I'm in the process of trying to streamline our scanning process, and welcome feedback regarding the advantage of using lightweight OS scans.
Here is my current scanning process, based on a workflow of Discover > Lightweight Scan > Deep Scan against derived tags.
My current process:
- Run a Map against a block of IP addresses.
- Perform a lightweight OS scan (using QID 45017 - Operating System Detected) against the same block of IP addresses.
- Run OS specific scans against assets that were tagged during the MAP and OS scan.
My question is this: Based on your experience, am I gaining much of anything by running the lightweight OS scan? Since the MAP checks for OS and services, I feel as if the OS scan might be a waste of time. I realize the OS Scan checks more ports than the MAP, but my plan is to utilize tags to run deeper scans against hosts with an unknown OS, picking up anything that is not correctly categorized via the MAP process.
Thanks for any insight.