Jigen87 Lv3Posted 2023-Nov-08 15:43
  
Passive scanning relies on network traffic to identify vulnerabilities. If there is minimal or no network activity on the servers you're scanning, this can also result in limited or no data.
Fuji12 Lv3Posted 2023-Nov-08 15:44
  
Try reaching out to the support team for the specific security software you're using. They might be able to provide more specific guidance based on the software's capabilities and your configuration.
Happpy Lv3Posted 2023-Nov-08 15:45
  
Check for any logs or diagnostics related to the passive scanning process. They can provide insight into any errors or issues that might be occurring.
Farina Ahmed Lv5Posted 2023-Nov-08 17:58
  
To troubleshoot this, ensure that the passive scanning configuration is correctly set up within the default template for Basic Protection and Detection and Response. Verify that the network traffic is properly reaching the scanning tool within the defined policy scope. Check if there are any firewall rules or network configurations in the virtual untrust (WAN) and trust (LAN) zones that might be blocking or interfering with the scanning process. Reviewing these settings and confirming the correct configuration of both the scanning tool and network zones should help identify and resolve the problem.
jerome_itable Lv3Posted 2023-Nov-09 08:14
  
Yes, it is possible that the scanned servers are so well protected that there is no output generated. This is because passive vulnerability scanners only collect information that is passively available on the network, such as network traffic and logs. If the servers are configured to not disclose any information about their vulnerabilities, then the passive scanner will not be able to identify any vulnerabilities.

Here are some possible reasons why the passive vulnerability scanner might not be generating any output:

    The servers are not responding to the scanner's probes. This could be because the servers are not configured to respond to probes, or because the scanner is not sending probes to the correct ports.
    The servers are using encryption to protect their traffic. This will prevent the scanner from being able to read the traffic and identify any vulnerabilities.
    The servers are using firewalls to block the scanner's probes. This could be because the firewalls are not configured to allow traffic from the scanner, or because the scanner is not using the correct IP addresses or ports.

If you are concerned that your servers might be so well protected that they are not being properly scanned, you could try using an active vulnerability scanner. Active scanners send probes directly to the servers, which can help to identify vulnerabilities that would not be detected by a passive scanner.

Here are some additional things you can do to troubleshoot the problem:

    Check the scanner's logs to see if there are any errors being reported. This could help to identify the cause of the problem.
    Make sure that the scanner is configured correctly. This includes checking that the scanner is using the correct IP addresses, ports, and credentials.
    Try scanning the servers from a different network segment. This could help to rule out any problems with the network configuration.

I Can Help:

Change

Moderator on This Board

11
8
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
138
3

Started Topics

Followers

Follow

Board Leaders