Can I scan an IP range with CIS-CAT?
Product Name
CIS-CAT Pro Assessor v4
Product Version
All
Date
Feb 16, 2022
Problem
We have 10,000+ devices we need to scan ranging from windows, linux, ios, etc. How do you add multiple subnets into assessor?
Ā
Solution
There is not an official way to scan using an IP range/subnet. A workaround, for now, would be to create a script to:
Write or get some tool that scans IP address range
If there is a ping response
Add that IP and connection information to a
sessions.properties
fileRun CIS-CAT
Delete the
session.properties
Rinse and repeat when needed.
Advanced users may find this WorkBench discussion to be helpful - Packaging CIS CAT to Scan Multiple Assets. The discussion will explain how to build CIS CAT into a package which can be used to scan multiple assets in an ephemeral state.
There is already a Feature Enhancement Request created for a scan to be run on an IP range/subnet. It is being considered for the future but is not on the near future forecast.
If you end up finding a solution it would be greatly appreciated if you share it with the CIS-CAT community on WorkBench by either creating a new post or by adding to the one already created - IP range scanning via CIS-CAT
For scanning a large number of targets, centralized scanning is most likely the best option
Centralized Windows Documentation
Centralized Linux Documentation
You cannot scan more than one IP concurrently, but you can create multiple sessions that the assessor will execute one after another. Read through this section of the documentation for information on how to do so - https://ciscat-assessor.docs.cisecurity.org/en/latest/Configuration%20Guide/#remote-local-assessment-sessions
Keywords; IP range
Content by Label
Ā