At most sites in my experience, vulnerability scanning begins by doing a discovery scan, creating groups, assigning policy, and then proceeding on with scanning. These scans eventually will become reports that will go out to some entity, but there are some up and down sides to this approach.
First, let's look at doing a discovery scan. How do you do it?
