Support
Launching Scans

Best practices for creating effective scan schedules in Invicti Enterprise

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

Effective scan scheduling is essential for ensuring that your scans run smoothly without overloading the system or causing delays. This document provides six best practices to help you optimize your scan schedules.

1. Limit the number of scans per hour

To avoid saturating scan queues, it’s best to configure a maximum of 500 scans per hour per schedule. This ensures that the system remains balanced, and resources are available for each scan to proceed without significant delays.

2. Understand queue wait times

The more scans you have in the queue, the longer each scan may have to wait before it can start. High queue volume means scans will remain in “queued” status for longer, delaying their transition to “scanning” status. By setting up well-spaced schedules, you can reduce this waiting time, allowing scans to start and complete more efficiently.

3. Be mindful of ad-hoc scans

When scan queues are full, any new ad-hoc scans you initiate will also face delays, waiting for previously scheduled scans to finish. To avoid unexpected wait times, consider adjusting your scheduled scans during peak periods, making room for essential or high-priority ad-hoc scans as needed.

4. Leverage the max scan duration setting

The Max Scan Duration option allows you to configure the maximum time a scan is allowed to run. Setting a reasonable maximum duration (in hours) for each scan ensures that scans don’t overrun and occupy system resources indefinitely. If your scan isn’t completed within the set time, it will automatically terminate.

For group scans, if the Customize Max Scan Duration option is left unchecked, each target's default max scan duration will apply. Therefore, we recommend adjusting this setting based on your specific scanning needs.

5. Use the scan time window setting

Setting a Scan Time Window allows you to define specific time periods during which scans are permitted to run. Scans will pause during “disallowed” hours, freeing up resources and avoiding conflicts with other critical system tasks. If this setting is disabled, each target’s default Scan Time Window will be used. Tailoring this setting can be especially useful if you want to limit scanning to off-peak hours.

For more information, refer to Scan Time Window.

6. Enable 'auto disable after failure' for non-group scans

Keeping your scan schedule clean and efficient is easier with Auto Disable After Failure. This feature checks your scan history for recurring failures and automatically disables any non-group scans that continuously fail. By removing redundant, failed scans from your schedule, you can maintain a streamlined queue and ensure resources are available for successful scans. This feature is enabled by default in the individual scheduled scan settings.