Use dynamic scanning in IBM® QRadar® Vulnerability Manager to associate individual scanners with an IP address, CIDR ranges, IP address ranges, or a domain that you specify in the scan profile. Dynamic scanning is most beneficial when you deploy several scanners. For example, if you deploy more than 5 scanners, you might save time by using dynamic scanning.
You must have the correct license capabilities to perform the following scanning operations. If you need assistance to obtain a new or updated license key, contact your local sales representative or IBM Customer Support (www.ibm.com/support/).
The benefits of implementing dynamic scanning depend on your network infrastructure and the number of scanners that are available. For example, if you have 10 QRadar Vulnerability Manager scanners and you don't use dynamic scanning, you must configure 10 individual scan jobs. QRadar Vulnerability Manager selects the appropriate scanner for each IP address that is scanned.
If dynamic scanning is used in your scan profile and you associate 2 scanners with one asset, the scanner that includes the asset in the smallest matching subnet is prioritized to scan the asset first.
For example, your asset IP address is 10.2.2.3, and scanner A is assigned to the 10.2.2.0/24 CIDR address range, and scanner B is assigned to the 10.2.2.3/32 CIDR address. Scanner B is prioritized to scan the asset before scanner A because the subnet (/32) is a precise match for the asset.
Before you enable dynamic scanning, run test scans and then assess the impact on your network resources, scan performance, and the scan times.