Solved: NMAP rescan interval

Oliver Laue · ‎04-15-2021

Hi,

if NMAP is used for Profiling devices is there some kind of interval which reruns the scan to check if the device is still the same.

I know there is some kind of overload protection for the Node but is there some kind of verification like (if nmap last scan time is older than x) to ensure the scan did not run to often against a single MAC.

balaji.bandi · ‎04-15-2021

NMAP Scans for Unknown MAC Address while probing - you can do manual probing also. it all depends how you configure, some reference .

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

thomas · ‎05-13-2021

ISE should only perform an NMAP scan once per authentication.

It's purpose is to authenticate and profile devices upon connection - not to be a vulnerability scanner.

You should use a different security service for ongoing port detection and vulnerability scanning.