings, select Network Management.
  3. Click Create Network and enter the IP range.
  4. Check the Network Host Scanning box on the left of the screen.
  5. Click Update.

By default, scans will occur every 24 hours, or every 86400 seconds, as the console reads time; hence, if a user wishes to scan more frequently, input the time's length in the form of seconds.

Users may scan more frequently. Scans typically take ten to ninety seconds to complete, and they may take longer on larger networks. It is recommended that the smallest increment of time issued between scans is five minutes, or 300 seconds.

To modify scanning frequency and Nmap scanning options, navigate to Console Configuration > Console > Preferences > Network Scanning.

If scans successfully find new hosts connected to the network, users will see a new Aanval Console Event and within the event details all discovered IPs will be listed in the Payload. Users can also navigate to Console Configuration > General > Device Management to see the new hosts listed as Discovered Hosts. Each Discovered Host will be automatically scanned for IP and OS fingerprint results, and will be added as a new and known host on the network. Users may add additional information (services, IPs, interfaces).

As a known host (and with any device added within Device Management, whether manually or automatically), users can view details of all devices and their event activity, both as a source and destination, using Situational Awareness. Known hosts also enable Aanval's False Positive Protection/Event Validation Tool.

To modify scanning frequency

  1. Click Console Configuration (in the console's lower right-hand corner, the gear icon).
  2. Under the Console settings, select Preferences.
  3. Scroll to Network Scanning.
  4. Enter the desired length of time in seconds within the Automated Scanning Interval bar.

It is also within this screen that users can confirm or change the file path to Nmap.

See Also

External Links