Getting Started
This guide walks you through setting up your first ASV scan profile in Detectify.
Prerequisites
- PCI ASV Scanning must be enabled on your Detectify plan. Contact your account manager or book a demo to get started.
- You must know the domains or IP addresses of your internet-facing systems that handle or impact cardholder data.
- Ensure the following scanner pool IPs are allowlisted in your firewall or network security rules to allow scan traffic to reach your targets:
38.123.140.4638.123.140.8138.123.140.82
PCI DSS requirements mandate that ASV scans must be performed without interference from active security systems. If our ASV partner (Clone Systems) detects a WAF, the scan will be marked Non-Compliant.
Creating Your First Scan Profile
- Navigate to ASV Scanning in the Detectify sidebar.
- Click Create ASV Scan Profile.
- Fill in the profile details:
| Field | Description |
|---|---|
| Profile name | A descriptive name for this scan (e.g., “Payment Gateway - Production”) |
| Domain or IP | The domain (e.g., payments.example.com) or IPv4 address to scan. Each profile is locked to a single target. |
| Scan start date and time | When the first scan should run. We recommend scheduling during off-peak hours. |
| Scan frequency | How often to repeat the scan. Options are Monthly (recommended) or Quarterly. PCI DSS requires scanning at least every 90 days. |
| Ownership confirmation | You must confirm that you own or are authorized to scan the target. |
- Click Create ASV Scan Profile to save.
Your first scan will run at the scheduled date and time. You will receive an email notification when it completes.
Understanding Scan Capacity
Each ASV scan profile corresponds to one purchased scan slot on your plan. The ASV Scanning dashboard shows your usage:
- Used profiles — How many of your purchased slots are in use
- Compliant profiles — How many of your scanned profiles have passing results
If all slots are in use, you will need to contact us to add more capacity before creating additional profiles.
Next Steps
- Managing Scan Profiles — Learn how to manage, schedule, and delete profiles
- Scan Results & Compliance — Understand pass/fail results and your compliance status
- Reports & Evidence — Download compliance-ready reports for your auditors
Last updated on