When you save the ticket in SiteProtector, the action request system stores the information, too. You can edit and maintain tickets in the action request system. SiteProtector retains a copy of the ticket on the database server.
Note: If you use Remedy to maintain tickets, then you cannot edit them in
SiteProtector. However, SiteProtector saves a copy of each ticket you create.
Remediation process overview for Enterprise Scanner
The tracking feature available with Enterprise Scanner and SiteProtector are adaptable, and you can easily integrate them into the workflow for your company. This topic suggests some ways to use these tracking and remediation features.
You can use Enterprise Scanner to collect the following information about your enterprise:
vWhat assets are on the enterprise networks?
Scenario: You do not want assets added to the network without approval. You want to know what assets are currently running on your network.
Action plan: Run a discovery scan to identify all assets on the network. If you discover an unauthorized asset, create a ticket to locate the asset and then take appropriate action.
vWhat services are running on these assets?
Scenario: You want to verify that assets on your network are running only approved services.
Action plan: Identify services you do not want to run on any assets in the network. Run an assessment scan to determine what services are running on network assets. Enterprise Scanner can scan for TCP services, UDP services, or both. Create a ticket to investigate and disable unauthorized services or to remove assets from the network.
vWhat applications are running on these assets?
Scenario: You want to verify that assets on the network are running only approved operating systems.
Action plan: Run a discovery scan for the range of IP addresses for active assets. Identify any assets running unapproved or outdated operating systems. Create a ticket to locate assets that are out of compliance, and update their operating systems.
vWhat vulnerabilities exist on these assets?
Scenario: You want to check all assets on the network for vulnerabilities.
Action plan: Run an assessment scan to identify which assets on the network have vulnerabilities that have not been patched. If you discover vulnerable assets, create a ticket to patch the vulnerabilities.
After Enterprise Scanner has collected this information, you can determine which conditions require attention and create work tickets from the SiteProtector Console.
Scanning recommendations
If you are relying on regular background scans to verify and close tickets, make sure that the cycle duration is short enough to verify work items within the time period allocated. That is, if your company policy states that high risk vulnerabilities be corrected within 24 hours, make sure that a background scan happens within 24 hours to verify completion.
Chapter 10. Ticketing and remediation 135
