HI All,
What is the difference between Agent based scan vs Manual scan?
Is there any difference in finding the vulnerabilities?
It would be appreciated, If any example will be provided.
I’ve always heard that the Agent reports in when a change is made (within a set timeframe) when scans are scheduled to run.
Agents are good for remote locations or isolated networks.
They also don’t need remote credentials to be stored in the console.
After the initial inventory, the payload is much smaller.
Scanning is still needed for certain checks like default credential checks and other checks that need to be done remotely.
Here is some documentation: Insight Agents with InsightVM | InsightVM Documentation
Hey Naveen,
Here’s a useful document to show the differences between the two:
https://docs.rapid7.com/insightvm/scan-engine-and-insight-agent-comparison/
Also note that policy scanning is not (yet) covered by the agent. Release of this feature will follow in the coming months.
-you cant do adhoc scanning with the agent (but you can with the assistant) you have to wait the 6 hours or so for the agent to update the info
-obviously you can only use the agent and assistant on Win and some linux distros (Mac and android too i believe)
-policy scanning isnt a thing w/ agent…yet. Does work with assistant and manual (stick with CIS if you go that way…trust me)
-IS really good for client computing and dynamic assets (think dhcp and Azure/AWS resources)
-a few scans defs only work from “outside of the device” meaning you still have to scan them…there is a checkbox in the scanning template to skip everything but…if you go that direction (only really matters for servers)
Most of us use some kind of mix and match (manual/creds v agent v assistant) to accomplish the goals. YMMV…so knowing what you have and what you are trying to get out of it is kinda step one 