Skip to content

Internal Configuration

The Internal Scan Configuration page allows you to define the scope of your organization's internal attack surface. Any listed assets will be in scope for threat discovery testing.

Scan Frequency

The scan frequency determines how often the system will scan the assets within your defined scope. The default scan frequency is set to once a week. You can adjust this frequency by selecting a different interval using the slider.

Adding a Scan Agent

  1. Navigate to the Scan Agents section.
  2. Click Add Agent.
  3. Enter the name of the asset.
  4. Provide an optional description for better tracking.
  5. Click Save changes to finalize the configuration.

Adding an Internal Asset

  1. Navigate to the Internal Assets section.
  2. Click Add Asset.
  3. Enter the IP address or hostname of the asset.
  4. Provide an optional description for better tracking.
  5. Assign an available scan agent to handle the scans for this asset.
  6. Click Save to finalize the configuration.

Downloading and Configuring the Scan Agent

Downloading the Scan Agent

To install a scan agent, download the appropriate version for your operating system:

  1. Navigate to the Scan Agents section.
  2. Click Download Scan Agent to open the download modal.
  3. Select the appropriate version based on your OS:
  4. macOS:
    • scan_agent_1.2.0_Darwin_arm64.tar.gz
    • scan_agent_1.2.0_Darwin_x86_64.tar.gz
  5. Linux:
    • scan_agent_1.2.0_Linux_arm64.tar.gz
    • scan_agent_1.2.0_Linux_x86_64.tar.gz
  6. Windows:
    • scan_agent_1.2.0_Windows_arm64.zip
    • scan_agent_1.2.0_Windows_x86_64.zip
  7. Once downloaded, extract the package and install the scan agent on an internal system with access to your defined assets.

Configuring the Scan Agent

When configuring your scan agent, specify the following API endpoint:

https://app.radarsecurity.ai/api/agent

  1. Install the scan agent on the designated internal system.
  2. Get the API Key from the Actions column by clicking the double box copy icon
  3. Configure the scan agent using the API key generated at scan agent creation.
  4. Ensure the scan agent has the necessary network access to the assigned assets.
  5. Start the scan agent process to begin receiving scheduled scan tasks.

Scanner IP Whitelisting

To ensure proper communication with the scan agent, allow outbound connections for the following IP addresses within Web Application Firewalls (WAFs) and network configurations:

  • 18.118.250.171
  • 18.223.4.27
  • 3.128.40.3
  • 3.134.70.93
  • 159.223.122.20
  • 206.189.191.60
  • 159.89.238.128

The scan agent will send a heartbeat every 5 minutes to check in, report its status, and confirm scan schedules, including scan frequency and timing.

Scan Agent Statuses

Scan agents have three possible statuses:

  • Connected: The scan agent is actively communicating with the system and sending heartbeats every 5 minutes.
  • Never Connected: The scan agent has been registered but has never checked in.
  • Offline: The scan agent has missed three consecutive heartbeats, indicating potential connectivity or operational issues.

Running the Scan Agent as a Background Service

To ensure continuous operation, configure the scan agent as a background service on Linux.

Service Configuration File (/etc/systemd/system/scan_agent.service)

[Unit]
Description=RADAR Attack Surface Scanner
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/scan_agent
Restart=always
RestartSec=5
StandardOutput=journal
StandardError=journal
Environment="API_KEY=my-secret-api-key"
Environment="API_URL=https://api.example.com"

[Install]
WantedBy=multi-user.target