Scan Exclusion policy | IBM Partner Pavilion 2.3 guide

Scan Exclusion policy

Use the Scan Exclusion policy on the SiteProtector Console to define specific ports or assets to exclude from a scan of a group of assets.

Each Scan Exclusion policy defines the following information for the asset group associated with the policy (and the groups that inherit from it):

vA list of ports against which no assessment checks will be run. (No checks run against these ports on any host in the group. This applies to both TCP and UDP ports.)

vA list of IP addresses not to scan.

Important: You should define the Scan Exclusion policy at a high level in your group structure and allow the lower groups to inherit from it. If needed, you can then override the policy at lower groups.

Scope

The Scan Exclusion policy applies to ad hoc and background assessment scans. It does not apply to discovery scans.

Defining ports or assets to exclude from a scan

Use the Scan Exclusion policy on the SiteProtector Console to define specific ports or assets to exclude from a scan of a group of assets.

Procedure

1.From the SiteProtector Console, create a tab to display asset policies.

2.In the navigation pane, select a group, and then open the Scan Exclusion policy for that group.

3.Choose an option:

If you want to...	Then...

Exclude ports	Use a combination of typing the ports to
	exclude and choosing the ports:
	v Type the ports to exclude, separated by
	commas, in the Excluded Ports box.
	v Click Well Known Ports, and then select
	the ports to exclude.

Exclude assets	Type the IP addresses (in dotted-decimal or
	CIDR notation) of the hosts to exclude in the
	Excluded Hosts box:
	v Type an IP address, and then press ENTER.
	v Type a range of IP addresses, and then
	press ENTER.
	Example: 172.1.1.100-172.1.1.200
	v Type a combination of both choices above,
	and then press ENTER.
	Note: A red box is displayed around the
	Excluded Hosts box until the data is
	validated.

Chapter 3. Enterprise Scanner policies 61

Image 69

IBM Partner Pavilion 2.3 manual Scan Exclusion policy, Defining ports or assets to exclude from a scan

Contents

User Guide Version Copyright statement Trademarks and Disclaimer Iv Enterprise Scanner User Guide Contents Part 4. Appendixes 163 Part 3. Maintenance About this book AudienceTopics Technical support contacts Related publications Chapters Part 1. Scanning from the Proventia Manager Enterprise Scanner User Guide Section a Network configuration Section B Policy configurationAd hoc scanning in the Proventia Manager Configuring the management network interface Section a Network configurationProcedure About this task Option Description Interface Configuring the scanning network interfaceMaximum IPs per discovery subtask Maximum assets per assessment subtask Configuring scanning interface DNS settings Assigning perspective to a scanning interface Configuring routes for perspectiveOption Description Perspective Destination Network Defining assets for a discovery scan Section B Policy configurationBefore you begin Option Metric Description If you want to Then Clear groupings Displaying assessment checks by groupsClick Clear Groupings Create groupings interactively Displaying information about assessment checks Selecting assessment checks with filters Option Description Discover and report TCP services Click the Common Settings tabDiscover and report UDP services Option Description Ports to scan with generic TCP checks Option Description Ports to scan with generic UDP checks DefaultOption Description Dynamically determine OS if previously Obtained information is older than Local group membership to verify access Option Description Verify account access level before usingAccess domain controllers to verify access Access level Option Description Allowed account lockout Lockout Allowed is enabled. WhenTemporary lockout allowed Enterprise Maximum Allowable Lockout Duration Defining assessment credentials for a policy Account Type SSH Domain Option Description Account Type SSH LocalDomain/Host Account Level Defining the service names associated with TCP and UDP ports If you want to Then Exclude ports Defining ports or assets to exclude from a scanExclude assets Excluded Hosts box Scan policy Required Interpreting scan results in the Proventia Manager Running an ad hoc scan Action Icon Description Monitoring the status of a scan Viewing the results of an ad hoc scan Exporting scan results from Proventia ManagerClick View/Manage Log Files Field Description Purging scan data from the database Enterprise Scanner User Guide Part 2. Scanning from the SiteProtector Console Enterprise Scanner User Guide Enterprise Scanner policies Initially blank or unconfigured? Inheritance indicatorsPolicy inheritance with Enterprise Scanner policies General inheritance behavior Enterprise Scanner policies About this task Select Network Enterprise Scanner from the Agent Type list Viewing asset or agent policies for Enterprise Scanner Important Do not click Open Agent policies for Enterprise Scanner Contents of an agent policyAgent policy descriptions for Enterprise Scanner Policy inheritance with agent policies Network Locations policy Assigning perspective to a scanning interface Configuring routes for perspective Event notification settings for Enterprise Scanner Notification policyClick the Event Notification tab Configuring advanced parameters for event notification Access policyClick the Advanced Parameters tab Account Purpose Networking policy Configuring the management network interface Configuring the scanning network interface Configuring scanning interface DNS settings Services policy Time policy Enable the network time protocol NTPIf you want to Then Change the date and time for the agent Network Time Protocol section Update Settings policy Asset policies for Enterprise ScannerAsset policy descriptions for Enterprise Scanner Policy contents Discovery policyScope Before you begin Defining assets to discover Displaying information about assessment checks Assessment policy Displaying assessment checks by groups Selecting assessment checks with filters Configuring common assessment settings Information is older than Option Description Dynamically determine OS if SiteProtector Try to confirm the access level Option Description Allowed account lockout Defining assessment credentials for a policy Assessment Credentials policy Option Description Account Type Windows Scan Control policy Cycle start date Option Description Job nameCycle duration Current cycle start date Important consideration for multiple agents Scan Window policy Defining when scanning is allowed Defining ports or assets to exclude from a scan Scan Exclusion policy Default settings Network Services policyService definition Policy inheritance Configuring a Network Services policy Configuration options Ad Hoc Scan Control policyRunning an ad hoc discovery scan with Enterprise Scanner Running an ad hoc assessment scan with Enterprise Scanner Click Generate Support Data File Click the Debug Settings tab Understanding scanning processes in SiteProtector What is perspective? Defining perspectives Policy How to use Applies toPlacing agents in the correct perspective Perspectives in policies Network locations and perspectives Definitions Scan jobs and related termsAssets with unassigned criticality Term Description Scheduled and running scans Types of tasksImportance of tasks and subtasks Common management tasks Tasks per type of scan Priorities for running tasksCriticality and assessment tasks Scan type Number of tasks Task prioritization Stages of a scanning processDynamic prioritization Type of scan Reason for prioritization Stage Description Process for a scanning cycle Calibration considerations Size of scan windowsDiscovery cycle duration Assessment cycle duration Achieving the right balance Enterprise Scanner User Guide Background scanning in SiteProtector Determining when background scans run Asset policies and ad hoc scans How policies apply to ad hoc and background scansChanging assessment and discovery policies Type of scan Description Scan window and refresh cycle examples Scan Control policy Background scanning checklists for Enterprise Scanner Checklist for background discovery scanningChecklist for background assessment scanning Enabling background scanning Option Description Next cycle start date Defining when scanning is allowed Procedure Type a series of individual IP addresses, a Defining network services Defining assessment credentials for a policy Option Description Account Type SSH Local Monitoring scans in SiteProtector Viewing discovery job results Viewing your scan jobs Assessment subtask explanation Viewing assessment job resultsThis part of the description Describes Finished Assessment On ScanGroupName for hosts with Enterprise Scanner User Guide Managing scans in SiteProtector Stopping and restarting scan jobs Command ImpactImpact of stopping scan jobs Impact of restarting scan jobs Suspending and enabling all background scans Minimum scanning requirements Registration and authenticationSteps to initiate a scan Type of scan Steps to initiate Scanning behaviors for ad hoc scans Troubleshooting scanning behaviors for ad hoc scansInheritance Priority Expected scanning behaviors for background scans Managing scans in SiteProtector Enterprise Scanner User Guide Interpreting scan results in SiteProtector What determines certainty? OS identification Osid certaintySources of Osid Certainty of Osid sources Conditions for reassessing Osid How Osid is updated in Enterprise ScannerException Rules for updating Osid Summary page for vulnerability management Setting up a Summary view for vulnerability managementVulnerability management options Portal Description Portal Description About vulnerability assessment Viewing vulnerabilities by asset in Enterprise ScannerCreating custom views Benefits Field descriptions Field Description Viewing vulnerabilities by detail in Enterprise Scanner Field Description Viewing vulnerabilities by object in Enterprise Scanner Field Vulnerability view by vulnerability name Field Description Types of assessment reports Running reports in the SiteProtector ConsoleReport descriptions Report Description Report Description Procedure Enterprise Scanner User Guide Logs and alerts Two types of log files Log files and alert notificationTwo types of information Log size System log descriptions System logs Enterprise Scanner ES logs Getting log status informationLog descriptions Statistic Description Changing logging detail Download Downloading Enterprise Scanner ES log filesDelete a log file Click View/Manage Log Files Delete Risk level icons Alerts logEvent information icons Icon Description Downloading and saving an Alerts log Click Generate new log file from AlertsFile Description Clearing the Alerts log Finding specific events in the Alerts logClick Clear current Alerts from event log Enterprise Scanner User Guide If you want to Then Search the Alert log file by Alert ID NumberSearch by Alert Id# box Enterprise Scanner User Guide Ticketing and remediation Tickets Ticketing and Enterprise ScannerVulnerability auto ticketing Custom categories Scanning recommendations Remediation process overview for Enterprise Scanner Task overview Remediation tasks for Enterprise Scanner Option Tab Description Task 6 Close the ticket Part 3. Maintenance Enterprise Scanner User Guide Performing routine maintenance Shutting down your Enterprise Scanner Removing an agent from SiteProtector If you restore a system before you make backups Types of backupsDate of last system backup Options for backing up Enterprise Scanner Backing up configuration settings Click the Full Backup tab Choose an option Making full system backups Updating Enterprise Scanner Update locations Types of updatesType of update Content Update location Description Installation options with scheduled updates Update optionsRollbacks and backups Updating options Authentication method Advantages and Disadvantages Configuring explicit-trust authentication with an XPU server Select the Use Alternate Update Server check box Configuring an Alternate Update locationOption Description Host or IP Name CA Certificate Option Description Trust Level Configuring an Http Proxy Configuring notification options for XPUsSelect Enable Proxy Configuring automatic updates Scheduling a one-time firmware updateClick the Update Settings tab Option Description Check for updates daily or weekly Option Description Do Not Install Option Description Check for updates at given intervalsAutomatically Install Updates Delayed Manually installing updates Viewing the status of the Enterprise Scanner agent System status Proventia Manager HomeNetwork interface status Model Updates status Protection statusHeader Viewing agent status Viewing agent status in the SiteProtector Console Troubleshooting the Enterprise Scanner sensor Module or process Description Troubleshooting optionViewing the status of the CAM modules Module or process Description Troubleshooting option Part 4. Appendixes Enterprise Scanner User Guide 165 Enterprise Scanner User Guide Product handling information World trade safety information Product safety labels Laser safety information Laser complianceProduct recycling and disposal Battery return program For the European Union For Taiwan Electronic emissions notices For CaliforniaFederal Communications Commission FCC Statement Canadian Department of Communications Compliance Statement European Union EU Electromagnetic Compatibility DirectiveEC Declaration of Conformity In German Japan Class a Compliance Statement People’s Republic of China Class a Compliance Statement Korean Class a Compliance Statement Enterprise Scanner User Guide 177 Index Reassessing 105 Rules Sources Scan job