Working with the Scope ¶
You can see information on the company's public resources on the Scanner
tab of the Wallarm interface.
The Wallarm scanner discovers the scope.
Scanner Settings Overview¶
In the Scanner block, the following data is shown:
current scanner settings
time of the last scan
To learn more about configuring the scanner, see the “Scanner settings” page.
In the Scope block of the Scanner tab, the elements are shown in three columns: Domains, IPs, and Services. The total number of elements of a certain type is shown near the column name in a small grey font.
If Wallarm can determine which data center the given IP address belongs to, then the corresponding tag will be displayed to the right of the element or group of elements: the AWS tag for Amazon, the GCP tag for Google, the Azure tag for Microsoft data centers, and DC for other data centers.
By default, the scope scanning starts with the domain of the email address that was specified upon Wallarm account creation.
The elements' names displayed in bold font correspond with the group of observed resources. The number of resources the certain group contains is shown in small grey font near its name. Click the group name to expand the list of the resources it contains.
Use the search field to find elements by their names. You can also search for substrings. For example, the query
domain.com displays all domains that have “domain.com” as a substring: “a.domain.com”, “b.domain.com” and their associations.
Click one of the buttons on the bar to filter elements by their status:
All assets: display all of the resources within the scope.
New: display the newly discovered resources that have not been viewed by any user of your company account yet.
Disabled: display the resources for which scanning is disabled.
Check the Resource Associations¶
Click one of the scope elements. The Wallarm interface will display the selected element's associations.
The resources' domain, IP address, and port are interdependent.
A domain always has a higher priority than an IP address, and an IP address always has priority over a port.
When you disable the scanning of or delete a resource with a lower priority, the resource with a higher priority remains active.
For example, when you disable the scanning of a domain, the system will also disable the scanning of the IP address and ports that depend on that domain.
When you delete an IP address, the system will also delete the associated ports, but keep the domain active, because a domain may have more than one IP address.
You can disable the resources' connections to manage each resource independently.
Disable and Enable the Resource Connection¶
You can disable the resources' interconnection to manage each resource's scanning settings independently.
To disable the resources' interconnection:
Select one resource from the resource pair you need to disconnect from each other;
Click the switch next to the resource paired with the current one.
Determining the current resource
The name of the current resource is shown in bold. The web-interface also displays its discovery date.
To enable resource interconnection, follow the same steps as when you were disabling the interconnection.
Disable Resource Scanning¶
You can disable scanning for any of the resources within the scope. In so
doing, the resource you selected will remain in the system as detectable, but
will not be scanned for vulnerabilities.
Click one of the scope elements.
Click the switch next to the selected element.
Delete a Resource from the Scope¶
You can delete any resource from the scope. The purpose of this operation
is to delete an accidentally added resource.
Select the desired resources by clicking the checkboxes next to their names.
Click Delete element(s).
Recovering the deleted resources
The deleted resources will not be discovered in future scannings. If you have deleted the resource by mistake, contact the Wallarm support team.
Add a Domain or an IP Address¶
You can manually add a domain or an IP address.
Click Add domain or IP. In the window that appears, enter the new domain or IP and click Add.
After the new domain or IP address is added, the scanner will launch the scanning procedure to search for elements connected with the resource and will add them to the scope.
Reserved domains and subdomains can only be added to the scope by a certain client. Wallarm reserves domain for a client on request. You cannot add a domain that is reserved by another client to your scope.
To see detailed information about reserved domains, proceed to this link.
Limit Scanning Speed¶
You can limit the speed of domain or IP address scanning. The total speed of sending requests by the scanner will not exceed the specified value.
Select one of the scope elements of the following types: Domain, IP.
Click the Set RPS limits button or the current limit value.
Fill in the Domain RPS field for the domain or the IP RPS field for the IP address.
- You can also limit the RPS for each of the domain's dependent IP addresses. To set this limit, enter the desired value in the RPS per IP field.
To return to the default settings, use an empty value or enter
Notifications about changes in the exposed asset list¶
Wallarm can send you notifications about changes in the exposed asset list: newly discovered exposed assets, disabled and deleted ones.
To get the notifications, configure appropriate native integrations with the messengers or SOAR systems (e.g. PagerDuty, Opsgenie, Slack, Telegram).