Runzero scanner. 14. Runzero scanner

 
14Runzero scanner  What UDP ports does runZero scan? runZero scans the following UDP ports by default: 53 69 88 111 123 137 161 443 500 623 987 1194 1434 1701 1900 2049 2228 3391 3671 3702 4433 5060 5246 5349 5351 5353 5632 5683 5684 9302 10000 10001 11211 19132 30718 37810 41794 46808 47808 48808 65535

The Your team menu entry has four submenus. Scan missing subnets: From the coverage report, you can launch a scan for any missing subnets in a given RFC1918 block – look for the binocular icon. Dynamic binaries make it easy to deploy Explorers that connect back to the right organization, but present a challenge for. To access the coverage reports, go to Reports on the main menu and. The team was also able to scan a small data center in less than six minutes and a large data center in thirty minutes. To install the Rumble macOS Agent, copy the download link from the Agents page, download a local copy, and install it using the command line: For a quick rundown on how to use the command-line scanner, take a look at the scanner. Scan range limit (8,192) Scan rate limit (5,000). Vulnerability scanning plays a crucial role in any enterprise security program, providing visibility into assets that are unpatched, misconfigured, or vulnerable to known exploits. runZero provides asset inventory and network visibility for security and IT teams. Select Configure Rule. You can discover your entire inventory including managed and unmanaged devices, on-premises and cloud assets, IT and OT infrastructure, endpoints at work and at home. The scan task can be used to scan your environment and sync integrations at the same time. Really great value, puts. You can use the Mustache syntax for the subject. 0 is out with major updates to the scan engine, reports, fingerprinting, user interface, documentation, and much more!runZero is a cyber asset attack surface management solution that delivers full asset inventory–quickly, easily, and safely. 7. These custom integrations allow for creating and importing asset types not previously supported within. 0. The site import and export CSV format has been simplified. Primary corporate site. Passive discovery augments the existing sources in the runZero Platform to provide always-on discovery for assets that might miss active scan windows, and coverage for fragile OT environments. Type OT Full Scan Template into the search box and select the radio button for the template. We are currently trialing both CyberCns and RUNzero (aka Rumble). If you are a. Professional Community Platform An organization represents a distinct entity; this can be your business, a specific department within your business, or one of your customers. New features # Rumble is now runZero and the product UX has been updated to match. runZero is the only CAASM solution that unifies proprietary active scanning, native passive discovery, and API integrations. 8. Step 2: Connect with CrowdStrike. It is also possible for Chrome to fail to run for other reasons, such as a corrupt Chrome profile. What to do when a runZero scan results in hundreds of identical assets being created for systems that don't exist. It scans IP addresses and ports. 14. 0/8, 172. 3 in site A's network will be treated as completely separate from 10. Data about assets which are VMware VMs will be imported into runZero automatically, and merged with the other information runZero finds by scanning. Planning This first set of. This format is returned when downloading the task data for an Explorer-run scan and correlates to the scan. Higher Education/ Banking Industry OVERVIEW. After deploying runZero, just connect to Qualys and bring your vulnerability scan results into runZero to achieve better visibility of gaps in your scan coverage. An asset may have multiple IP addresses, MAC addresses, and hostnames and it may move around the network as these attributes are updated. Credential fields Credential ID The ID field is the unique identifier for a given credential, written as a UUID. io), Tenable Nessus, and Tenable Security Center to enrich your asset inventory and gain visibility into vulnerabilities detected in your environment. The runZero scanner now supports the Bitdefender, NDMP, Munin, MySQL X, and Spotify Connect protocols over TCP, improved support for capturing Telnet banners and improved OS/firmware detection via BACnet UDP probe, and introduced new UDP probes for CoAP, Minecraft Bedrock, L2TP, Dahua DHIP, KXNnet, Webmin, and the. After you add your GCP credential, you’ll need to set up a connector task or scan probe to sync your data. You can discover your entire inventory including managed and unmanaged devices, on-premises. 0. The standard deployment plan is broken out into six stages which will help you plan out your requirements, execute the deployment, and optimize your environment based on runZero’s best practices. Step 2: Connect with CrowdStrike. Cyber Asset Attack Surface Management (CAASM) is an emerging technology that focused on presenting a unified view of cyber assets to an IT and security team. As an alternative to Rumble, the Nmap Security Scanner can also identify HTTP/2 implementations via the tls-nextprotoneg NSE. Connector tasks run independently from either the cloud or one of your Explorers, only performing the integration sync. You will jump straight into deploying an Explorer for discovery, running your first scan, and onboarding users. When viewing software, you can use the keywords in this section to search and filter. Connector tasks run independently from either the cloud or one of your Explorers, only performing the integration sync. The SentinelOne integration can be configured as either a scan probe or a connector task. The Tenable integration allows you to enrich your asset inventory with vulnerability data. Unauthenticated network discovery tools #When viewing scan templates, you can use the keywords in this section to search and filter. html report and search for nodes with the protocol flagged. Operational information Live assets: number of assets currently alive based on the latest. The NTLMSSP response is available through any NTLM-enabled service: SMB, RDP, and MSRPC, and sometimes HTTP servers. 2020-04-12. runZero-hosted Explorers: Scan all your external assets with a runZero-managed Explorer. Start your 21 day free trial today. 5? # Identify endpoint protection agents via integrations and unauthenticated scans Fingerprint wireless and mobile Internet on Windows without authentication Better fingerprinting for Windows 10 and 11, desktop/server, secondary IPs Discover AWS EC2 assets across all accounts Report unmapped MACs Keep reading to learn more about some of the new 2. We strive to provide a fast, low-impact scan by default, but also try to include as many services and protocols as possible. Self-hosted platform improvements # Scan probes gather data from integrations during scan tasks. From the Registered Explorers page, select the Explorer you wish to configure to perform traffic sampling. You can search or filter the tasks using different attributes. 6. Following the structure and format of the open-source Recog fingerprint database, users can author their own fingerprint XML files and add them to a directory that the runZero platform or scanner can access. Step 1: Scan your network with runZero. Step 4: Add users to the runZero app in Azure. The scan balances SYNs and ACKs and watches for port consumption issues on both the client & target. Configurable max group size that limits the number of targets runZero can scan at once, which correlates to the number of connections stateful devices such as firewalls or routers. Concurrent scans: Conduct concurrent scans on the same Explorer (not available on Windows). Data transparancy is one of the key drivers of Rumble development. The edr. Adding custom asset sources can be accomplished through the API or by leveraging the runZero Python SDK. runZero's secret sauce is its proprietary unauthenticated scanner powered by high-fidelity fingerprinting. A large telecom customer used a leading vuln scanner and runZero to scan the same device. 5 of the Rumble Agent and runZero Scanner. runZero users that have a self-hosted platform or standalone scanner now have the ability to add custom asset and service fingerprints. Using runZero data to enrich other tools In addition to being able to enrich your runZero inventory with data from your other IT and security tools, the runZero platform offers egress integrations with several platforms. By default, the integration will import all Falcon hosts. The. You should have at least one Explorer deployed. The runZero scanner now supports the Bitdefender, NDMP, Munin, MySQL X, and Spotify Connect protocols over TCP, improved support for capturing Telnet banners and improved OS/firmware. 0/16 subnet is no longer ignored when processing scan results. Their free version might be enough for your needsLansweeper is OG, RunZero seems to be like newer more modern product, but competing in same space. Common techniques to validate segmentation, such as reviewing firewall rules and spot testing from individual. Navigate to Tasks > Scan > Template scan. To see when your subscription or license expires, go to Account > License. Discover managed and unmanaged devices, on-premises and cloud assets, IT and OT infrastructure, endpoints at work and at home. From the Export menu, choose the HP iLO CSV format. The runZero Scanner # The command-line runZero Scanner now generates the Network Bridges and Switch Topology reports. What UDP ports does runZero scan? runZero scans the following UDP ports by default: 53 69 88 111 123 137 161 443 500 623 987 1194 1434 1701 1900 2049 2228 3391 3671 3702 4433 5060 5246 5349 5351 5353 5632 5683 5684 9302 10000 10001 11211 19132 30718 37810 41794 46808 47808 48808 65535. Click Continue to scan configuration. 2. 10. The Account API provides read-write access to all account settings and organizations. From the scan configuration page: Choose US – New York as the Hosted zone (this is a runZero-hosted Explorer in the cloud). 3. runZero assets will be updated with internal IP addresses, external IP addresses, hostnames, MAC addresses, and tags, along with other EC2-specific attributes, such as the account ID and instance. Choose whether to configure the integration as a scan probe or connector task. The speed of runZero’s discovery capability was orders of magnitude better than other solutions. Scanning with runZero. One of the trickiest parts of network discovery is balancing thoroughness with speed. The runZero Scanner now supports importing gzip-compressed scan data. Beyond a lack of detail, vulnerability scanners sometimes simply get it wrong. Scan templates help Rumble users simplify the process of configuring multiple scans and reduce errors. x OpenSSL versions when TLS-enabled service uses either TLS 1. runZero provides asset inventory and network visibility for security and IT teams. RunZero for Asset inventory and network visibility solution. 9 Ratings Breakdown 5 ( 34) 4 ( 3) 3 (. 4. Updated Ethernet fingerprints. runzero-tools Public Open source tools, libraries, and datasets related to the runZero product and associated research Go 105 MIT 21 1 1 Updated Nov 15, 2023Enter an email you would like to use to test out Rumble and then activate your account by visiting the specified email and clicking the activation link: Clicking the activation link will take you. end_time}}. This training uses the runZero success outcomes to help you understand the top use cases for runZero and how to achieve them. Running a discovery scan routinely will help you keep track of and know exactly what is on your network. To enable. Updated Ethernet fingerprints. io console. Overview # The 1. Go to the Inventory page in runZero. scan engine enhancements, and more comprehensive decoders; and deeper searching, with the addition of a dozen. runZero is now part of Presidio's arsenal of tools, not only for internal discovery, but for client onboarding as well. We want to share the magic of great network discovery with. The second tab, Groups, lists the user groups available; the groups define the. - runZero Network Discovery is the most popular SaaS alternative to Angry IP Scanner. Add the AWS credential to runZero, which includes the access key and secret key. Passive discovery augments the existing sources in the runZero Platform to provide always-on discovery for assets that might miss active scan windows, and coverage for fragile OT environments. jsonl files from runZero that have been uploaded into your AWS S3 bucket. This includes both 3. Unauthenticated network discovery tools # When viewing scan templates, you can use the keywords in this section to search and filter. The leading vuln scanner. Today we released version 0. Scan templates can be created in a few ways in runZero: By going to Tasks > Task libraryCompletion of the runZero 101 training is also recommended so that you understand the context behind all of the administrative actions you will learn about in this training. If you have multiple scan tasks linked to a template, changing the template will update the configuration on all those tasks. That’s why we welcome and embrace voices of all ages, genders, races, sexual orientations, abilities, cultures, and ethnicities. When viewing saved queries, you can use the keywords in this section to search and filter. Uncovering unmanaged assets through integrations # At runZero, we understand the power of “better together”, and our development teams have been busy adding support for many product and service. v1. Step 3: Query your asset inventory to find endpoints missing CrowdStrike agents. Step 1: Adding a custom schema Go to Configure > Schemas and select Create New. RunZero . Self-hosted The self-hosted version runZero allows you to run the entire platform on-premises or within your own cloud environment. runZero integrates with Sumo Logic to make your asset inventory available directly in Sumo Logic. Global Deployment Support # For folks. Integrate with Tenable. If you use a SAML2-compatible single sign-on (SSO) implementation, the SSO Settings page can be used to configure an SSO Identity Provider (IdP) and allow permitted users to login to the runZero console. 0 release of Rumble Network Discovery adds Registered Subnets to Sites, increases fingerprint coverage across databases, MAC addresses, and web applications, adds support for FreeBSD, OpenBSD, NetBSD, and DragonFly BSD, and expands support for additional Linux architectures. gz can be uploaded to the. times paired with its ease of use have saved Nadeau and his team valuable time to dedicate to more mission critical needs. The Rumble user interface and API endpoints now support grouped queries using parenthesis in search terms. Cons: There are several options for scan frequency but I would like something between daily weekly like every 8 hours or every three days. Professional Community Platform runZero integrates with Azure AD to allow you to sync and enrich your asset inventory, as well as gain visibility into Azure AD users and groups. 8,192. runZero’s. Powerful results, yet easy and intuitive to use. Scan completion and assets changed rules can be noisy but may be useful to keep a running log of network changes over time. io, or import vulnerability scan results from Nessus. runZero's secret sauce is its proprietary unauthenticated scanner powered by high-fidelity. 0. Most integrations can be run either as a scan probe or a connector task. The runZero platform scales across all types of environments, and works with VM, EDR, CMDB, MDM, and cloud solutions. Best for: users looking for a commercial solution to monitor open. They leverage various network protocols to discover and. name asset attribute is now updated to show when a runZero scan no longer detects the EDR. rumble. When viewing generated analysis reports, you can use the keywords in this section to search and filter. Step 1: Configure Azure to allow API access through. The Active and Completed task sections will show standard tasks, such as scans and imports, along with their current progress and summarized results. What protocols does runZero scan for? runZero supports the following list of protocols: acpp activemq adb airplay ajp amqp arp backupexec bacnet bedrock bitdefender-app brother-scanner cassandra cdp chargen checkmk chromecast ciscosmi citrix click coap consul couchdb crestron dahua-dhip daytime dcerpc dns docker dotnet-remoting drbd. Deploy runZero anywhere, on any platform, in minutes. Check out the release notes below for a complete list of changes since Beta 3 and drop us a line if you have any questions, suggestions, or feedback. runZero can gather asset data through unauthenticated active scanning, passive traffic sampling, and inbound integrations. Dan Kobialka September 27, 2023. The runZero scanner now supports the Bitdefender, NDMP, Munin, MySQL X, and Spotify Connect protocols over TCP, improved support for capturing Telnet banners and improved OS/firmware detection via BACnet UDP probe, and introduced new UDP probes for CoAP, Minecraft Bedrock, L2TP, Dahua DHIP, KXNnet, Webmin, and the PlayStation discovery protocol. For example, if you only want to export iLOs that have the ProLiant DL360p. 0. Custom fingerprints can also be. ( Note: much of the host information provided by Tenable. You can discover your entire inventory including managed and unmanaged devices, on-premises and cloud assets, IT and OT infrastructure, endpoints at work and at home. v1. Both the Community Edition and runZero Platform include SaaS console, traffic sampling, self-hosted explorers, runZero-hosted explorers, goal tracking, advanced reports, export API, custom integration SDK, asset ownership and more. - runZero Network Discovery is the most popular SaaS alternative to Advanced IP Scanner. The SecurityGate. Step 3: See your AWS assets in one inventory. After deployment, you can manage your Explorers from the Deploy page in your runZero web console. With the help of Capterra, learn about runZero - features, pricing plans, popular comparisons to. He’s here to tell us more about what’s happening with his latest creation, [runZero]. Both the agent. The runZero scan engine was designed from scratch to safely scan fragile devices. You can run the Nessus Professional integration as a scan probe so that the runZero Explorer will pull your vulnerability data into the runZero Console. 1. name:WiFi name:"Data Center". 0. runZero logs system events on a wide range of administrative actions related to assets, agents, tasks, users, and other components of the platform. Create the body message. Single organization. Select an Explorer deployed in your OT environment. 4 and above' and is a IP Scanner in the network & admin category. By default, data is retained for one year in the runZero Platform. Community Platform runZero integrates with Tenable Security Center (previously Tenable. Click Continue to scan configuration. Deploy the Explorer in your environment to enable network. On the Windows platform, the Rumble Agent and runZero Scanner now bundle npcap 1. Configurable max group size that limits the number of targets runZero can scan at once, which correlates to the number of connections stateful devices such as firewalls or routers. Step 1: Scan your network with runZero. A memory leak in the runZero Explorer and runZero Scanner has been resolved. Adding custom asset sources can be accomplished through the API or by leveraging the runZero Python SDK. The integration can be set up to support two distinct purposes: Complete asset visibility Targeted alerting and visualization Requirements A Sumo Logic. Angry IP. The solution enriches existing IT & security infrastructure data–from vuln scanners, EDRs, and cloud service providers–with detailed asset and network data from a purpose-built unauthenticated active scanner. The runZero Explorer is a lightweight scan engine that enables network and asset discovery. Stay on top of changes in your network. runZero documentation; Getting started. runZero Discovery Comparison runZero provides two different ways to run active discovery on a given network. Platform runZero is able to help users track ownership with the ability to configure different types of owners and assign owners to runZero assets and vulnerability records. runZero leverages applied research to build an asset inventory quickly, easily, and comprehensively. runZero includes a standalone command-line scanner that can be used to perform network discovery without access to the internet. Raw data from the runZero Scanner can be imported into the Rumble Console. Scan probes run as part of a scan task. runZero is a Cyber Asset Management solution that delivers comprehensive asset inventory–quickly, easily, and safely. The 169. Set the severity levels and minimum risk level to ingest. id:cdb084f9-4811-445c-8ea1-3ea9cf88d536 Name Use the syntax name:<text> to search by scan template name. The automated action can be an alert or a modification to an asset field after a scan completes. Then, you will configure a runZero integration with your vulnerability management platform to merge vulnerability data with runZero data. Overall: Excellent overall. The solution enriches CMDBs with detailed asset and network data from a purpose-built unauthenticated active scanner. Reduce the scan speed. What’s new with Rumble 2. On the import data page: Choose the site you want to add your assets to, and. runZero is a comprehensive cyber asset attack surface management solution with the most efficient way to full asset inventory. 0. In runZero, user groups explicitly set the organizational role and determines the tasks users can perform within each organization. Sample runZero implementation. The --fingerprints (shorthand: -f) option can be used to specify an alternate fingerprint database and the --fingerprints-debug option can by used to write scan log entries for sucessful and missing matches. Import the Nexpose files through the inventory pages. This integration brings runZero data into ServiceNow, allowing for specific fields and CI class mappings to be fine-tuned from the ServiceNow console. Following the structure and format of the open-source Recog fingerprint database, users can author their own fingerprint XML files and add them to a directory that the runZero platform or scanner can access. If you would like to tie an Explorer to a site. However, heavily segmented networks may require the deployment of multiple scanners. Now that the first beta release of Rumble Network Discovery is available for testing, we wanted to highlight some of the things that the product does differently. runZero provides asset inventory and network visibility for security and IT teams. Connector tasks run independently from either the cloud or one of your Explorers, only performing the integration sync. The data across your runZero account can be queried and filtered using the search syntax in conjunction with the available component keywords. Alternatively you can specify an output filename with the --output-raw option, as if performing a runZero scan. After deploying runZero, just connect to Tenable. Some probes. With this add-on, you’ll be able to pull new or updated hosts into a Splunk index, where you’ll be able to analyze, visualize, and monitor them there. When viewing system events under alerts, you can use the keywords in this section to search and filter. Getting started with Rapid7 Nexpose To use the Rapid7 Nexpose integration, you’ll need to: Download an XML Export or XML Export 2. 3. . runZero scales across all types of environments, and works with cloud, EDR, VM, CMDB, and MDM solutions. Deploy runZero anywhere, on any platform, in minutes. ID The ID field is the unique identifier for a given template, written as a UUID. Get the visibility you need to maintain good operational and cyber security hygiene. runZero continues our mission of making asset inventory easy, fast, and accurate, while giving us runway to grow our platform. Some locations, like retail stores or customer sites, may not have staff or hardware. This field is searched using the syntax id:<uuid>. port, and service. Note that event records are retained for one year. The runZero platform scales across all types of environments, and works with VM, EDR, CMDB, MDM, and cloud solutions. x updates, which includes all of the following features, improvements, and updates. runZero supports SNMPv1, SNMPv2 (the SNMPv2c variant), and SNMPv3. To understand the numbers, it’s important to remember that runZero doesn’t just rely on IP addresses. Rumble is cloud-based, but also includes a command-line scanner that runs on Windows, macOS, and multiple architectures of Linux, including servers, Raspberry Pis. When viewing services, you can use the keywords in this section to search and filter. 6? Organization hierarchies, CrowdStrike integration improvements, operating system CPE assignment, new protocols and fingerprints, and new Rapid Response queries!. Rumble v1. Tons of small UI updates. runZero supports the three main versions of the protocol: SNMPv1, the SNMPv2c variant of SNMPv2, and SNMPv3. 1. Professional Community Platform You can invite external users to join your runZero instance and view the organizational data available to them. Before you can set up the AWS integration:No credit card or sales call required. All types of inventory queries are supported by the goal tracking feature. rumble file by default. All runZero editions integrate with SecurityGate. After announcing v1. Restart the runZero service runzeroctl restart. View pricing plans for runZero. Rumble Starter Edition is now available as a free tier! This option supports many features of our paid subscriptions, including Inventory, Reports, the Export API, SSO via SAML/2. By default, the file has a name matching censys-*. The Explorer now uses the “runZero” brand by default (and matching filesystem/registry locations). runZero is the first step in security risk management and the best way for organizations to understand their exposure through comprehensive asset inventory. SiterunZero supports a deep searching across the Asset, Service, and Wireless Inventory, across organizations and sites, and through the Query Library. Scan probes gather data from integrations during scan tasks. This limits the number of targets runZero can scan at once, which correlates to the number of connections the router sees. The runZero console includes a diagnostics collection script inspired by the need to troubleshoot a self-hosted environment. Importing runZero scan data allows you to import data that was scanned by the standalone runZero scanner. Asset inventory There is a column on the asset inventory page showing the count of vulnerabilities detected by Rapid7 for each asset. Read on for the full list of changes since v1. 5 of the Rumble Agent and runZero Scanner. We do our best to ensure that any data gathered, transmitted, or downloaded is easy to view, import, export, and reprocess. New Rumble icons!Reviews of runZero. When viewing the Users inventory, you can use the following keywords to search and filter users. This increased visibility has benefited the team in other ways, including a reduction in overall risk for the university community. The default account is a trial of the full runZero Platform. OAuth 2. 0 of Rumble Network Discovery is live with a handful of new features. Organizations can use the runZero Platform to protect their managed and unmanaged devices,. runZero is the only cyber asset attack surface management ( CAASM) solution that unifies proprietary active scanning, native passive discovery, and API integrations to deliver the most complete coverage across managed and unmanaged devices, including the full spectrum of IT, OT, IoT, cloud, mobile, and remote assets. rumble. Updated August 17, 2022. With runZero, you can set up multiple scan schedules, allowing for a customized asset inventory and network discovery approach. The speed of the scans and the accuracy of results are stupendous. 0. By default, the file has a name matching censys-*. io), Tenable Nessus, and Tenable Security Center to enrich your asset inventory and gain visibility into vulnerabilities detected in your environment. New to runZero? Register for a free account. After deploying runZero, just connect to Tenable. To leverage SNMP v3 credentials in a Rumble scan, set the following options in the Advanced Options section of the Scan Configuration screen. The organization settings page provides three ways to control how runZero manages your asset and scan data. Select the Site configured in Step 1. The runZero Scanner and Rumble Agent now detect the CheckMK service. Improve your vulnerability scan coverage with asset inventory Your vulnerability scanner is a fundamental part of your cybersecurity strategy, delivering much needed visibility into assets that are unpatched, misconfigured, or vulnerable to. Setting up the integration requires a few steps in your Sumo Logic console. Planning This first set of tasks will help your team identify target results. io to enrich asset visibility in support of your risk assessment program. Quickly deploy runZero anywhere, on any platform, in minutes SaaS or self-hosted: choose the deployment model that works for you. v1. Overall: Excellent overall. rumble. Protocol detection has also been. Add one or more subnets to the Deployment scope. v1. The Explorer used in most cases, but the scanner is built for offline environments. runzero. This can be a corporate account with a paid license, or you can use a personal email to create a community account which will make you the superuser. As you get started with runZero, we recommend kicking off with our standard deployment plan and adding tasks as needed. Prerequisites Prior to starting this training, we have two recommendations: Superuser access to a runZero account. Community Platform runZero integrates with CrowdStrike by importing data through the CrowdStrike Falcon API. Get runZero for freerunZero allows the data retention periods to be configured at the organization level. Ports The TCP and UDP services associated with a service can be searched by port number using the syntax port:<number>. 3. Finding Confluence servers (yet, again) with runZero. Setting up a connector will work if you’re self-hosting runZero or integrating with Tenable Vulnerability Management. runZero scales across all types of environments, and works with cloud, EDR, VM, CMDB, and MDM solutions. Ownership types Superusers can manage the available types of ownership on the Account > Ownership types page. Creating an account; Installing an Explorer. About HD Moore. In your runZero Console, go to your inventory. 2. Angry IP is a good solution for teams that are looking for the fastest and easiest way to see which IPs are in use on a network. runZero offers free, professional, and enterprise plans to scan your network for unmanaged devices. SaaS or self-hosted: choose the deployment model that works for you. Choose whether to configure the integration as a scan probe or connector task. 8. To set up the Microsoft 365 Defender integration, you’ll need to: Configure Microsoft 365 Defender to allow API access through runZero. advanced-ip-scanner is a good one so is angery IP scanner.