Cortex XSIAM performs targeted daily scans of known assets for customers who opt in.
Cortex XSIAM performs global scans twice a week on a limited set of ports by default. For customers who opt in, Cortex XSIAMperforms targeted scanning of known assets daily. Known Assets Monitoring (KAM) brings three significant benefits to the data delivered by Cortex XSIAM:
Additional ports and protocols
Port/protocol pairs not included in global scans, including port 25/SMTP, 500/UDP
SMB version enumeration
TLS/SSL scanning
Determination of supported cipher suites and protocol versions for TLS/SSL services
Frequent scanning and data delivery
Faster data delivery for reduced time to notification of new exposures
Opting in to Known Assets Monitoring
Note the following prerequisites for Known Assets Monitoring (KAM):
KAM uses more exhaustive payloads than global scans, so we recommend validating your network before opting in. KAM will be turned on once we have consent from the network owner that all identified ranges have been validated.
We recommend verifying that KAM source IP addresses are not blocked on your automated intrusion prevention system (IPS), intrusion detection system (IDS), or firewalls and that anti-scanning and DDoS rules do not apply to these specific IP ranges.
Cortex XSIAM scans your external attack surface only, so we do not need any access inside your network.
The amount of traffic you receive from our scanners depends on the KAM configuration (basic or extended) and the total amount of IP space owned by your organization.
Contact your Customer Success Team to learn more and opt in to KAM.