How to initiate a force manual scan of a single asset from asset? after fixing the vulnerabilities on the asset

pradeep_gandavarapu · March 16, 2021, 8:16pm

How to initiate a scan of a single asset? after fixing the vulnerabilities on the asset.
Like in Qualys changing a registry value in an asset will initiate a scan.

philipp_behmer · March 17, 2021, 11:00am

Hi @pradeep_gandavarapu !

There are multiple ways:

You can install the agent on the asset and it will do a check every 6h.
You can use Remediation Projects to scope and track what vulnerabilities you are currently working on and make use of the Validation Scan (New InsightVM Features: Optimizing the Remediation Process)
Or start a manual scan from the site overview page or the site details page and only enter the IP of the asset you want to scan (Running a manual scan | InsightVM Documentation)

fnasry · August 4, 2022, 10:57pm

Thanks for the answers. I was wondering if there is a way to scan an asset with the agent without waiting 6h.
Can not start manual scan for the site with agents installed on the assets.

Thank you,

john_hartman · August 6, 2022, 6:28pm

There is no way to manipulate the the assessment interval of the agent manually and/or individually. This is a global value for all agents. However, you can still manually scan the asset with a site scan in the way that @philipp_behmer had suggested in option 3.

Honestly though, option 3 is going to be your best bet if you’re looking for immediate results and verification that the vulnerability indeed is no longer present. So to do this you can’t just have the asset with an agent on it. It needs to exist within a separate site as well. So you will need a site with that asset defined within it. Once it’s defined within a site you can go to that assets page and click scan now. This will start a scan on ONLY that asset within whatever site it belongs in. If you do not have the “Scan Now” option then that means it only exists within the “Rapid7 Insight Agents” site.

Now another thing to consider is the scanning template you are using to scan with. If this asset has an Insight Agent on it and the vulnerability you are trying to verify would normally be checked by the agent you want to make sure you’re using a scan template that DOES NOT have the “Skip checks performed by the insight agent” selected. This option is found in the “Vulnerability Checks” tab within the scan template.

esunday · August 1, 2023, 9:07pm

Has the solution to run a validation scan been removed in InsightVM?

john_hartman · August 2, 2023, 12:59pm

If you’re talking about from the Remediation projects, the solution has not been removed however it is only applicable if your scan engines are paired to the platform.

ttstozmun · August 4, 2023, 2:01pm

One thing to remember when doing manual scans is the template you use may include the setting to use results from the latest agent scan. If you’re doing a follow-up scan on an asset after exercising some remediation steps, have a separate template ready that doesn’t have that setting checked.

ntorres1 · August 22, 2023, 2:04pm

Seems like an idea needs to be submitted to come up with a command to force the agent to do a manual scan on demand.