You can customize performance settings in an option profile. Go to the Scan section in your profile to configure scan performance.
Important: Performance settings should only be customized under special circumstances by users with an in-depth knowledge of the target network and available bandwidth resources.
Did you know? Our Inference-based scanning engine uses adaptive technology. If the network response degrades during scanning, we automatically throttle back the rate in which packets are sent.
Overall performance levelsOverall performance levels
High - Optimized for speed and shorter scan times. Recommended only when scanning a single IP or a small number of IPs. Faster to complete but may overload your network or networking devices. Scanning a host with limited resources may result in an unresponsive host or service.
Normal - Recommended as best practice in most cases. Well balanced between intensity and speed.
Low - Optimized for low bandwidth network connections and highly utilized networks. Recommended if responsiveness for individual hosts and services is low. Scans may take longer to complete.
Enable parallel scaling for Scanner AppliancesEnable parallel scaling for Scanner Appliances
Parallel Scaling is used to optimize the use of hardware in large scanner appliances, both virtual and physical. For virtual scanners, the minimum recommended specifications are at least 4 vCPUs and 8 GB of RAM. For physical appliances, the minimum specifications should be 8CPU with 16 GB of RAM. These appliances can scan at significantly higher speeds; however, to comply with the settings in the option profile, they will not operate at these faster speeds unless Parallel Scaling is enabled.
When enabled, the system confirms whether the scanner appliance executing the job is a performant appliance. If so, all performance settings are enhanced threefold for optimal efficiency.
For instance, if the Overall Performance setting is set to Normal and Parallel Scaling is enabled, the scanner appliance utilizes the following settings:
The Parallel Scaling setting does not determine the actual number of scans conducted simultaneously. If the option profile is set to scan 20 hosts in parallel, each scanner scans 20 hosts at the same time. However, when parallel scaling is enabled, and a performant scanner is used, it can scan up to 60 hosts concurrently.
When scanning through a firewall, it’s likely that the scanning process may impact the firewall’s performance, particularly if you have Parallel Scaling enabled and are using a performant scanner. The initial discovery and port scan are very quick, which can cause the host table on the firewall to fill up rapidly, depending on the existing load on that device (assuming you are scanning through an internal firewall that is maintaining the state of connections). You can adjust the scan phase settings in the option profile under Port Scanning and Discovery to reduce the performance impact.
However, users are cautioned that a potential side-effect of enabling the parallel scaling feature is that most or all of the available scanning capacity on your appliances may be dynamically utilized by that single scan job, in which case the appliance(s) do not pick up a second scan job until the first has fully completed.
Note: Enable parallel scaling for Scanner Appliances option is enabled by default when you create a new option profile.
Hosts to scan in parallelHosts to scan in parallel
Set the maximum number of hosts to scan at the same time per scan task. You can set different values for the external scanners and your scanner appliances. The Hosts to Scan in Parallel setting may have an impact on your network bandwidth and performance of routers, switches and firewalls. This setting does not affect responsiveness for individual hosts and services. If the impact on your network is too great, you may want to decrease the value.
Note that launching several concurrent scans on the same scanner appliance has a multiplying effect on bandwidth usage and may exceed available scanner resources. If you do not have scanner appliances, then disregard the Scanner Appliance setting.
Processes to run in parallel (per host)Processes to run in parallel (per host)
Set the maximum number of processes to run at the same time per host and the maximum number of HTTP processes to run at the same time. Note that the total number of processes includes the HTTP processes.
The HTTP Processes setting determines how aggressively the scanning engine scans your web servers. Lower the number of HTTP processes if your web servers cannot handle many HTTP requests sent to them in a short period of time. You may also want to lower this setting to scan devices with multiple web server ports or embedded devices with limited resources. The number of HTTP processes cannot be higher than the total number of processes.
This is the delay between groups of packets sent to each scanned host. A short delay means that packets are sent more frequently. A long delay means that packets are sent less frequently. The packet delay is set in seconds, ranging approximately from 0 to 4 seconds. Each performance level has been assigned a delay time appropriate for the performance level.
Port scanning and host discoveryPort scanning and host discovery
This setting determines the aggressiveness (parallelism) of port scanning and host discovery at the port level. Lowering the intensity level has the effect of serializing port scanning and host discovery. This is useful for certain network conditions like cascading firewalls and lower scan prioritization on the network.
Port scanning and host discovery are the phases of a scan which tend to place the highest burden on firewall state tables. If you are scanning through a firewall it's recommended you reduce the intensity level. Unauthenticated scans see more of a performance difference using this option.
External Scanners to useExternal Scanners to use
You can restrict the number of external scanners to be used for scans. This setting is visible only if you have multiple external scanners in your subscription. For example, if you have 10 external scanners in your subscription, you can configure this setting to any number between 1 to 10.
Advanced Tuning OptionsAdvanced Tuning Options
Scan Multiple Slices Per Scanner: This setting enables to allow the scanner to scan multiple slices in a single scan. To use this option, Enable Scan Job Management Service and Allow Scanner to Scan Multiple Slices in a Single Scan features must be enabled for your subscription.
Limit Per Host CGI Checks: This setting enables to set the limitation for CGI checks. When this checkbox is selected, the Max CGI Check text box gets enabled for you to enter the value. It accepts 0 or any positive integer up to 1,000,000. This value is passed as the maximum cgi check limit when the job is executed.
Lower CGI Limit: Setting a lower CGI limit allows the scanner to process fewer CGI scripts, resulting in faster scan times. This requires fewer system resources (CPU, memory, and network bandwidth) as there is less work for the scanner. However, this may result in less comprehensive results, decreasing the likelihood of detecting all potential issues in the web application. Some vulnerabilities in unscanned CGI scripts might be missed, potentially leaving security issues undetected.
Higher CGI Limit: Increasing the CGI limit causes the scanner to process more CGI scripts, significantly extending the scan duration. With more scripts to scan, there is a higher consumption of system resources, which can impact other processes if resources are limited. However, a more comprehensive scan can detect a broader range of vulnerabilities by examining more CGI scripts, although this comes at the expense of longer scan times and higher resource usage. This leads to a more thorough security assessment, but the reports take longer to generate and analyze.
In summary, adjusting the CGI limit involves balancing scan performance and the comprehensiveness of the security assessment. Lowering the limit enhances performance but may reduce scan depth while increasing the limit offers a more thorough assessment at the cost of longer scan times and higher resource consumption.
Configure Scan for Limited Connectivity: This setting allows the scanner to execute scans in limited connectivity. On selecting this checkbox, the advanced tuning options, Set Maximum Target Per Slice and Maximum Number of Targets get disabled.
Set Maximum Target Per Slice: This setting enables configuring the maximum slice count. When this checkbox is selected, the Maximum Number of Targets text box gets enabled for you to enter the value. It accepts values between 100 and 16,384. This value is used to calculate the number of slices when the job is executed.
Skip Pre-Scanning: This setting enables skipping pre-scanning while executing the scanning job. On selecting this option, it is likely that the taget set of scan might consists of only live hosts.