Running concurrent scans

So far, you've only run one scan at a time. However, to fully appreciate the benefits of Burp Suite Enterprise, you need to be able to run multiple scans at the same time.

Each time you run a scan, it is performed by a virtual entity known as an "agent", which has its own embedded instance of Burp Scanner. Each agent can only perform one scan at a time. Therefore, to run multiple concurrent scans, you need multiple agents. The number of agents you can use depends on your subscription. The scalability of Burp Suite Enterprise Edition relies on you only paying for the exact number of agents that you need and being able to increase that number in as large or small increments as your needs dictate. Your trial license already covers 30 agents, which should be more than enough to get you started.

To use agents, you have to assign them to a particular machine on which they should run. If you followed along with the basic setup, you should already have an agent machine embedded on the same machine as the Enterprise server and web server. We'll talk about how to install additional agent machines later. For now, let's add some more agents to the existing machine so that we can run a few concurrent scans.

Go to the "Agents" page by clicking on the settings cog icon and selecting "Agents". Here, under the "Agent Machines" tab, you can see a list of all the agent machines that you have set up, along with some basic information about them. You can also see how many agents are assigned to each agent machine. This is the maximum number of scans that are allowed to run on each machine at the same time. You can adjust this setting based on the technical specification of each machine or based on your particular requirements.

At the moment, you should only have one agent machine listed. At the bottom, you can see the total number of agents that are currently assigned to machines, as well as the number of agents for which you have a license but haven't assigned to a machine yet.

You can assign as many agents as you want to a machine. However, running too many agents on a single machine can cause performance issues. For now, we'll assign 5 agents to our machine. To do this, hover the mouse over the agent machine in the list. Using the plus and minus icons that appear, increase the number of assigned agents to 5.

Now, whenever you schedule scans, up to 5 will run at the same time. Any more scans you schedule will have the status "Waiting for agent" until one of the 5 agents finishes their current scan and is available again.

Note the "Agent machine pools" tab. Agent machine pools are a way of reserving agent machines to scan specific sites. For the moment, your agent machine is in the default pool, and you have no other pools. For more information on agent machine pools, see Managing agent machine pools.

Deploying additional agent machines

If you need to run a much larger number of concurrent scans, you will probably need multiple agent machines in order to avoid performance issues.

In short, you create an agent machine by running the Burp Suite Enterprise Edition installer on a new machine and then authorizing the new agent machine to communicate with the Enterprise server. You can then assign agents to it on the "Agents" page just like you did with the embedded machine.

For a detailed explanation of how to install additional agent machines, please refer to the main Burp Suite Enterprise Edition documentation using the link below.