IBM Partner Pavilion 2.3 Remediation process overview for Enterprise Scanner

When you save the ticket in SiteProtector, the action request system stores the

information, too. You can edit and maintain tickets in the action request system.

SiteProtector retains a copy of the ticket on the database server.

Note: If you use Remedy to maintain tickets, then you cannot edit them in

SiteProtector. However,SiteProtector saves a copy of each ticket you create.

Remediation process overview for Enterprise Scanner

The tracking feature available with Enterprise Scanner and SiteProtector are

adaptable, and you can easily integrate them into the workflow for your company.

This topic suggests some ways to use these tracking and remediation features.

You can use Enterprise Scanner to collect the following information about your

enterprise:

vWhat assets are on the enterprise networks?

Scenario: You do not want assets added to the network without approval.You

want to know what assets are currently running on your network.

Action plan: Run a discovery scan to identify all assets on the network. If you

discover an unauthorized asset, create a ticket to locate the asset and then take

appropriate action.

vWhat services are running on these assets?

Scenario: You want to verify that assets on your network are runningonly

approved services.

Action plan: Identify services you do not want to run on any assets in the

network. Run an assessment scan to determine what services are running on

network assets. Enterprise Scanner can scan for TCP services, UDP services, or

both. Create a ticket to investigate and disable unauthorized services or to

remove assets from the network.

vWhat applications are running on these assets?

Scenario: You want to verify that assets on the network are runningonly

approved operating systems.

Action plan: Run a discovery scan for the range of IP addresses for active assets.

Identify any assets running unapproved or outdated operating systems. Create a

ticket to locate assets that are out of compliance, and update their operating

systems.

vWhat vulnerabilities exist on these assets?

Scenario: You want to check all assets on the network for vulnerabilities.

Action plan: Run an assessment scan to identify which assets on the network

have vulnerabilities that have not been patched. If you discover vulnerable

assets, create a ticket to patch the vulnerabilities.

After Enterprise Scanner has collected this information, you can determine which

conditions require attention and create work tickets from the SiteProtector Console.

If you are relying on regular background scans to verify and close tickets, make

sure that the cycle duration is short enough to verify work items within the time

period allocated. That is, if your company policy states that high risk

vulnerabilities be corrected within 24 hours, make sure that a background scan

happens within 24 hours to verify completion.

Chapter10. Ticketing and remediation 135