Scanning from attributed infrastructure brings significant
benefits to Cortex Xpanse's delivered data.
Cortex® Xpanse™ Expander collects data twice a week
by default. Should the customer require, Cortex Xpanse performs
targeted scanning daily. Scanning from attributed infrastructure
brings three significant benefits to Cortex Xpanse's delivered data:
Additional port and protocol scanning—In addition to
the ports and protocols listed in Ports and Protocols, targeted
scanning includes open TCP ports 8194-8198, 8209-8220, 8290-8294,
SMTP on TCP port 25, and additional SMB versioning.
Daily scanning cadence and data delivery versus twice a week.
Shifting to daily scanning accelerates the disappearance results
from 10 days (default scans) to 3 days (daily scans).
As a consumer of Cortex Xpanse’s targeted scanning service, your
data includes payloads that may cause abuse complaints, such as
SMTP (Simple Mail Transfer) and IKE (Internet Key Exchange). It
is imperative that customers of Cortex Xpanse’s targeted scanning
add to an allow list the IP ranges outlined below to avoid gaps
in scan data.
Targeted scanning of customer networks uses the following IP
addresses. Cortex Xpanse recommends adding to an allow list the
following scanning IP's and adding them to a mail server allow list: