Network scanning
Network scanning finds the hosts, services, and vulnerabilities on a network — internal or external. Instead of reaching your network from the outside, it runs a lightweight agent that you deploy inside the network, where it has direct reachability to the targets you care about.
The agent-based model
Section titled “The agent-based model”A small agent does the actual scanning. You deploy it somewhere with network access to the range you want to examine and outbound access to BestDefense. The agent picks up your scan configurations, runs the scans locally, and reports results back to the app.
This decoupling is what lets you scan private, internal ranges that an internet-based scanner could never reach — the agent is already on the inside.
Concepts
Section titled “Concepts”The component you install inside your network. It executes scans and reports findings. You can check its health and status in the app.
Scan configuration vs. scan run
Section titled “Scan configuration vs. scan run”A scan configuration is a reusable template — the targets, ports, and settings for a scan. A scan run is one execution of that configuration. Creating a configuration does not start a scan; you run it when you’re ready.
Vulnerability grouping
Section titled “Vulnerability grouping”Findings are grouped by vulnerability reference, so the same issue appearing on many hosts is collected together rather than scattered across the results.
Host topology
Section titled “Host topology”A map view of the hosts the scan discovered, so you can see the shape of the network rather than just a flat list.
Where to go next
Section titled “Where to go next”- Installing the network agent — download, deploy, and connectivity requirements.
- Scan configurations — build a reusable template and run a scan from it.
- Reading network scan results — explore findings by host, the topology view, and export.