Scan Policies & Scheduling

Scan Policies

Scan Policies allow you to customize how Pulsar interacts with your infrastructure. Instead of using a "one-size-fits-all" approach, you can define specific profiles that determine which integrated tools are executed, their intensity, and how the results are processed.

Creating a Policy

Policies are managed via the Scan Settings dashboard or the REST API. A policy acts as a blueprint for any scan task, ensuring consistency across discovery and vulnerability assessment phases.

Key configuration areas within a policy include:

• Tool Selection: Enable or disable specific modules such as Amass for discovery, ZMap for port scanning, or CloudEnum for asset identification.
• Discovery Depth: Configure how aggressively Pulsar should hunt for subdomains and TLDs.
• Vulnerability Scoring: Set the thresholds for basic vulnerability scoring based on NVD Data Feeds and SSH audits.
• Optimization: Fine-tune timeouts and concurrency settings to balance scan speed against the risk of triggering rate limits or network congestion.

API Usage: Defining a Policy

To create a scan policy programmatically, send a POST request to the /api/policies/ endpoint.

Request Example:

{
  "name": "Aggressive Discovery",
  "description": "Deep subdomain enumeration with full port scanning",
  "amass_enabled": true,
  "nmap_enabled": true,
  "zmap_enabled": true,
  "intensity_level": 3,
  "optimization_flags": "--speed 4 --max-retries 2"
}

Scheduling

Pulsar leverages Celery to manage background tasks and recurring schedules. This allows you to maintain continuous visibility over your organization's footprint without manual intervention.

Recurring Scans

Scheduled tasks are ideal for tracking "shadow IT" and newly exposed assets over time. When a scheduled scan completes, Pulsar automatically compares the results against previous snapshots to identify new domains or vulnerabilities.

• Frequency: Scans can be scheduled at daily, weekly, or monthly intervals.
• Persistence: Scheduled tasks persist in the database and are managed by the Celery Beat scheduler.
• Comparison: Use the "Check for New Assets" feature within a schedule to trigger specific notifications when changes are detected.

Configuring a Schedule

Schedules link a Target (Organization/Assets) with a Scan Policy.

1. Navigate to the Scheduler section in the UI.
2. Select the Target Asset/Domain.
3. Choose the Scan Policy to be applied.
4. Define the Cron-style expression or interval for execution.

API Usage: Scheduling a Task

To schedule a scan via the API, interact with the /api/schedules/ endpoint.

Request Example:

{
  "task_name": "Weekly Footprint Audit",
  "policy_id": 5,
  "target_asset_id": 12,
  "interval": "weekly",
  "start_time": "2023-10-27T02:00:00Z",
  "enabled": true
}

Notifications

Scheduling is tightly integrated with the notification system. If EMAIL_BACKEND settings are configured in portal/portal/settings.py, Pulsar will dispatch alerts based on schedule triggers, such as:

• Scan completion reports.
• Discovery of new subdomains.
• Identification of critical-score vulnerabilities.

Performance Optimization

When defining policies for large or uncharted scopes, use the following optimization strategies:

| Setting | Recommendation | Use Case | | :--- | :--- | :--- | | ZMap Integration | Use for initial wide-range IPv4 discovery before running detailed Nmap scans. | Massive Network Scopes | | Tool Concurrency | Limit concurrent module execution in shared environments to prevent CPU spikes. | Low-resource VPS | | Confidence Tests | Enable additional confidence tests in the policy to reduce false positives in vulnerability reports. | Critical Infrastructure |

Note: Because Pulsar is designed for availability and does not require external API keys, scan speed is largely dependent on the resources of the host machine and the optimization flags set within your policies.