Find why targets were not scanned
- Former user (Deleted)
Owned by Former user (Deleted)
When investigating why iQSonar was unable to connect to certain target hosts or applications, there are multiple reasons certain targets might not be scanned other than credential failure (no credentials or invalid credentials).
If you are investigating credential failures, queries to help you find unscanned hosts are available for Windows targets and for Unix/Linux targets.
The following query will help you find hosts that could not be scanned for reasons such as:
- Target is on an exclusion list
- Target is in a credential cooldown phase (Note: this appears as a distinct reason in the query output with Gwyn R1 which is in development at time of writing. In earlier releases these targets will simply appear as queued for a rescan.)
- A target defined by hostname cannot be resolved in DNS
- A target IP is detected as running a desktop version of Windows (these targets are not scanned by default).
Use the following query to get a list of targets that were not successfully scanned, and the reported reason:
Unscanned Targets with reason
SELECT Target
, Hostname as ScanningServer
, Outcome
, State
, Description
, [IP Range]
, TargetType
FROM history.v_ScanHistoryStatusForTarget
WHERE State != 'Success'
The results would look something like the following (This screenshot taken from Gwynn R1 RC2 results).
