| CPC H04L 63/20 (2013.01) [H04L 9/0825 (2013.01); H04L 9/083 (2013.01); H04L 9/3265 (2013.01)] | 20 Claims |
|
1. A method, comprising:
executing a scan assistant on an asset in a network, wherein the asset comprises a computer system having one or more processors and a memory, wherein the memory stores program instructions that implement the scan assistant, and wherein the execution of the scan assistant includes:
establishing an encrypted connection with a scan engine remote from the asset, wherein the encrypted connection is established after a two-way certificate authentication between the scan assistant and the scan engine, wherein authentication of the scan engine includes verifying a client certificate sent by the scan engine with a certificate authority stored with the scan assistant;
receiving, from the scan engine and via the encrypted connection, one or more scan operations to use during a scan of the asset, wherein the one or more scan operations are received via one or more calls to an Application Programming Interface (API) of the scan assistant made by the scan engine, wherein the one or more scan operations specify a collection of commands executable by the asset;
verifying that the one or more scan operations are signed with a private key using a public key corresponding to the private key, wherein the public key is stored on the asset and deployed with the scan assistant;
subsequent to the verifying:
loading command identifiers of commands in the collection into memory in a key-value map;
receiving one or more additional calls via the API specifying one or more of the command identifiers in the key-value map, the one or more command identifiers corresponding to one or more commands to be executed during the scan;
executing the one or more commands on the asset to obtain results reflecting a state of the asset; and
sending the results to the scan engine via the encrypted connection.
|