Click the Common Settings tab | IBM Partner Pavilion 2.3 manual

Configuring common assessment settings for an Assessment policy

Use the Common Settings tab in the Assessment policy to choose settings that define additional scanning behavior for the checks you have selected to run in an assessment scan.

Procedure

1.Click Scan → Policy Management in the navigation pane.

2.Select Assessment from the Policy Types list, and then click Add.

3.Type a name for the scan policy.

4.Click the Common Settings tab.

5.Type the URL or file location for the assessment check Help documentation in the Help HTML Prefix box:

vThe IBM ISS Web site location of up-to-date assessment check documentation.

vThe file location of a locally stored version of the documentation.

6.If you want to run the checks that are enabled by default, including checks added in an X-Press Update (XPU), select a policy in the Compliance Policies section.

CAUTION:

Custom Policy (All) runs all vulnerability checks, including DOS checks.

7.Configure options for service discovery in the Service Discovery section:

Option	Description

Discover and report TCP services	Reports active TCP services for which the
	Service Scan flag is enabled in the Network
	Services policy.

Discover and report UDP services	Reports active UDP services for which the
	Service Scan flag is enabled in the Network
	Services policy.

8.Configure options for assessment port ranges in the Assessment Port Ranges section:

Option	Description

Ports to scan with generic TCP checks	The set of TCP ports to scan with generic
	TCP checks. You can specify ports using any
	of the following methods:
	v Type a port or range of ports.
	v Click Well known and select ports from
	the list.
	v Select All.
	Note: A generic TCP check is one whose
	target type is tcp.

12Enterprise Scanner: User Guide

Image 20

IBM Partner Pavilion 2.3 manual Click the Common Settings tab, Option Description Discover and report TCP services

Contents

User Guide Version Copyright statement Trademarks and Disclaimer Iv Enterprise Scanner User Guide Contents Part 3. Maintenance Part 4. Appendixes 163 Topics About this bookAudience Related publications Technical support contacts Part 1. Scanning from the Proventia Manager Chapters Enterprise Scanner User Guide Ad hoc scanning in the Proventia Manager Section a Network configurationSection B Policy configuration Section a Network configuration Configuring the management network interfaceProcedure About this task Configuring the scanning network interface Option Description InterfaceMaximum IPs per discovery subtask Maximum assets per assessment subtask Configuring scanning interface DNS settings Configuring routes for perspective Assigning perspective to a scanning interfaceOption Description Perspective Destination Network Section B Policy configuration Defining assets for a discovery scanBefore you begin Option Metric Description Displaying assessment checks by groups If you want to Then Clear groupingsClick Clear Groupings Create groupings interactively Displaying information about assessment checks Selecting assessment checks with filters Click the Common Settings tab Option Description Discover and report TCP servicesDiscover and report UDP services Option Description Ports to scan with generic TCP checks Default Option Description Ports to scan with generic UDP checksOption Description Dynamically determine OS if previously Obtained information is older than Option Description Verify account access level before using Local group membership to verify accessAccess domain controllers to verify access Access level Lockout Allowed is enabled. When Option Description Allowed account lockoutTemporary lockout allowed Enterprise Maximum Allowable Lockout Duration Defining assessment credentials for a policy Option Description Account Type SSH Local Account Type SSH DomainDomain/Host Account Level Defining the service names associated with TCP and UDP ports Defining ports or assets to exclude from a scan If you want to Then Exclude portsExclude assets Excluded Hosts box Scan policy Required Interpreting scan results in the Proventia Manager Running an ad hoc scan Monitoring the status of a scan Action Icon Description Click View/Manage Log Files Viewing the results of an ad hoc scanExporting scan results from Proventia Manager Purging scan data from the database Field Description Enterprise Scanner User Guide Part 2. Scanning from the SiteProtector Console Enterprise Scanner User Guide Enterprise Scanner policies Inheritance indicators Initially blank or unconfigured?Policy inheritance with Enterprise Scanner policies General inheritance behavior Enterprise Scanner policies About this task Viewing asset or agent policies for Enterprise Scanner Select Network Enterprise Scanner from the Agent Type list Important Do not click Open Contents of an agent policy Agent policies for Enterprise ScannerAgent policy descriptions for Enterprise Scanner Policy inheritance with agent policies Network Locations policy Configuring routes for perspective Assigning perspective to a scanning interface Click the Event Notification tab Event notification settings for Enterprise ScannerNotification policy Access policy Configuring advanced parameters for event notificationClick the Advanced Parameters tab Account Purpose Configuring the management network interface Networking policy Configuring the scanning network interface Configuring scanning interface DNS settings Services policy Enable the network time protocol NTP Time policyIf you want to Then Change the date and time for the agent Network Time Protocol section Asset policy descriptions for Enterprise Scanner Update Settings policyAsset policies for Enterprise Scanner Scope Policy contentsDiscovery policy Defining assets to discover Before you begin Assessment policy Displaying information about assessment checks Displaying assessment checks by groups Selecting assessment checks with filters Configuring common assessment settings Option Description Dynamically determine OS if SiteProtector Information is older than Try to confirm the access level Option Description Allowed account lockout Assessment Credentials policy Defining assessment credentials for a policy Option Description Account Type Windows Scan Control policy Option Description Job name Cycle start dateCycle duration Current cycle start date Scan Window policy Important consideration for multiple agents Defining when scanning is allowed Scan Exclusion policy Defining ports or assets to exclude from a scan Network Services policy Default settingsService definition Policy inheritance Configuring a Network Services policy Running an ad hoc discovery scan with Enterprise Scanner Configuration optionsAd Hoc Scan Control policy Running an ad hoc assessment scan with Enterprise Scanner Click the Debug Settings tab Click Generate Support Data File Understanding scanning processes in SiteProtector What is perspective? Policy How to use Applies to Defining perspectivesPlacing agents in the correct perspective Perspectives in policies Network locations and perspectives Scan jobs and related terms DefinitionsAssets with unassigned criticality Term Description Types of tasks Scheduled and running scansImportance of tasks and subtasks Common management tasks Priorities for running tasks Tasks per type of scanCriticality and assessment tasks Scan type Number of tasks Stages of a scanning process Task prioritizationDynamic prioritization Type of scan Reason for prioritization Process for a scanning cycle Stage Description Size of scan windows Calibration considerationsDiscovery cycle duration Assessment cycle duration Achieving the right balance Enterprise Scanner User Guide Background scanning in SiteProtector Determining when background scans run How policies apply to ad hoc and background scans Asset policies and ad hoc scansChanging assessment and discovery policies Type of scan Description Scan Control policy Scan window and refresh cycle examples Checklist for background assessment scanning Background scanning checklists for Enterprise ScannerChecklist for background discovery scanning Enabling background scanning Defining when scanning is allowed Option Description Next cycle start date Procedure Type a series of individual IP addresses, a Defining network services Defining assessment credentials for a policy Option Description Account Type SSH Local Monitoring scans in SiteProtector Viewing your scan jobs Viewing discovery job results Viewing assessment job results Assessment subtask explanationThis part of the description Describes Finished Assessment On ScanGroupName for hosts with Enterprise Scanner User Guide Managing scans in SiteProtector Command Impact Stopping and restarting scan jobsImpact of stopping scan jobs Impact of restarting scan jobs Suspending and enabling all background scans Registration and authentication Minimum scanning requirementsSteps to initiate a scan Type of scan Steps to initiate Troubleshooting scanning behaviors for ad hoc scans Scanning behaviors for ad hoc scansInheritance Priority Expected scanning behaviors for background scans Managing scans in SiteProtector Enterprise Scanner User Guide Interpreting scan results in SiteProtector OS identification Osid certainty What determines certainty?Sources of Osid Certainty of Osid sources How Osid is updated in Enterprise Scanner Conditions for reassessing OsidException Rules for updating Osid Setting up a Summary view for vulnerability management Summary page for vulnerability managementVulnerability management options Portal Description Portal Description Viewing vulnerabilities by asset in Enterprise Scanner About vulnerability assessmentCreating custom views Benefits Field descriptions Field Description Viewing vulnerabilities by detail in Enterprise Scanner Field Description Viewing vulnerabilities by object in Enterprise Scanner Field Vulnerability view by vulnerability name Field Description Running reports in the SiteProtector Console Types of assessment reportsReport descriptions Report Description Report Description Procedure Enterprise Scanner User Guide Logs and alerts Log files and alert notification Two types of log filesTwo types of information Log size System logs System log descriptions Getting log status information Enterprise Scanner ES logsLog descriptions Statistic Description Changing logging detail Downloading Enterprise Scanner ES log files DownloadDelete a log file Click View/Manage Log Files Delete Alerts log Risk level iconsEvent information icons Icon Description File Description Downloading and saving an Alerts logClick Generate new log file from Alerts Click Clear current Alerts from event log Clearing the Alerts logFinding specific events in the Alerts log Enterprise Scanner User Guide Search by Alert Id# box If you want to Then Search the Alert log file by Alert IDNumber Enterprise Scanner User Guide Ticketing and remediation Ticketing and Enterprise Scanner TicketsVulnerability auto ticketing Custom categories Remediation process overview for Enterprise Scanner Scanning recommendations Remediation tasks for Enterprise Scanner Task overview Option Tab Description Task 6 Close the ticket Part 3. Maintenance Enterprise Scanner User Guide Performing routine maintenance Shutting down your Enterprise Scanner Removing an agent from SiteProtector Types of backups If you restore a system before you make backupsDate of last system backup Options for backing up Enterprise Scanner Backing up configuration settings Making full system backups Click the Full Backup tab Choose an option Updating Enterprise Scanner Types of updates Update locationsType of update Content Update location Description Update options Installation options with scheduled updatesRollbacks and backups Updating options Configuring explicit-trust authentication with an XPU server Authentication method Advantages and Disadvantages Configuring an Alternate Update location Select the Use Alternate Update Server check boxOption Description Host or IP Name Option Description Trust Level CA Certificate Select Enable Proxy Configuring an Http ProxyConfiguring notification options for XPUs Scheduling a one-time firmware update Configuring automatic updatesClick the Update Settings tab Option Description Check for updates daily or weekly Option Description Check for updates at given intervals Option Description Do Not InstallAutomatically Install Updates Delayed Manually installing updates Viewing the status of the Enterprise Scanner agent Proventia Manager Home System statusNetwork interface status Model Header Updates statusProtection status Viewing agent status in the SiteProtector Console Viewing agent status Viewing the status of the CAM modules Troubleshooting the Enterprise Scanner sensorModule or process Description Troubleshooting option Module or process Description Troubleshooting option Part 4. Appendixes Enterprise Scanner User Guide 165 Enterprise Scanner User Guide Product handling information Product safety labels World trade safety information Product recycling and disposal Laser safety informationLaser compliance Battery return program For Taiwan For the European Union Federal Communications Commission FCC Statement Electronic emissions noticesFor California EC Declaration of Conformity In German Canadian Department of Communications Compliance StatementEuropean Union EU Electromagnetic Compatibility Directive People’s Republic of China Class a Compliance Statement Japan Class a Compliance Statement Korean Class a Compliance Statement Enterprise Scanner User Guide Index 177 Reassessing 105 Rules Sources Scan job