IBM Partner Pavilion 2.3 Priorities for running tasks

Tasks per type of scan

The following table explains the tasks needed for discovery and assessment scans:

Table10. Tasks per type of scan

Scan type Number of tasks

Discovery 1 job-level task

1 parent task

1 scanning task

Note: There is no way to prioritize the order

in which a discovery scan scans IP

addresses, therefore there is no reason to

divide the job into more than one scanning

task. The scanning task is divided into

subtasks, however, based on the maximum

number of IP addresses allowed per subtask.

Assessment 1 job-level task

1 parent task

1 base task for each group

1 scanning task for each asset criticality level

represented in each group

Priorities for running tasks

To determine the order for scanning your network, each task in a scan job is

assigned a priority.

The tasks for all jobs assigned to a perspective run in priority order as follows:

vAd hoc scans run before background scans.

vDiscovery scans run before assessment scans.

vAssessment scans run tasks in the order of the criticality of the assets in the task.

Criticality and assessment tasks

User-assigned criticality ratings indicate the relative importance of assets in a

group. A group can contain assets with differentcriticality ratings. When

Enterprise Scanner divides the job into tasks, it creates separate tasks for each

criticality level and assigns assets to the tasks with the corresponding criticality.

Consequently, the assets in an assessment task are of the same criticality, with the

following results:

vAn assessment scan contains at least one task for each asset criticality

represented in each group.

vAsset criticality affects the priority of the task.

Example: If a scan job includes a group with one subgroup, and each group

contains assets with all levels of criticality, the job will run as at least ten tasks: one

task for each criticality in each group.

Chapter4. Understanding scanning processes in SiteProtector 73

Contents

Main Page Trademarks and Disclaimer Page Contents Trademarks and Disclaimer ......iii About this book...........vii Part 1. Scanning from the Proventia Manager ..............1 Chapter 1. Ad hoc scanning in the Proventia Manager ..........3 Chapter 2. Interpreting scan results in the Proventia Manager ........21 Part 3. Maintenance........139 Part 4. Appendixes ........163 About this book Related publications Publications viii License agreement Technical support contacts Page Page Chapter 1. Ad hoc scanning in the Proventia Manager Section A: Network configuration Section B: Policy configuration Section A: Network configuration Configuring the management network interface 4 Configuring the scanning network interface Configuring scanning interface DNS settings 6 Assigning perspective to a scanning interface Configuring routes for perspective Section B: Policy configuration Defining assets for a discovery scan 8 Displaying assessment checks by groups Displaying information about assessment checks 10 Selecting assessment checks with filters Configuring common assessment settings for an Assessment policy 12 9. Configure options for using OS information in the Use of OS Information section: 14 12. Configure the options for locking out accounts in the Account Lockout Control section: Page Defining assessment credentials for a policy 16 Important: To avoid locking an account, do not add the account more than once. Defining the service names associated with TCP and UDP ports 18 Defining ports or assets to exclude from a scan Configuring and saving a scan policy in the Proventia Manager 20 Chapter 2. Interpreting scan results in the Proventia Manager Running an ad hoc scan 22 Monitoring the status of a scan Viewing the results of an ad hoc scan Exporting scan results from Proventia Manager 24 Purging scan data from the database Page Part 2. Scanning from the SiteProtector Console Chapters Page Chapter 3. Enterprise Scanner policies Policy inheritance with Enterprise Scanner policies General inheritance behavior 30 Inheritance with Enterprise Scanner policies Inheritance indicators Deploying an Enterprise Scanner policy from the policy repository Migrating a locally managed Enterprise Scanner agent into SiteProtector 32 Viewing asset or agent policies for Enterprise Scanner Getting vulnerability help for a SiteProtector Console without Internet access 34 Agent policies for Enterprise Scanner Agent policy descriptions for Enterprise Scanner Contents of an agent policy Policy inheritance with agent policies Network Locations policy What is perspective? 36 Default perspective When to use additional perspectives Assigning perspective to a scanning interface Configuring routes for perspective Notification policy Event notification settings for Enterprise Scanner 38 Configuring advanced parameters for event notification Access policy Networking policy Configuring the management network interface 40 Configuring the scanning network interface Configuring scanning interface DNS settings 42 Services policy Time policy 44 Update Settings policy Asset policies for Enterprise Scanner Asset policy descriptions for Enterprise Scanner Scope of scanning Contents of an asset policy Discovery policy Policy contents 46 Defining assets to discover Before you begin Assessment policy Displaying information about assessment checks 48 Displaying assessment checks by groups Selecting assessment checks with filters 50 Configuring common assessment settings 8. Configure options for using OS information in the Use of OS Information section: 52 11. Configure the options for locking out accounts in the Account Lockout Control section: 54 Assessment Credentials policy Defining assessment credentials for a policy Important: To avoid locking an account, do not add the account more than once. 56 Scan Control policy What is perspective? Defining scanning cycles and assigning perspectives to scans 58 Scan Window policy Important consideration for multiple agents Defining when scanning is allowed 60 Scan Exclusion policy Defining ports or assets to exclude from a scan Network Services policy Default settings 62 Policy inheritance Service definition Configuring a Network Services policy Ad Hoc Scan Control policy Configuration options 64 Running an ad hoc discovery scan with Enterprise Scanner Running an ad hoc assessment scan with Enterprise Scanner 66 Chapter 4. Understanding scanning processes in SiteProtector What is perspective? Perspective identifies network location 68 Default perspective Technical requirements Defining perspectives Perspectives in policies 70 Scan jobs and related terms Definitions Assets with unassigned criticality Scheduled and running scans The importance of tasks and subtasks Types of tasks Common management tasks Base management tasks Tasks per type of scan Priorities for running tasks Criticality and assessment tasks Task prioritization Stages of a scanning process 74 Dynamic prioritization The process for a scanning cycle The following table describes the general process for a scanning cycle: Optimizing cycle duration, scan windows, and subtasks for Enterprise Size of scan windows 76 Calibration considerations Discovery cycle duration Achieving the right balance Page Chapter 5. Background scanning in SiteProtector Determining when background scans run Scanning refresh cycle 80 Important points about refresh cycles Scanning windows How policies apply to ad hoc and background scans Asset policies and ad hoc scans Changing assessment and discovery policies Scan Control policy Scan window and refresh cycle examples 82 Background scanning checklists for Enterprise Scanner Checklist for background discovery scanning Checklist for background assessment scanning Enabling background scanning 84 Defining when scanning is allowed 86 Defining ports or assets to exclude from a scan Defining network services 88 Defining assessment credentials for a policy Important: To avoid inadvertently locking an account, do not add the account more than once. 90 Page Viewing your scan jobs Viewing discovery job results 92 Viewing assessment job results Page Chapter 7. Managing scans in SiteProtector Stopping and restarting scan jobs Impact of stopping scan jobs 96 Impact of restarting scan jobs Suspending and enabling all background scans Minimum scanning requirements 98 Registration and authentication Steps to initiate a scan The following table provides a brief reminder of the steps needed to initiate a scan: Scanning behaviors for ad hoc scans Inheritance Priority Troubleshooting scanning behaviors for ad hoc scans Expected scanning behaviors for background scans 100 Page 102 Chapter 8. Interpreting scan results in SiteProtector OS identification (OSID) certainty What determines certainty? 104 Sources of OSID Certainty of OSID sources How OSID is updated in Enterprise Scanner Conditions for reassessing OSID Exception Rules for updating OSID About user-supplied OSIDs Setting up a Summary view for vulnerability management Summary page for vulnerability management 106 Vulnerability management options Page Viewing vulnerabilities in the SiteProtector Console using Enterprise About vulnerability assessment 108 Creating custom views Viewing vulnerabilities by asset in Enterprise Scanner Page 110 Viewing vulnerabilities by detail in Enterprise Scanner 112 Viewing vulnerabilities by object in Enterprise Scanner Viewing vulnerabilities by target operating system in Enterprise Scanner Use this view to identify weaknesses that affect specific operating systems. 114 You can analyze specific operating systems that are more affectedby vulnerabilities. Viewing vulnerabilities by vulnerability name in Enterprise 116 Running reports in the SiteProtector Console Types of assessment reports Report descriptions 118 Viewing an Enterprise Scanner report in the SiteProtector Console Page Chapter 9. Logs and alerts Log files and alert notification Two types of log files 122 Two types of information Log size System logs Use the System Event Log page in the Proventia Manager to examine entries in the system logs. System log descriptions The following table describes the system logs for Enterprise Scanner: Getting log status information Enterprise Scanner (ES) logs 124 Log descriptions Changing logging detail Downloading Enterprise Scanner (ES) log files 126 Alerts log Risk level icons Event information icons Downloading and saving an Alerts log 128 Clearing the Alerts log Finding specific events in the Alerts log 130 Page Page Page Ticketing and Enterprise Scanner Tickets 134 Vulnerability auto ticketing Custom categories Remediation process overview for Enterprise Scanner Scanning recommendations Remediation tasks for Enterprise Scanner Task overview 136 Page 138 Page Page Chapter 11. Performing routine maintenance Shutting down your Enterprise Scanner 142 Removing an agent from SiteProtector Options for backing up Enterprise Scanner Types of backups 144 If you restore a system before you make backups Date of last system backup Backing up configuration settings Making full system backups 146 Chapter 12. Updating Enterprise Scanner XPU basics 148 Types of updates The following table describes the contents of firmware and assessment content updates: Update locations Updating options Update options Installation options with scheduled updates Rollbacks and backups Configuring explicit-trust authentication with an XPU server 150 Configuring an Alternate Update location 5. Click Save Changes. 152 Configuring an HTTP Proxy Configuring notification options for XPUs Scheduling a one-time firmware update Configuring automatic updates 154 Page Manually installing updates 156 Page Proventia Manager Home page 158 System status The system status group box describes the current status of the system: Network interface status Updates status The update status group box provides the latest update information of the appliance: Protection status The protection status area provides the current operational status of the modules for the appliance: Viewing agent status in the SiteProtector Console Viewing agent status 160 Viewing the status of the CAM modules Troubleshooting the Enterprise Scanner sensor 162 Page Page Appendix. Safety, environmental, and electronic emissions notices DANGER notices CAUTION notices 166 Product handling information Product safety labels World trade safety information 168 Laser safety information Laser compliance Product recycling and disposal Battery return program 170 Page Electronic emissions notices 172 Page 174 Page Page Index A B C D E F G 178 H I T U V W X