Scan Limiting
This section explains how limits are applied to domains/IPs for a scan. Limits applied to seeds used to create a scan are covered in Seeds and IPs
Each licence plan has a domain/IP limit applied to each scan type. The impact of scan limiting is:
- Domains and IPs within the organisations licence plan scan limit are fully processed and results are shown in the scan report.
- Domains and IPs above the scan limit will not be fully processed and their results will not be included in the scan report. The scan would then show that the limit has been reached.
The limit is not just the seeds you use as the start point for the scan, it is based on all discovered domains and IPs during the scan activity which includes both in and out of scope domains and IPs. If you are not sure how big a scan is, you can look at the number on the Discovery widget on the scan overview when the scan has completed. The large numbers show the count for in scope, and the smaller numbers for out of scope.
However, if your scan has been limited then these numbers won't reflect all of the domains and IPs that could be discovered, it will show how many were found before the scan stopped when it reached the scan limit. To make your scan smaller, consider splitting the scan seed domains and IPs across more than one scan.
How scan limiting affects your organisation will be dependent on the types of scans that your organisation runs.
- For Own Monitoring scans, the limit is applied across all scans.
- Limiting is applied when the total number of nodes across all of the organisation's Own Monitoring scans has been reached.
- Any future Own Monitoring scans will be limited.
- For Ad Hoc scans, the limit is applied per scan.
- Limiting is only applied to the scan that is being run, irrespective of the size of any previous scans.
- Future scans are not impacted if a previous Ad Hoc scan has reached the limit.
- For 3rd Party scans, the limit is applied per scan, apart from organisations on Enterprise plans.
- Limiting is only applied to the scan that is being run, irrespective of the size of any previous scans, and future scans are not limited.
- For Enterprise scans, please refer to the contract agreement. If you are unsure, please contact the Support Team from within Hexiosec ASM or email [email protected].
The owner and admin roles are responsible for monitoring scan usage across their organisation. Usage information for all scan types can be accessed from the ellipsis on the right of the organisation view:
When your organisation is getting close to, or reaches, its scan limit you will be alerted via warnings/alerts within Hexiosec ASM and in the scan and report notification emails. The warnings and alerts will be visible to all users in your organisation.
When the domain and IP limit has been reached, limited out of scope domains and IPs can be made in scope, but will not be processed until the organisation is below its limit. The scan will appear to run but will show that the nodes were not scanned; please note that the scan results will be incomplete.
If the limited scan is of the type where a limit is applied per scan (e.g. ad hoc scans) then you may want to take a look at the domains in the scan report to see if you can split them out across more than one scan.
To mitigate the impact of limiting, scans can be deleted and will be placed into a soft delete state for 30 days, to allow recovery, before being hard deleted. The impact on scan limits will not take effect until the scan is hard deleted.
The scan limit can be increased by upgrading the organisation licence plan, please follow the upgrade link within Hexiosec ASM.
If the scan limit is reduced as a result of changing a license plan, then previously included nodes may be marked as limited and excluded from future scan results. If the scan limit is increased, nodes will be added to the scan until the limit is met. In both cases, the scan results will not change immediately, but will update when the scan is next run.