Has anybody run into a case where the SCAN ASSET NOW button is missing from an asset page? Do you know why?
Seeing same issue on a few assets and unable to root cause issue.
Hi John & Christina,
Do the assets in question happen to have an Insight Agent installed on them?
Yes, as a matter of fact the asset where I discovered this “issue” does have an Insight Agent installed.
If the asset has only ever been assessed by the Insight Agent then it will not have the “Scan Asset Now” button available from the GUI. If however, you add that asset to the scope of a site and scan it with a scan engine then it will thereafter present the option to “Scan Asset Now” within the asset page on the GUI. I hope this helps!
Does this mean you can still scan it adhoc with the old site still, with the scan button present?
"If however, you add that asset to the scope of a site and scan it with a scan engine then it will thereafter present the option to “Scan Asset Now” within the asset page on the GUI"
Also, lets just say you never had it scanned before and it ends up in your Agent Site: can you put that agent asset in another site to give permissions to the admin that owns it to be able to see the asset page? Or will they need permission to the Agent site? We want to convert as many servers to the agent but want to make sure they are not going to need access to my agent site to view their servers and i can add them to their own site?
I hope you’re having an amazing week so far
Question 1: Does this mean you can still scan it adhoc with the old site still, with the scan button present?
If an asset has an agent on it but it has been scanned before by a scan engine then yes, you can still scan that asset with an engine via the “Scan Asset Now” button for an ad hoc scan. This can be useful in the following example scenarios: running any unauthenticated scan for remote checks that your agent can’t assess for or if you don’t want to wait for your next agent assessment.
Statement: lets just say you never had it scanned before and it ends up in your Agent Site
For Vanessa and anyone else reading, I wanted to clarify that by default, all agent assets will always appear in the Rapid7 Insight Agent site by default
Question 2: can you put that agent asset in another site to give permissions to the admin that owns it to be able to see the asset page?
You can add the IP (or IP range) or the asset or assets for the agent(s) in question in order to add them to the sites you’re referencing. Again, by default regardless of the extra steps you take they will always appear in the Rapid7 Insight Agent site by default. If you have the scope of those IPs in other sites and are scanning those assets in other sites then they will naturally appear there as well.
Most customers choose to assess an asset with an agent for the local checks and then perform unauthenticated scan engine scans for the remote (blackbox) view. If customers know the credentials for these assets, they may choose to enable the feature complementary scanning which allows the scan engine to confirm that the agent has successfully run it’s latest assessment (and sent it to the platform), which will allow the scan engine to skip any checks the agent has run and only run any checks the agent cannot run, allowing your scan engine scans to complete faster and gives you a full 360 view of all vulnerabilities on that asset.
In short, if you install an agent on an asset it will automatically appear within the Site “Rapid7 Insight Agent”. If you add that asset’s IP to another site and scan that same asset with a scan engine within that site, that same asset will also appear in that site. However, it is not worthwhile to perform authenticated scans with both the agent and the scan engine as this is a waste of time. Instead, it is recommended to allow the agent which is performing authenticated assessments by default and to enable the complementary scanning feature within your scan template while performing scans if feasible. If credentials aren’t easily accessible in your environment, then perform unauthenticated scans against the assets with agents with scan engines should you need to, to get a full 360 view of your assets.
In case it is helpful to you, I am including a link I have found helpful through the years which describes the differences between the scan engines scans and the agents assessments
Please let me know if you have any other questions.
Gina thanks so much. This information clarifies a lot. I will present this to my colleagues. I have to agent servers on board right now. I put IP in the test site that i have by ip in the site. just to clarify, In order for it to appear i can just wait for the agent to poll again which is like 6hrs and then it should appear in the site or do i need to force a scan with that complementary scanning option as you mentioned?
You have to actually scan the asset within the site for it to appear there, how you choose to scan the asset is up to you! You can fully scan the asset with the same template the agent uses by default (Full Audit without Web Spider) and enable complementary scanning if you know the credentials for that asset or you can just use that template with no credentials added, or you can run a scan with a trimmed down template of your choosing. You have many options depending on your business needs.