1. Support Center
  2. Documentation
  3. Enterprise Edition
  4. Trial setup guide
  5. Create a scan

Create a scan

The "Scans" page shows a list of all scans that have already run, are currently running, or are scheduled to run. It is the central point of access for managing all scans in your landscape. At the moment, it should be blank because we haven't scheduled a scan yet.

Now that your basic infrastructure is up and running, it's time to create your first scan. We'll actually create two scans in this demonstration, both of which will run on our dummy site.

Agents

Before we create a scan, let's take a moment to talk about what an "agent" is. In Burp Suite Enterprise Edition, your automated scans are performed by virtual entities known as "agents". Each agent can only perform a single scan at a time. Therefore, to perform multiple scans simultaneously, you need multiple agents. You don't need to worry too much about this for now. All you need to know is that once you schedule a scan, it will be performed by the next free agent. Your trial license includes 30 agents automatically, which means you'll be able to perform up to 30 concurrent scans once you assign them to machines.

As we only need one agent at the moment, we'll talk about assigning more agents later.

Create a quick scan

Let's create a quick, one-time scan of the dummy website so that we have some results to work with.

  1. On the "Scans" page, in the upper-right corner, click the "New scan" button to open the scan creation page.
  2. Under "Site", select the dummy site that we created earlier. This is the site on which the scan will run.
  3. Under "Scheduling", you can choose when you want the scan to run and whether to create a one-time scan or a recurring scan. For now, select the options to start the scan "As soon as possible" and "Run once".
  4. Under "Scan configurations", notice that the default scan configuration that you set when creating the site is already selected. If you wanted to create a different type of scan, you could replace or add to this configuration. For now, we'll just leave the default "Crawl strategy - fastest".
  5. When you're done, click the green "Save" icon in the upper-right corner to create the scan. When you refresh the "Scans" page, the new scan should appear in the list. Initially, the status will say "Waiting for agent", but after a few seconds this should change to "Scanning".
Sites page

Schedule a recurring scan

While we wait for the quick scan to finish, let's set up a recurring scan. Recurring scans are useful for generating plenty of data so that you can keep track of how your security posture is improving over time. Let's schedule a more thorough daily scan of our dummy site.

  1. On the "Scans" page, in the upper-right corner, click the "New scan" button to open the scan creation page.
  2. Under "Site", select the dummy site that we created earlier.
  3. Under "Scheduling", select the options to schedule the scan for 12:00 AM and to repeat the scan every day. Leave the default option to repeat the scan indefinitely.
  4. Under "Scan configurations", the default scan configuration is still selected. This time, we want to override this to create a more thorough scan. Hover the mouse over "Crawl strategy - fastest" and click the delete icon that appears.
  5. From the drop-down list, select both "Audit coverage - maximum" and "Crawl strategy - most complete".
  6. When you're done, click the green "Save" icon in the upper-right corner to create the scan. You have now scheduled a detailed scan to run at midnight every night.
Creating a recurring scan

On the "Scans" page, the recurring scan should appear in the list with the status "Scheduled". Later, you can create a similar scan for your own sites so that every morning you will have the results of the scan ready to analyze. For example, you can see how many issues the developers were able to resolve the previous day.

By now, the quick scan might also have finished.

Completed scan

Next

Once your scan has finished, you can move on to processing the results.