Scan Groups can be used to manage access to scans within your organisation.  Used in conjunction with organisation and group roles, they can provide control over who has access to scans, and how they can interact with them.   

This article covers example scenarios that provide ideas of how groups could be used in your organisation.  To manage groups, you will need to have the role of owner or admin for your organisation.

ifferent access levels across scan groups

Using groups, you can allow people to have different levels of access for each scan group, or no access at all if they are not assigned a role for that scan group.  If they don't have a role, they won't see the group or the scans it contains.  

If you have scans for multiple domains within your organisation, you can use groups to manage who can see and manage the scans for those different areas of the business. Separate groups could be used for customer or vendor scans.  This allows you to segregate reporting so that access is limited where necessary.

By creating a group for each type of scan, you can get an easy visual representation of who has access to each scan type.  You can then add just the people who need to see that scan type and assign the role that they need.

Organisation and Group Roles

Using Groups

MFA and session expiry

Hexiosec ASM

Hexiosec ASM (Public)

Password Policy

Changing email address

Changing ownership

User and Group Management

Scan Types

Scan Allowances

Seeds and IPs

Scan Limiting

Deleting Scans

Scan Notifications

Managing Scans

Report Terminology

Scan Reports

Health Scores

Managing Actions

TLS Certificate Risks

Backport Resolvable Risks

Risk Severity Ratings

SPF Hard Fail risks

Managing Risks

Managing Domains

Graph view

Managing CDNs and Shared IPs

Creating a scan using the API

Paginating the API Requests

Using the Public API

Hexiosec ASM mobile

Upgrade Recommendations

Contacting Support

User Guides

I've changed the device I use for MFA

I've accepted an invite, why can't I see anything?

I don't think this vulnerability applies to me?

Why has my scan not updated after I've made a fix?

Why is my IP's geographic location not showing, or incorrect?

Will Hexiosec ASM find Malware?

What is out of scope?

What is a Stale domain?

Can I run scans without permission?

What happens when I delete a scan?

Will the latest CVE be found?

What version is Hexiosec ASM?

Which SSO protocols does ASM support?

FAQs

MSP Specific Guidance