I'm in a situation where I am using a single scan server Lansweeper instance and have a requirement to scan large IP spaces for assets (post-merger ITAM project for old lab spaces and associated). An example would be an undocumented /12 network that contains 400ish active endpoints, located in 90 separate non-contiguous subnets, and distributed across 4 continents. This will take 3-4 days to scan the entire /12 using 6 threads if my math is correct, and is one of many. So just adding the RFC private spaces is out - it will take far too long to scan.
So the solutions I've come up with are as follows:
I know I can use Nmap to scan, extract the IP's that respond to ping, then use a batch scanner to manually scan each IP. If I do this, can I automate regular rescans of the discovered assets or is the batch scanner a one-off scan? If it is just a one-off scan, is there a way I can automate batch scans using the API and the output of an Nmap scan?
I can also extract the /24's that appear to contain hosts from the Nmap output, and then import those as scan targets. This works, but I will end up with a very large list of scan targets and it will become problematic to maintain. The larger spaces I can scan, the better.
So my next thought is performance tuning for the scan process itself. Currently, IP scans are set to 6 threads. Is there a rough set of rules regarding how many threads can reasonably be run continuously given x cores, y ram, z network bandwidth, and so forth? Is it possible for me to add another 10 scanning servers to a pool of scanners and have Lansweeper distribute the scan between them?
So many questions, but ultimately I'm mainly interested in seeing how other Lansweeper users would approach this problem.
