When starting a new scan we need to be aware and understand what CYTRIX is doing. This will help us understand possible issues or unfulfilled scans.
CYTRIX is scanning the asset in a very similar way to a human, having said that CYTRIX will work in parallel with a few different browsers and many tabs at the same time. CYTRIX can work with a static or random IP and at different speeds.
- We need to check access to the asset
- Is it open to the internet
- Is it there a WAF that is blocking requests
- We need if the system connected correctly to the assets
- Did it pass the authentication process
- Did it log out
- IS the captcha of any blockages that can block our browser requests
- Are they any other possible issues:
- Session only allow one user at a time
- High number of request in certain time period
- Token/headers certification with time limit
Checking the log:
- Logs can show issues with login authentication
- Issues with addressing the asset, blocked requests via WAF of other restriction will appear in the logs
- Regular scanning process will be show by the logs, what stage the scan and the scan progress
Possible solutions:
- Reducing the speed
- Adding FIX IP
- Whitelist the IP
- Check the login authentication