How to Configure the Port Scan Feed
Learn how to use DigitalStakeout’s Port Scan Feed to perform authorized daily scans of your networks for exposed ports and services.
How to Configure the Port Scan Feed
The Port Scan Feed enables authorized users to conduct recurring scans of designated IPs and networks to identify open ports and potentially exposed services. This feed supports proactive vulnerability management and surface reduction.
Use Cases
- 🔐 Network Security — Detect newly exposed services or configuration drift
- 🛠️ Vulnerability Management — Identify ports tied to outdated or misconfigured services
- 🏛️ Compliance Monitoring — Validate network exposure against regulatory scanning policies
- 🧭 Asset Discovery — Surface devices or services previously undocumented
⚠️ Compliance Requirements
Port scanning is strictly limited to networks and IP addresses that you own or are authorized to monitor.
- 🚫 Unauthorized scanning is prohibited
- 📩 All submitted monitors are subject to compliance team review
- 📌 Abuse reports may result in feed deactivation or account suspension
Creating a Port Scan Feed
1. Launch the Monitor Setup
- Navigate to Setup → Discovery
- Click Add Monitor
2. Configure Basic Settings
Field | Description |
---|---|
Monitor Name | Required. Suggested format: client_name_range_1_2_3_4_24 |
Expires On | Choose a future deactivation date or set to “never expires” |
3. Define Your Scan Targets
Field | Guidelines |
---|---|
CIDR Blocks | Enter the IP or subnet you wish to scan (e.g., 192.168.1.0/24 ) |
Maximum: 256 IPs per monitor | |
Authorization | Must have verified control or permission for any IP submitted |
4. Save & Submit for Review
- Click Save to submit your monitor for compliance review
- You will be notified once approved
- Scans begin automatically once approved and run daily
5. Monitor Lifecycle
- Scans run on a 24-hour schedule
- Any edits to the monitor will pause the feed pending re-approval
- Results appear in the Console with:
- IP scanned
- Open ports/services detected
- Timestamps and scan history
Best Practices
- ✅ Use narrow CIDR blocks for precision and compliance confidence
- 🔁 Review scan logs daily to spot new openings or shifts
- 🧩 Tag monitors for customer, site, or asset group
- 🔐 Align with internal approval from IT/network owners
- 🚨 Investigate immediately any unexpected exposed services (e.g., RDP, Telnet)
Example Scenarios
- Scan your AWS subnet to detect public S3-compatible endpoints
- Monitor for port 22 (SSH) on a remote location subnet after maintenance
- Validate that decommissioned services are no longer exposed
- Confirm that DMZ ports remain consistent during patch cycles
For detailed use cases, platform integrations, and compliance policy,
visit the Port Scan Feed feature page.
Updated 2 days ago