Designate an Agent as Network Scanner & Perform Unauthenticated Network Scan

Overview

This article provides a comprehensive guide to designate an agent as a network scanner and perform an unauthenticated network scan using the Saner CVEM console.

This documentation is intended for Admins or Security Admins who manage vulnerability assessments and wish to perform network scans without credentials using Saner CVEM.

Prerequisites

• Access to Saner CVEM portal.
• Valid Admin or privileged credentials.
• At least one agent installed or ready to be deployed in the environment.
• Network IP range or targets to scan.

Procedure

Step 1: Log in to Saner CVEM

Log into the Saner CVEM Console using your administrative credentials.? URL: https://saner.secpod.com (or your organization-specific login URL)

Step 2: Access Control Panel

Navigate to the Control Panel from the top navigation menu.

Step 3: Open Network Scanner Settings

Click on CVEM in the left-hand panel to expand additional options.
Under the  Scanners tab, select Network Scanner to open the scanner management dashboard.

Step 4: Select Account

Choose the account under which you want to configure the network scan.

Step 5: Create a New Network Scanner

Click on Create New Scanner to begin setup.
You will be prompted to choose between two types of scanners:

Option 1: Set Up & Designate a New Agent

• Select the desired agent format: .exe, .dpkg, .rpm, .pkg (mac)
• Click Download
• After downloading, you’ll be prompted to choose the target device for installing the agent.
• Proceed to Step 6 for configuration.

Option 2: Designate an Existing Agent

• If you already have a device with an agent installed, select “Designate an existing agent”
• Choose the device from the dropdown list
• Click Next and continue to Step 6

Step 6: Configure Network Scan Settings

After selecting the scanner type:

• Scan Config Name: Give a unique name to the scan configuration.
• Target IPs:
  Enter IP addresses to be scanned. Supports single IPs, ranges, and CIDR notation.
  Examples:
  • 192.168.1.1
  • 192.168.1.1/32
  • 192.168.1.1-10
    
    

• Exclude List:
  Enter IPs that should not be scanned (helpful when using a wide range).

• Scan Type:Choose between TCP or TCP+UDP.
• Ports to Scan:
  Choose from preset port configurations.
  Hover over the (?) icon next to “Select Ports” to view the list of ports.

• Scheduling: Optionally schedule scans:
  • Daily
  • Weekly
  • Monthly

• Default Policy:
  For first-time setup, select the Default Policy.
  Otherwise, proceed to Step 7 to create a custom policy.

Step 7: Create a Custom Unauthenticated Scan Policy

If you're using a custom policy:

1. Select “New Policy”
2. Use the Filter Funnel icon to open filters.
3. Uncheck “Authentication” to configure an unauthenticated scan.
4. Click Next, provide a policy name, and Create Policy 

Step 8: Start the Network Scan

Go to the Home Dashboard.
Locate the newly created scanner and click the Play (▶️) button to initiate the scan.
 Wait for the scan to complete.

If custom policy is selected. Under Scan policy -- select the dropdown and select the policy created.

Step 9: Download the Scan Report

After the scan is complete, you can download the results as a report from the same dashboard.

Sample report :- It will downloaded as pdf

Additional Notes

• Ensure your network allows agent communication on required ports.
• Unauthenticated scans are ideal for detecting open services and identifying misconfigured assets.
• Default policies use standard NSE (Nmap Scripting Engine) scripts provided by Saner CVEM.