IP Range Seeds
The option to use IP ranges is not included in all plans. If you would like to discuss the use of IP ranges, please contact us at [email protected].
If you use IP ranges as seeds, then this guide helps you understand the allowed sizes of IP range seeds, and what to expect from Hexiosec ASM results.
License plans with IP range seeds enabled will have a combined IP ranges size limit (per scan), this is separate to the scan seed limit. These limits only apply to the seeds used to create the scan, they do not apply to the number of IPs or domains found when the scan is run.
The size limit of IP range seeds will depend on your plan, but will typically be set lower than your domain and IP limits.
- For example, if your domains and IPs limit is 300 your IP range size limit would be set at 256. Therefore, in a single scan you can not add more than 256 IP addresses from one or more IP range seeds.
Here are some examples with an allowance of 256 IPs:
- You could not add a 1.0.0.0/23 IP Range as this contains 512 IPs.
- You could add a 2.0.0.0/24 IP Range as a seed as this would total 256 addresses.
- You could add a 3.0.0.0/27 IP Range seed (32 addresses) and a 4.0.0.0/26 IP Range seed (16 addresses). This would total 48 addresses. This is less than 256.
- You could have a scan that contains the following IP Ranges which consist of 256 IP addresses.
- 1.0.0.0/25 (128 IP addresses)
- 2.0.0.0/26 (64 IP addresses)
- 3.0.0.0/27 (32 IP addresses)
- 4.0.0.0/30 (32 IP addresses)
Once your IP range seeds have reached the size limit, you can not add any additional IP range seeds. You will be able to add additional domain and IP seeds, if you have not reached your overall seed limit.
The owner and admins of an organisation can check the scan limits for their license plan on the Usage page, this will show the seed and IP range size limits for each type of scan.
When the seeds of a scan are defined or updated, a message under the Add Seed box will show the seed and IP range allowances used, and how many are available - the information displayed will depend on the license plan.
If the seeds or IP range size limits are exceeded, they may need to be manually split across two or more scans.
Hexiosec ASM results for IP range seeds will only show IPs which are determined to be active. Active IPs are those which are found to have open ports.
For example, if your IP range seed covered a range of 256 IPs, but only 10 of those IPs were found to have open ports (e.g. port 80 for HTTP), then only 10 IPs would be shown in the scan results.
If all IPs in a range have open ports, then all IPs will be shown in the scan results.
Messaging in the app, will help you as you create scans and understand results. If a scan of an IP range has no discovery results, because all IPs are inactive, messaging in the app will indicate this.