Additionally, you'll want to gather some information:
Go to the Manage sensors page
Set up your scan
On the Add a scan page, under Set up scan, provide the necessary scan information.
When to scan
Configure your scan to run now or schedule it.
To set a limit for how long an unfinished scan should run before you stop it, check Stop of scan time exceeds and select a maximum run time.
The optimized scan provides basic SSL/TLS certificate and server information along with any discovered critical TLS/SSL server issues. (Heartbleed, Poodle [SSLv3], FREAK, Logjam, DROWN, RC4, and POODLE [TLS]).
Note that adding more option to a scan increases the scan’s impact on network resources as well has how long it takes to complete it.
Advanced settings: Scan performance
Use the Scan performance options to configure how quickly the scan is completed or to limit the scans impact on network resources.
Advance settings: More settings
Reduce firewall alarms by restricting TLS/SSL server checks
Use this option with the understanding that it may limit the effectiveness of your scan, as it may result in missed TLS/SSL server issues.
To identify TLS/SSL server issues (for example, Heartbleed), scans sometimes emulate a TLS/SSL server issue to make sure that the server is secure. Such emulations might trigger false firewall alarms on your network. To avoid such alarms, you can restrict the TLS/SSL server checks.
Specify ports to scan to verify host availability
The ports you specify here are only used to verify the host availability.
The first step in the scan process pings the host to verify its availability.
If Internet Control Message Protocol (ICMP) pings are disabled on a host, use this setting to specify the ports that can be scanned to verify host availability. The fewer ports specified, the faster your scan.
Save and schedule/Save and run
When you are done you'll want to save your scan.
Your scan will run now or as scheduled. Scan completion time depends on network size, and the scan performance settings selected during set up.
If a scan triggers a false alarm in intrusion detection systems (IDS) or intrusion protection systems (IPS), make sure to whitelist the scans in your IDS/IPS utilities. Also, configure your scan to run Slow. Slower scans are less likely to trigger false alarms. You may also need to whitelist the sensor from your firewall to allow communication to digicert.com.
To manage your scans, go to the Scan page (in the sidebar menu, click Discovery > Manage Discovery).
To view scan details or to modify scan settings, go to the scan's details page, (on the Scans page, click the scan name link).