Need option to force scans to a single nessus host

Logged In: YES
user_id=1646121
Originator: NO

For now, this can be accomplished using the network zones and two different InProtect accounts...

Example:
User A is assigned to Zone A that scans Network A from Scanner A
User B is assigned to Zone B that scans Network A from Scanner B

Make sense?

Logged In: YES
user_id=1623129
Originator: NO

This has been build out to some capacity in the merge_kkline branch as such

Two options:
Job Scheduler can specify a server to any job IP/Range/Named/CIDR/SUBNET ( subnet requires the latter to be setup)

Subnet tracking:

By default the subnet scanning feature ( is enabled )turns on the following features

The following can be accomplished by

Setting up zones

contiguous blocks of address space per a network

such as a class B ( can be enterprise wide / or specific location ).
Set up an ORG to represent each Region/Network
Set up Sites (Physical Sites managed/associated with that ORG).
Set up subnets at that site.

Under nessus servers the ORG (code) can be specified to only be allowed to scan stuff in that org.

For example

ORG (R1)
SITE (Boston, MA)
Subnet ( 192.168.0.0/24 )
Subnet ( 192.168.1.0/24 )
Subnet ( 192.168.2.0/21 )
SITE (Augusta, ME)
Subnet ( 192.168.8.0/23 )
Subnet ( 192.168.10.0/26 )
Subnet ( 192.168.10.64/26 )
Subnet ( 192.168.10.128/25 )

Sever associated with R1 can scan all R1 stuff or per zone. by ORG you really need to know you have a primary trunk in the region and all other sites are spokes from the trunk other wise ( job scheduler / zones ( assigning a server to a specific zone )are the best method of implementation

Logged In: YES
user_id=1623129
Originator: NO

Left out the Users part Users are assigned to an ORG

SO

User one can only scan space in the zone associated with that network or subnets per that network from the pool of servers allowed to scan that org.