You can customize performance settings in an option profile. Go to the Scan section in your profile to configure scan performance.
Important: Performance settings should only be customized under special circumstances by users with an in-depth knowledge of the target network and available bandwidth resources.
Did you know? Our Inference-based scanning engine uses adaptive technology. If the network response degrades during scanning, we automatically throttle back the rate in which packets are sent.
Overall performance levelsOverall performance levels
High - Optimized for speed and shorter scan times. Recommended only when scanning a single IP or a small number of IPs. Faster to complete but may overload your network or networking devices. Scanning a host with limited resources may result in an unresponsive host or service.
Normal - Recommended as best practice in most cases. Well balanced between intensity and speed.
Low - Optimized for low bandwidth network connections and highly utilized networks. Recommended if responsiveness for individual hosts and services is low. Scans may take longer to complete.
Enable parallel scaling for Scanner AppliancesEnable parallel scaling for Scanner Appliances
This setting can be useful in subscriptions which have physical and virtual scanner appliances with different performance characteristics (e.g., CPU, RAM). When enabled, we will dynamically scale up the "Hosts to Scan in Parallel" setting (at scan time) to a calculated value which is based upon the computing resources available on each appliance. Note that the "Hosts to Scan in Parallel" value determines how many hosts each appliance will target concurrently, not how many appliances will be used for the scan.
Different physical scanner appliance models have different scaling factors based on the hardware configuration, and virtual appliance scaling factors are dynamically calculated based upon the allocated virtual CPU, RAM, etc.
Users are cautioned that a potential side-effect of enabling the parallel scaling feature is that most or all of the available scanning capacity on your appliances may be dynamically utilized by that single scan job, in which case the appliance(s) will not pick up a second scan job until the first has fully completed.
Note: Enable parallel scaling for Scanner Appliances option is enabled by default when you create a new option profile.
Hosts to scan in parallelHosts to scan in parallel
Set the maximum number of hosts to scan at the same time per scan task. You can set different values for the external scanners and your scanner appliances. The Hosts to Scan in Parallel setting may have an impact on your network bandwidth and performance of routers, switches and firewalls. This setting does not affect responsiveness for individual hosts and services. If the impact on your network is too great, you may want to decrease the value.
Note that launching several concurrent scans on the same scanner appliance has a multiplying effect on bandwidth usage and may exceed available scanner resources. If you do not have scanner appliances, then disregard the Scanner Appliance setting.
Processes to run in parallel (per host)Processes to run in parallel (per host)
Set the maximum number of processes to run at the same time per host and the maximum number of HTTP processes to run at the same time. Note that the total number of processes includes the HTTP processes.
The HTTP Processes setting determines how aggressively the scanning engine scans your web servers. Lower the number of HTTP processes if your web servers cannot handle many HTTP requests sent to them in a short period of time. You may also want to lower this setting to scan devices with multiple web server ports or embedded devices with limited resources. The number of HTTP processes cannot be higher than the total number of processes.
This is the delay between groups of packets sent to each scanned host. A short delay means that packets are sent more frequently. A long delay means that packets are sent less frequently. The packet delay is set in seconds, ranging approximately from 0 to 4 seconds. Each performance level has been assigned a delay time appropriate for the performance level.
Port scanning and host discoveryPort scanning and host discovery
This setting determines the aggressiveness (parallelism) of port scanning and host discovery at the port level. Lowering the intensity level has the effect of serializing port scanning and host discovery. This is useful for certain network conditions like cascading firewalls and lower scan prioritization on the network.
Port scanning and host discovery are the phases of a scan which tend to place the highest burden on firewall state tables. If you are scanning through a firewall it's recommended you reduce the intensity level. Unauthenticated scans see more of a performance difference using this option.
External Scanners to useExternal Scanners to use
You can restrict the number of external scanners to be used for scans. This setting is visible only if you have multiple external scanners in your subscription. For example, if you have 10 external scanners in your subscription, you can configure this setting to any number between 1 to 10.
Advanced Tuning OptionsAdvanced Tuning Options
Scan Multiple Slices Per Scanner: This setting enables to allow the scanner to scan multiple slices in a single scan. To use this option, Enable Scan Job Management Service and Allow Scanner to Scan Multiple Slices in a Single Scan features must be enabled for your subscription.
Limit Per Host CGI Checks: This setting enables to set the limitation for CGI checks. When this checkbox is selected, the Max CGI Check text box gets enabled for you to enter the value. It accepts 0 or any positive integer up to 1,000,000. This value is passed as the maximum cgi check limit when the job is executed.
Lower CGI Limit: Setting a lower CGI limit allows the scanner to process fewer CGI scripts, resulting in faster scan times. This requires fewer system resources (CPU, memory, and network bandwidth) as there is less work for the scanner. However, this may result in less comprehensive results, decreasing the likelihood of detecting all potential issues in the web application. Some vulnerabilities in unscanned CGI scripts might be missed, potentially leaving security issues undetected.
Higher CGI Limit: Increasing the CGI limit causes the scanner to process more CGI scripts, significantly extending the scan duration. With more scripts to scan, there is a higher consumption of system resources, which can impact other processes if resources are limited. However, a more comprehensive scan can detect a broader range of vulnerabilities by examining more CGI scripts, although this comes at the expense of longer scan times and higher resource usage. This leads to a more thorough security assessment, but the reports take longer to generate and analyze.
In summary, adjusting the CGI limit involves balancing scan performance and the comprehensiveness of the security assessment. Lowering the limit enhances performance but may reduce scan depth while increasing the limit offers a more thorough assessment at the cost of longer scan times and higher resource consumption.
Configure Scan for Limited Connectivity: This setting allows the scanner to execute scans in limited connectivity. On selecting this checkbox, the advanced tuning options, Set Maximum Target Per Slice and Maximum Number of Targets get disabled.
Set Maximum Target Per Slice: This setting enables configuring the maximum slice count. When this checkbox is selected, the Maximum Number of Targets text box gets enabled for you to enter the value. It accepts values between 100 and 16,384. This value is used to calculate the number of slices when the job is executed.
Skip Pre-Scanning: This setting enables skipping pre-scanning while executing the scanning job. On selecting this option, it is likely that the taget set of scan might consists of only live hosts.