Overview of all Cyrisma Scan Types

Cyrisma provides multiple types of scans designed to identify security risk across endpoints, networks, cloud services, identity platforms, and externally exposed assets. Each scan serves a specific purpose and operates using either a locally installed scan agent, a Cyrisma cloud-based service, or a browser extension, depending on the use case.

This article explains what types of scansexist, how they execute, what they require, and what data they collect, without relying on user interface workflows.

How Cyrisma Scans Execute

Cyrisma uses a hybrid scanning model:

• User-installed scan agents perform local and internal scanning.

• Cyrisma cloud agents perform external, cloud, and internet-facing scans.

• Browser extensions are used for Chromebook scanning.

• Certain scans operate agentless, depending on scope and data source.

All communication is outbound and encrypted. No inbound connections to customer environments are required.

Scan Types

1. Network Discovery

Purpose: Identify devices and services present on a network.

• Execution: User-installed scan agent

• Windows sensor required: Yes

• Credentials: Required for full accuracy when scanning remote systems

• Data collected:

  • Discovered IP addresses and hostnames

  • Open TCP/UDP ports

  • Operating system fingerprinting

  • Service and protocol information

  • SNMP results (if available)

Notes:
Results depend heavily on network permissions and credential access.

2. Data Sensitivity Scans (Local / CIFS / SMB)

Purpose: Identify sensitive data stored on local disks or network file shares.

• Execution: User-installed scan agent

• Credentials: Required for remote shares

• Data collected:

  • Files containing sensitive data patterns

  • Detected passwords (displayed to validate false positives)

  • Masked credit card numbers for verification

Notes:
These scans may be resource-intensive depending on scan scope.

3. Microsoft Cloud Data Scans (M365)

Purpose: Identify sensitive data stored in Microsoft 365 services.

• Execution: Cyrisma cloud agent or optional local agent

• Credentials: Microsoft 365 integration required

• Data collected from:

  • Exchange Online (email)

  • OneDrive

  • SharePoint

4. Google Cloud Data Scans

Purpose: Identify sensitive data stored in Google Workspace services.

• Execution: Cyrisma cloud agent or optional local agent

• Credentials: Google Workspace integration required

• Data collected from:

  • Gmail

  • Google Drive

5. Internal Authenticated Vulnerability Scans

Purpose: Identify vulnerabilities using authenticated access to systems.

• Execution: User-installed scan agent

• Windows sensor required: Yes (for remote targets)

• Credentials: Required for remote systems; not required when scanning the local host

• Data collected:

  • Installed software and version information

  • Patch levels and OS hotfixes

  • Running services and processes

  • System configuration and security posture

  • CVE-based vulnerability findings

6. Internal Unauthenticated Vulnerability Scans

Purpose: Simulate what an unauthenticated attacker can observe.

• Execution: User-installed scan agent

• Windows sensor required: Yes (for remote targets)

• Credentials: Not required

• Data collected:

  • Open TCP/UDP ports

  • Service banners and protocol versions

  • Operating system fingerprint guesses

  • SSL/TLS configuration and certificate data

  • Publicly exposed services and resources

Notes:
Results are intentionally limited compared to authenticated scans.

7. External IP Vulnerability Scans

Purpose: Identify vulnerabilities on internet-facing infrastructure.

• Execution: Cyrisma external cloud agent

• Agent required: No

• Credentials: Not required

• Data collected:

  • Exposed ports and services

  • Publicly accessible vulnerabilities

  • SSL/TLS and certificate issues

Only externally visible assets are evaluated.

8. External Web Application Vulnerability Scans (WAS)

Purpose: Identify vulnerabilities in publicly accessible web applications.

• Execution: Cyrisma cloud agent

• Credentials: Not authenticated by default

• Data collected:

  • Web vulnerabilities such as SQL injection and cross-site scripting

  • Publicly accessible data already exposed to the internet

Private or authenticated content is not accessed.

9. Chromebook Vulnerability Scans

Purpose: Assess Chromebook environments.

• Execution: Browser extension

• Agent required: No

• Data collected:

  • Device and browser security posture information

10. Secure Baseline Scans

Purpose: Evaluate system configuration against defined security benchmarks.

• Execution: User-installed scan agent

• Windows sensor required: Yes (for remote targets)

• Credentials: Required for remote systems

• Data collected:

  • System and security configuration settings

  • Security benchmark alignment results (for example, CIS baselines)

11. Dark Web Scanning

Purpose: Identify exposed credentials and data associated with the organization.

• Execution: Cyrisma internal service

• Agent required: No

• Data collected:

  • Exposed credentials and related indicators

12. Active Directory Monitoring

Purpose: Monitor identity and directory security posture.

• On-Premise AD Monitor

  • Requires a scan agent installed on a domain controller

• Entra ID Monitor

  • Uses a Cyrisma cloud agent or optional local agent

13. Microsoft Secure Score

Purpose: Evaluate Microsoft security posture and Secure Score metrics.

• Execution: Cyrisma cloud service

• Agent required: No

• Data collected:

  • Microsoft Secure Score metrics and posture indicators

Credential Usage Summary

• Local scans on the host where the agent is installed do not require credentials.

• Remote scans require credentials in NT / NetBIOS format.

• Cloud data scans require the appropriate platform integration.

• Unauthenticated scans provide limited visibility by design.