Cortex XSIAM scans the internet to discover new services at varying cadences depending on several factors such as port, protocol, cloud provider ranges, and customer-attributed assets. All responsive services are monitored regularly.
Below is a list of our targeted scanning cadences:
Discovery Scans
Global Base— twice per week discovery of approximately 250 of the most common ports on all IPv4 space.
Global Extended—low background rate discovery of all ports.
KAM (Known Assets Monitoring) Base—daily discovery of approximately 300 of the most common ports on customer-attributed assets.
KAM Extended—weekly discovery of approximately 2800 of the most common ports on customer-attributed assets. These do not overlap with KAM Base.
Monitoring Scans
Daily on all responsive services.
Attack Surface Testing Scans
Daily on configured services.