Depending on your security policies and routines, you may schedule certain scans to run on a monthly basis, such as patch verification checks, or on an annual basis, such as certain compliance checks. It's a good practice to run discovery scans and vulnerability checks more often—perhaps every week or two weeks, or even several times a week, depending on the importance or risk level of these assets.
Scheduling scans requires care. Generally, it’s a good idea to scan during off-hours, when more bandwidth is free and work disruption is less likely. On the other hand, your workstations may automatically power down at night, or employees may take laptops home. In this case, you may need to scan those assets during office hours. Make sure to alert staff of an imminent scan, as it may tax network bandwidth or appear as an attack.
If you plan to run scans at night, find out if backup jobs are running, as these can eat up a lot of bandwidth.
Your primary consideration in scheduling a scan is the scan window: How long will the scan take?
Many factors can affect scan times:
If you schedule a scan to run on a repeating basis, note that a future scheduled scan job will not start until the preceding scheduled scan job has completed. If the preceding job has not completed by the time the next job is scheduled to start, an error message appears in the scan log. To verify that a scan has completed, view its status. See Running a manual scan.
Note: You cannot save a site configuration with overlapping schedules. Make sure any given scan time doesn't even partially conflict with that of another.
By alternating scan templates in a site, you can check the same set of assets for different needs. For example, you may schedule a recurring scan to run on a fairly routine basis with a template that is specifically tuned for the assets in a particular site. Then you can schedule a monthly scan to run with a special template for verifying Microsoft patches that have been applied after Patch Tuesday. Or you can schedule a monthly or quarterly scan with an internal PCI template to monitor compliance.
The Security Console displays options for a start date and time, maximum scan duration in minutes, and frequency of repetition.
OR
Select a date from the calendar that appears when you click inside the text box.
Note: If you created the site through the integration with VMware NSX, you cannot use multiple scan templates because the Full Audit is automatically assigned as part of the integration process. See Integrating NSX network virtualization with scans.
If you select the option to continue where the scan left off, the paused scan will continue at the next scheduled start time.
If you select the option to restart the paused scan from the beginning, the paused scan will stop and then start from the beginning at the next scheduled start time.
Scheduling a recurring scan
The newly scheduled scan appears in the Scan Schedules table, which you can access by clicking Manage Schedules.
Tip: You can edit a schedule by clicking its hyperlink in the table.
You may want to suspend a scheduled scan. For example, a particular set of assets may be undergoing maintenance at a time when a scan is scheduled. You can enable and disable schedules as your needs dictate.
Enabling and disabling schedules