Cortex Xpanse scans the internet at varying cadences based on the protocol. At the slowest, Cortex Xpanse scans twice a week across IPv4. At the fastest, Cortex Xpanse scans multiple times per day (RDP, for example). In addition to the twice a week global minimum, Xpanse scans known customer assets and cloud ranges daily.
Cortex Xpanse uses multiple techniques to scan the internet and provide an attacker’s view of your attack surface. Xpanse offers two types of scans:
Global—The global scan is performed twice a week by default and provides the internet-scale data we use for all customer networks.
KAM (Known Assets Monitoring)—KAM monitors known assets at a higher scanning cadence and with faster data delivery for customers who opt in. Refer to Known Assets Monitoring (KAM) for details.
All Cortex Xpanse scans are CFAA-compliant, meaning there is no fuzzing of network services, authentication testing, DDoS testing, packet manipulation, or penetration testing.