5 Replies Latest reply on May 23, 2019 4:59 PM by Brice-Emmanuel Loiseaux

    How do I filter the results of a sweep scan for only newly discovered endpoints?

      Share:|

      I'm managing my discovery schedules using tw_query, tw_ipinject and cron. It
      works very well and reduces my scheduling overhead by allowing me to add a
      target/subnet by simply scanning it once. ADDM will then include the target
      endpoint in its subsequent full scan and the subnet in subsequent sweep scan.
      Using this technique, I've found I'm able to finish scans completely by
      reducing my scan of dark space during full scans, and runs sweep scans against
      all 600+ subnets in our environment, without worry of duplication or omission.
      Finally, it also allows for dynamic rescanning of failed access of known
      targets.

       

       

      The one area I need to improve is identifying new hosts found in the sweep
      scan. To that end, how do I filter the results of a sweep scan for only newly
      discovered endpoints?