About Audit Services
An Audit Service is the in-network worker process that an AlloyScan Site uses to scan address ranges and to audit individual devices that the agentless audit method covers — Windows hosts via WMI / WinRM, Linux and macOS via SSH, hypervisors, SNMP devices, and the cloud APIs (AWS / Azure / Google).
The instance itself never connects directly to your endpoints. It instead routes scan and audit tasks to the registered Audit Service, which executes them locally and returns the result. This keeps every credential and every payload inside the customer network.
Where Audit Services live in the Admin Center
You manage Audit Services per Site, in two interchangeable entry points:
- Admin Center > Site Settings > Tasks and services > Audit services
- Network > Audit services
The list shows one row per registered service with Name, Id, IP address, Registration date, Last active, Updater last active date, Version, Updater version, and Expiration date. Open a row to see the Audit Service detail modal, which is split into three tabs: General, Credentials, and Tasks.
Health states
Every Audit Service moves through a small, observable lifecycle:
- Active — the service has sent a heartbeat recently and is doing work.
- Outdated — the service is behind the instance version. This is a soft state and a non-fatal warning. The modal title carries the suffix
- outdatedand the row icon shows a status marker. The service keeps running. - Inactive — the service has not sent a heartbeat for longer than the configured inactivity period.
- ScheduledForDeletion — set automatically after the configured inactivity period or manually with Schedule for deletion. If the service remains inactive for another inactivity period, AlloyScan deletes it. If it comes online before then, it uninstalls itself.
Using Schedule for deletion starts the deletion workflow without waiting for the service to become inactive. The configured inactivity period still applies before AlloyScan deletes the service.
Versioning, separately from health
Outdated is independent of Active / Inactive. A healthy service that is behind the instance version is still Active but flagged as outdated. Treat the flag as advisory and as a prompt to upgrade rather than as a hard failure.
Credentials live inside an Audit Service
Each Audit Service maintains its own credential pool, accessed through the Credentials tab on the service detail modal. See About Credentials for the full model.
How an Audit Service relates to Audit Agents
The Audit Service performs agentless audits — it logs in to the target on demand and pulls inventory. The Audit Agent is a separate worker that runs on the endpoint itself and pushes inventory back to the instance on a schedule. The two are complementary; they share the same task pipeline and surface in the same Audit log, but they are deployed and managed independently.
Related
- How to install an Audit Service — installation walk-through (shared with the User Guide).
- How to schedule an Audit Service for deletion — admin-initiated retirement.
- Audit Services Reference — fields, state enum, and lifecycle table.
- About Credentials — the per-service secret pool.
- About the Active tasks queue — the Tasks tab on each Audit Service feeds the per-Site queue.