Can I scan an IP range with CIS-CAT?


Product Name

CIS-CAT Pro Assessor v4

Product Version

All

Date

Feb 16, 2022



Problem

We have 10,000+ devices we need to scan ranging from windows, linux, ios, etc. How do you add multiple subnets into assessor?

 

Solution

There is not an official way to scan using an IP range/subnet. A workaround, for now, would be to create a script to:

  • Write or get some tool that scans IP address range

  • If there is a ping response

  • Add that IP and connection information to a sessions.properties file

  • Run CIS-CAT

  • Delete the session.properties

  • Rinse and repeat when needed.

Advanced users may find this WorkBench discussion to be helpful - Packaging CIS CAT to Scan Multiple Assets. The discussion will explain how to build CIS CAT into a package which can be used to scan multiple assets in an ephemeral state.

There is already a Feature Enhancement Request created for a scan to be run on an IP range/subnet. It is being considered for the future but is not on the near future forecast.

If you end up finding a solution it would be greatly appreciated if you share it with the CIS-CAT community on WorkBench by either creating a new post or by adding to the one already created - IP range scanning via CIS-CAT

For scanning a large number of targets, centralized scanning is most likely the best option

Centralized Windows Documentation
Centralized Linux Documentation

You cannot scan more than one IP concurrently, but you can create multiple sessions that the assessor will execute one after another. Read through this section of the documentation for information on how to do so - https://ciscat-assessor.docs.cisecurity.org/en/latest/Configuration%20Guide/#remote-local-assessment-sessions

Keywords; IP range

Content by Label


Copyright © 2020

Center for Internet Security®