Richer and More Timely Data

Scanning from attributed infrastructure brings significant benefits to Cortex Xpanse's delivered data.
Cortex® Xpanse™ Expander collects data twice a week by default. Should the customer require, Cortex Xpanse performs targeted scanning daily. Scanning from attributed infrastructure brings three significant benefits to Cortex Xpanse's delivered data:
  • Additional port and protocol scanning—In addition to the ports and protocols listed in Ports and Protocols, targeted scanning includes open TCP ports 8194-8198, 8209-8220, 8290-8294, SMTP on TCP port 25, and additional SMB versioning.
  • TLS/SSL scanning
  • Daily scanning cadence and data delivery versus twice a week. Shifting to daily scanning accelerates the disappearance results from 10 days (default scans) to 3 days (daily scans).
As a consumer of Cortex Xpanse’s targeted scanning service, your data includes payloads that may cause abuse complaints, such as SMTP (Simple Mail Transfer) and IKE (Internet Key Exchange). It is imperative that customers of Cortex Xpanse’s targeted scanning add to an allow list the IP ranges outlined below to avoid gaps in scan data.
Targeted scanning of customer networks uses the following IP addresses. Cortex Xpanse recommends adding to an allow list the following scanning IP's and adding them to a mail server allow list:
  • 172.105.147.0/24

Recommended For You