Internal Configuration
The Internal Scan Configuration page allows you to define the scope of your organization's internal attack surface. Any listed assets will be in scope for threat discovery testing.
Scan Frequency
The scan frequency determines how often the system will scan the assets within your defined scope. The default scan frequency is set to once a week. You can adjust this frequency by selecting a different interval using the slider.
Adding a Scan Agent
- Navigate to the Scan Agents section.
- Click Add Agent.
- Enter the name of the asset.
- Provide an optional description for better tracking.
- Click Save changes to finalize the configuration.
Adding an Internal Asset
- Navigate to the Internal Assets section.
- Click Add Asset.
- Enter the IP address or hostname of the asset.
- Provide an optional description for better tracking.
- Assign an available scan agent to handle the scans for this asset.
- Click Save to finalize the configuration.
Downloading and Configuring the Scan Agent
Downloading the Scan Agent
To install a scan agent, download the appropriate version for your operating system:
- Navigate to the Scan Agents section.
- Click Download Scan Agent to open the download modal.
- Select the appropriate version based on your OS:
- macOS:
scan_agent_1.2.0_Darwin_arm64.tar.gz
scan_agent_1.2.0_Darwin_x86_64.tar.gz
- Linux:
scan_agent_1.2.0_Linux_arm64.tar.gz
scan_agent_1.2.0_Linux_x86_64.tar.gz
- Windows:
scan_agent_1.2.0_Windows_arm64.zip
scan_agent_1.2.0_Windows_x86_64.zip
- Once downloaded, extract the package and install the scan agent on an internal system with access to your defined assets.
Configuring the Scan Agent
When configuring your scan agent, specify the following API endpoint:
https://app.radarsecurity.ai/api/agent
- Install the scan agent on the designated internal system.
- Get the API Key from the Actions column by clicking the double box copy icon
- Configure the scan agent using the API key generated at scan agent creation.
- Ensure the scan agent has the necessary network access to the assigned assets.
- Start the scan agent process to begin receiving scheduled scan tasks.
Scanner IP Whitelisting
To ensure proper communication with the scan agent, allow outbound connections for the following IP addresses within Web Application Firewalls (WAFs) and network configurations:
- 18.118.250.171
- 18.223.4.27
- 3.128.40.3
- 3.134.70.93
- 159.223.122.20
- 206.189.191.60
- 159.89.238.128
The scan agent will send a heartbeat every 5 minutes to check in, report its status, and confirm scan schedules, including scan frequency and timing.
Scan Agent Statuses
Scan agents have three possible statuses:
- Connected: The scan agent is actively communicating with the system and sending heartbeats every 5 minutes.
- Never Connected: The scan agent has been registered but has never checked in.
- Offline: The scan agent has missed three consecutive heartbeats, indicating potential connectivity or operational issues.
Running the Scan Agent as a Background Service
To ensure continuous operation, configure the scan agent as a background service on Linux.
Service Configuration File (/etc/systemd/system/scan_agent.service
)
[Unit]
Description=RADAR Attack Surface Scanner
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/scan_agent
Restart=always
RestartSec=5
StandardOutput=journal
StandardError=journal
Environment="API_KEY=my-secret-api-key"
Environment="API_URL=https://api.example.com"
[Install]
WantedBy=multi-user.target