Scanning cadences - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-13
Category
Administrator Guide

Cortex XSIAM scans the internet to discover new services at varying cadences depending on several factors such as port, protocol, cloud provider ranges, and customer-attributed assets. All responsive services are monitored regularly.

Below is a list of our targeted scanning cadences:

  • Discovery Scans

    • Global Base— twice per week discovery of approximately 250 of the most common ports on all IPv4 space.

    • Global Extended—low background rate discovery of all ports.

    • KAM (Known Assets Monitoring) Base—daily discovery of approximately 300 of the most common ports on customer-attributed assets.

    • KAM Extended—weekly discovery of approximately 2800 of the most common ports on customer-attributed assets. These do not overlap with KAM Base.

  • Monitoring Scans

    • Daily on all responsive services.

  • Attack Surface Testing Scans

    • Daily on configured services.