Risk Assessments and External Scans
Common questions and answers
What Are Different Types Of Security Assessments I Can Create?
What Are Different Types Of Security Assessments I Can Create?
There are two types of assessments that can be created:
This is our complete assessment. It covers:
-
Network scanning (Internal & External)
-
Application scanning (cloud apps & desktop apps)
-
Data Security - PII detection on systems
-
Identity & Access Management
-
Password management
-
M365 Security
This is our complete assessment. It covers:
-
Network scanning (Internal & External)
-
Application scanning (cloud apps & desktop apps)
-
Data Security - PII detection on systems
-
Identity & Access Management
-
Password management
-
M365 Security
This is the external scan which uses the domain(s) and any public IPs of a client. For an in depth description of the different risk assessments, please refer to this document.
What Are The Timelines For The Different Risk Assessments?
What Are The Timelines For The Different Risk Assessments?
External Scans:
Installation: 2 min
Scanning: 10-15 min
Risk Assessment:
Installation: 10 mins
Scanning: 2-3 hours
What Are The Different Steps Involved In Each Risk Assessment?
What Are The Different Steps Involved In Each Risk Assessment?
Please refer to this document for more details on the different steps needed to complete the different Risk Assessments.
How To Add An IP/Domain To An External Scan?
How To Add An IP/Domain To An External Scan?
You can add an IP/domain to an external scan by going to “Targets” > “Add Target” (top right) to add an IP address or additional domains.
How Do I Delete Or Archive A Risk Assessment Or External Scan?
How Do I Delete Or Archive A Risk Assessment Or External Scan?
For a Risk Assessment or an External Scan, click on the “Archive” button in the topic right corner to archive the assessment.
The assessment will not show up on your dashboard.
For a Risk Assessment, note that archiving will uninstall the Telivy scanners from any assets that are installed.
What Assets Do 'Rescan All' Feature Scan Again?
What Assets Do 'Rescan All' Feature Scan Again?
The ‘Rescan All’ feature deploys all the scans to refresh data. This includes:
-
Vulnerabilities
-
PII
-
Credential analysis
-
Risky Applications
-
Microsoft 365
-
External Attack Surface
-
Asset Inventory
How Do I Add Multiple Domains To A Scan?
How Do I Add Multiple Domains To A Scan?
For External Scans, under the “Security” tab, navigate to “Targets” and click on “Add Target” to add either an external IP address or another domain.
For Risk Assessments, under the “Assets” tab, navigate to “Domain/IP Address” and click on “Add Target” to add either an external IP or another domain.
How To Add An IP/Domain To A Risk Assessment?
How To Add An IP/Domain To A Risk Assessment?
You can add an external scan by going to “Assets” > “Domain / IP Addresses” > “Add Target” (top right) and then you can add an IP address or additional domains.
What Is Agent/Agentless?
What Is Agent/Agentless?
We offer two options for every assessment.
- Agent
-
You can deploy rapidly using your RMM
-
You can leave Telivy deployed and “rescan” on demand
-
You will generate the most comprehensive data
-
You can convert a CSRA to “Monitoring” where Telivy will rescan and help build risk-over-time charts and graphs
-
With Monitoring you can also set policies and receive alerts when a policy is violated
- Agentless (Non Agent)
-
Recommended for new clients as it does not require any installation or uninstallation
-
Link to executable can be sent on email, very useful for prospecting when you don’t have RMM setup to the devices to install agent
-
It tries to run as admin, if no permission granted then runs as non admin
-
Non admin scan limitations
-
PII scan done only for files accessible by the local use
-
Browser history and passwords captured only for the local user
-