Configuration Scan Inventory

The Configuration Scan Inventory page displays the list of scanned assets and their cryptographic configuration details, obtained via both, the agent based scan (executed using the AppViewX Config Scan Agent or the AppViewX Code Scan Agent) and the agentless scan (executed using the existing network discovery scan flow from the CERT+ module). Based on the identified cipher suites, the PQC risk severity and the quantum readiness are calculated, and relevant recommendations are displayed in the configuration inventory.

This report helps security analysts evaluate the encryption protocols, cipher suites, and quantum-readiness of services running within the network. It is commonly used to verify compliance with cryptographic standards, detect weak configurations, and ensure readiness for Post-Quantum Cryptography.

Verify that your user role has the required ACF permission to view configuration scan inventory. To enable the ACF permission, click here.

Note:

Agentless scans are currently limited to network discovery for certificates and protocols; library discovery is not supported.
For agentless scans under the existing certificate network scan, only IP range and subnet–based scans are supported; URL-based scans are not applicable.
Data retrieved from an agentless scan is displayed in the configuration scan inventory even if the AppViewX Config Scan Agent is not installed, since it does not require agent intervention.

Important: For the same IP and ports scanned for both, agent-based as well as agentless scans, the following rules will apply:

If an agent-based scan is performed after an agentless scan, data from the agent-based scan will replace the data from the agentless scan.
If an agentless scan is performed after an agent-based scan:
- Data for the newly discovered ciphers and protocols, from the scannedIP/port, will be added to the inventory.
- Existing service binding and library app information will not be modified.

Viewing the Configuration Scan Inventory

To view the configuration scan inventory:

To view the configuration scan inventory, go to Menu > Quantum Trust Hub > Inventory > Configuration.

You will be redirected to the Configuration Scan Inventory.

Common Inventory Functions

The table below explains the inventory functions for Configuration Scan Inventory.


Feature	Description
Filters	To filter the inventory for viewing specific data: From one or more of the following dropdown lists, select the required filtering criteria: IP address Quantum Readiness Severity Crypto Category Click Apply.
Search	Enter free text or keywords to search for specific entries in the inventory.
Export	To export the inventory data: Select at least one record from the inventory to export the corresponding data. From the menu bar, click Export. From the How would you like to download the data? Dialog box, select your preferred export file format (CSV or XLS). Click Submit. The inventory data is downloaded to your local system as a zipped file.
Pagination	Use the pagination control dropdown to select the number of records that will be displayed per page of the inventory. You can select to display 25, 50, 75, or 100 records per page of the inventory.
Pagination Navigation	Use the pagination navigation buttons to move between the pages in the inventory.
Refresh	Use the Refresh button to reload the inventory to display the up-to-date records.

Configuration Scan Inventory

The configuration scan inventory displays the following field details to view the PQC readiness:

Table 1. Column descriptions for the Configuration Scan Inventory page
Column Name	Description
IP address	Displays the IP address of the scanned host. Each row represents one detected service on a unique IP.
FQDN	Shows the domain name associated with the IP address. Useful for identifying hostnames in DNS-based scans.
Applications	Identifies the detected application or service running on the host (for example, exim, nginx, or apache).
Port	Specifies the network port used by the application. This indicates where the service is accessible.
Service Binding / Hostname	Displays the: network binding format (IP:Port) that shows which address and port combination the service listens on configured name/domain for that service
Crypto Category	Defines the type of cryptographic setting being reported (for example, Protocol, Cipher, Certificate, or Algorithm).
Crypto Value	Shows the protocol version or cryptographic mechanism in use (for example, TLS 1.3, SSL 3.0, etc.).
Cipher Suite	Lists the exact cipher suite negotiated for the TLS/SSL connection (for example, TLS_AKE_WITH_...).
Key Exchange Algorithm	Indicates cryptographic algorithm used to securely negotiate encryption keys between parties during the initial phase of a secure communication session (e.g., TLS handshake).
Authentication	Specifies the authentication algorithm (for example, ECDSA, Dilithium, etc.) used for validating the identity of the communicating entities.
Discovery Source	Indicates how the cryptographic asset or configuration was identified, via an agent-based scan (executed using the AppViewX Config Scan Agent or the AppViewX Code Scan Agent) or an agentless scan (executed using the existing network discovery scan flow from the CERT+ module) Note: Agentless scans are currently limited to network discovery for certificates and protocols; library discovery is not supported. For agentless scans under the existing certificate network scan, only IP range and subnet–based scans are supported; URL-based scans are not applicable. Agentless scans are listed under the List of Scans even if the AppViewX Config Scan Agent is not installed, since they do not require agent intervention.
Severity	Displays the security impact level associated with the detected configuration. Levels may include Low, Medium, High, or Critical.
Quantum Readiness	Indicates whether the cryptographic configuration is resistant to quantum-based attacks.
Recommended Action	Provides guidance or next steps for remediation or optimization. If no action is required, it may display N/A.