Hi, I am using OpenVAS 25.3.1 Community Edition. Generally I start scanning my network segment with nmap, and taking notes of:
alive hosts
ports opened
…then, I create a target with such results.
Is it a good approach? Or it will be better to use:
“discovery” scan first
“Full and fast” scan after?
it is unclear to me the meaning of “optimized by using previously collected information”.
My assumption is that maybe it isn’t necessary to use nmap to gather hosts and ports information: it will be enough to simply run discovery scan first on the whole network segment.
You don’t need to do a Discovery scan and a Full and Fast scan, because the Full and Fast scan automatically does the Discovery scan. Secondly, if you limit your hosts and ports to only the ones found during one single Discovery scan, then you potentially miss identifying new hosts and services that become added to your network.
Regularly re-conducting the Discovery scan provides an early alert to activities you may not be aware of, and this is part of the Full and Fast scan. In fact, you may want to schedule the Discovery scan to regularly check for these new hosts or services, even more often than Full and Fast scan.
Finally, you can consider to develop custom Scan Configurations with a limited set of VTs to optimize network traffic and scan for high risk applications more often. For example, creating a custom scan configuration with only OS and Browser tests, and running that daily, as opposed to running a complete Full and Fast scan every day.