Probes

The Probes feature helps find the cross-subnet reachability of assets by sending a probe request to the assets in the different subnets (configured on ColorTokens Xshield) and gathering information about the reachable and open (vulnerable) ports on the assets in the subnets. ColorTokens Xshield does this by randomly selecting a source asset from a subnet and sending probe requests to assets on every other subnet.

You can use the Network groups feature to group subnets from the ColorTokens Xshield UI.

Note: If you use the Probes feature, ColorTokens Xshield generates Cross-subnet reachability reports. You can view these reports on the ColorTokens Xshield UI.

For ‘n’ subnets you configure on ColorTokens Xshield, ColorTokens Xshield creates ‘n’ probing segments and triggers the probe sequentially. ColorTokens Xshield uses the assets’ subnet and open-port details to create a Probe Map. Probe Map is a table that has 1 asset picked from each subnet that acts as an agent to probe open ports on the assets in the other subnet. ColorTokens Xshield uses this Probe Map to trigger the probe requests sequentially.

Probes fetch the following data from the assets:

Port number that is open on the destination asset.
Protocol that the open port uses generally uses to communicate.

The Probes feature offers you the following benefits:

Insights about whether the open ports are reachable and vulnerable to attacks. You can use the probing results to apply appropriate Access policies and harden the asset.
You do not need to scan your network for ports using external port scanning tools. ColorTokens Xshield allows you to scan your network on-demand and by using probing schedules.

Note: Probing a large number of subnets and assets generates considerable additional traffic on your network. We advise you to probe or configure probing schedules at quiet times in your network.

Probing your Network On-demand

You probe your network on-demand when you want to know what assets are reachable on which ports and from what subnets and thus the vulnerabilities on the assets in your network.

Note: Probing generates additional traffic on your network.

To probe your network on-demand:

Log in to ColorTokens Xshield.

The Assets page appears.
Click the Settings icon located on the left of the banner, and click Configure > Probes in the left navigation panel.

The Probes Configuration page appears.
Do the following to initiate on-demand probing:
1. Click Start Probing Now.
  
  ColorTokens Xshield starts a probing schedule and displays a progress bar stating that probing is in progress.
2. (Optional) To stop the on-demand probing, click Stop Probing Now.
  
  ColorTokens Xshield stops the probing schedule.
3. (Optional) To view when you last probed your network, click the Refresh icon.
  
  The area below Start Probing Now displays the time and date when you last probed your network.

View Probing history

You view the history of probing when you want to view the results of your probing schedules.

Note: You can view the results of only the last two probing schedules.

To view the history of probing:

Log in to ColorTokens Xshield.

The Assets page appears.
Click the Settings icon located on the left of the banner, and click Configure > Probes in the left navigation panel.

The Probes Configuration page appears.
Do the following to view the history of probing:
1. (Optional) Click the See History link.
  
  Note: ColorTokens Xshield displays this link only if it has probed your network at least once.
  
  If you probed your network at least once, the History page appears.
  This page displays the list of probes that ColorTokens Xshield sent along with the following details: status of the probe, the duration that previous probes ran for, and the date and the time when ColorTokens Xshield sent the probes.
2. (Optional) Select the duration for which you want to view the probing activity from the filter located at the top-right corner of the table.
  
  ColorTokens Xshield filters the History page and displays the list of probes.
3. Click a probe entry in the table.
  
  The Probing Results page appears.
  This page displays the following details as columns: DESTINATION IP ADDRESS (includes subnet representation), DESTINATION HOSTNAME, SOURCE IP ADDRESS (includes the subnet representation), SOURCE HOSTNAME, REACHABLE PORT FOR DESTINATION IP.
  If a destination asset was not reachable when the source asset sent the probe, ColorTokens Xshield does not display any data in the REACHABLE PORT FOR DESTINATION IP column.

Modify Probing schedules

You modify a probing schedule when you want to probe your network at a different frequency and time.

To modify a probing schedule:

Log in to ColorTokens Xshield.

The Assets page appears.
Click the Settings icon located on the left of the banner, and click Configure > Probes in the left navigation panel.

The Probes Configuration page appears.
Do the following to modify the probing schedule:
1. In the Next Probing area, click the link that displays the upcoming probing schedule.
  
  The Edit Reachability Probing Schedule page appears.
2. Select an option button next to the frequency at which ColorTokens Xshield must send probes.
  
  The options available are Daily, Weekly, and Monthly.
3. Do one of the following:

Delete Probing schedules

You delete a probing schedule when you do not want ColorTokens Xshield to schedule probes in your network.

To delete a probing schedule:

Log in to ColorTokens Xshield.

The Assets page appears.
Click the Settings icon located on the left of the banner, and click Configure > Probes in the left navigation panel.

The Probes Configuration page appears.
Do the following to delete the probing schedule:
1. In the Next Probing area, click the link that displays the upcoming probing schedule.
  
  The Edit Reachability Probing Schedule page appears.
2. Click Remove Schedule at the lower-left corner of the page.
  
  ColorTokens Xshield confirms that it has deleted the probing schedule.