Juniper Secure Analytics

(1)

Juniper Secure Analytics

Vulnerability Manager User Guide

Release

2014.2

(2)

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

The information in this document is current as of the date on the title page.

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.

END USER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at

(3)

List of Tables

About the Documentation . . . ix

Table 1: Notice Icons . . . ix

Table 2: Text and Syntax Conventions . . . x

Part 1 Juniper Secure Analytics Vulnerability Manager

Chapter 1 Vulnerability Manager Installations and Deployments . . . 3

Table 3: Supported Web Browsers for JSA Products . . . 15

Chapter 4 Vulnerability Scanning . . . 25

Table 4: Scan Profile Details Configuration Options . . . 28

Table 5: Scan Protocol and Port Options . . . 34

Chapter 6 Management of Your Vulnerabilities . . . 57

Table 6: Server Type Vulnerabilities . . . 63

(8)

(9)

About the Documentation

• Documentation Conventions on page ix

• Documentation Feedback on page xi

• Requesting Technical Support on page xi

Documentation Conventions

Table 1 on page ixdefines notice icons used in this guide.

Table 1: Notice Icons

Description Meaning

Icon

Indicates important features or instructions. Informational note

Indicates a situation that might result in loss of data or hardware damage. Caution

Alerts you to the risk of personal injury or death. Warning

Alerts you to the risk of personal injury from a laser. Laser warning

Indicates helpful information. Tip

Alerts you to a recommended use or implementation. Best practice

(10)

Table 2: Text and Syntax Conventions

Examples Description

Convention

To enter configuration mode, type the configure command:

user@host> configure Represents text that you type.

Bold text like this

user@host> show chassis alarms No alarms currently active Represents output that appears on the

terminal screen. Fixed-width text like this

• A policy term is a named structure that defines match conditions and actions.

• Junos OS CLI User Guide

• RFC 1997, BGP Communities Attribute • Introduces or emphasizes important

new terms.

• Identifies guide names.

• Identifies RFC and Internet draft titles. Italic text like this

Configure the machine’s domain name: [edit]

root@# set system domain-name domain-name

Represents variables (options for which you substitute a value) in commands or configuration statements.

Italic text like this

• To configure a stub area, include the stubstatement at the[edit protocols ospf area area-id]hierarchy level. • The console port is labeledCONSOLE. Represents names of configuration

statements, commands, files, and directories; configuration hierarchy levels; or labels on routing platform

components. Text like this

stub <default-metric metric>; Encloses optional keywords or variables.

< > (angle brackets)

broadcast | multicast

(string1 | string2 | string3) Indicates a choice between the mutually

exclusive keywords or variables on either side of the symbol. The set of choices is often enclosed in parentheses for clarity. | (pipe symbol)

rsvp { # Required for dynamic MPLS only Indicates a comment specified on the

same line as the configuration statement to which it applies.

# (pound sign)

community name members [ community-ids ]

Encloses a variable for which you can substitute one or more values. [ ] (square brackets) [edit] routing-options { static { route default { nexthop address; retain; } } } Identifies a level in the configuration

hierarchy. Indention and braces ( { } )

Identifies a leaf statement at a configuration hierarchy level. ; (semicolon)

(11)

Table 2: Text and Syntax Conventions (continued)

Examples Description

Convention

• In the Logical Interfaces box, select All Interfaces.

• To cancel the configuration, click Cancel.

Represents graphical user interface (GUI) items you click or select.

Bold text like this

In the configuration editor hierarchy, select Protocols>Ospf.

Separates levels in a hierarchy of menu selections.

> (bold right angle bracket)

Documentation Feedback

We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can provide feedback by using either of the following methods:

• Online feedback rating system—On any page at the Juniper Networks Technical Documentation site athttp://www.juniper.net/techpubs/index.html, simply click the stars to rate the content, and use the pop-up form to provide us with information about your experience. Alternately, you can use the online feedback form at

https://www.juniper.net/cgi-bin/docbugreport/.

• E-mail—Send your comments to [email protected]. Include the document or topic name, URL or page number, and software version (if applicable).

Requesting Technical Support

Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or JNASC support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC.

• JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTAC User Guide located at

http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.

• Product warranties—For product warranty information, visit

http://www.juniper.net/support/warranty/.

• JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features:

(12)

• Find CSC offerings:http://www.juniper.net/customers/support/

• Search for known bugs:http://www2.juniper.net/kb/

• Find product documentation:http://www.juniper.net/techpubs/

• Find solutions and answer questions using our Knowledge Base:http://kb.juniper.net/

• Download the latest versions of software and review release notes:

http://www.juniper.net/customers/csc/software/

• Search technical bulletins for relevant hardware and software notifications:

http://kb.juniper.net/InfoCenter/

• Join and participate in the Juniper Networks Community Forum:

http://www.juniper.net/company/communities/

• Open a case online in the CSC Case Management tool:http://www.juniper.net/cm/

To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool:https://tools.juniper.net/SerialNumberEntitlementSearch/

Opening a Case with JTAC

You can open a case with JTAC on the Web or by telephone.

• Use the Case Management tool in the CSC athttp://www.juniper.net/cm/.

• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico). For international or direct-dial options in countries without toll-free numbers, see

(13)

PART 1

Juniper Secure Analytics Vulnerability

Manager

• Vulnerability Manager Installations and Deployments on page 3

• JSA Vulnerability Manager on page 17

• Security Software Integrations on page 21

• Vulnerability Scanning on page 25

• Vulnerability Scan Investigations on page 51

• Management of Your Vulnerabilities on page 57

• Vulnerability Exception Rules on page 67

• Vulnerability Remediation on page 71

• Vulnerability Reports on page 75

(14)

(15)

CHAPTER 1

Vulnerability Manager Installations and

Deployments

This chapter describes about the following sections:

• Vulnerability Manager Access and Installations on page 4

• Vulnerability Processing and Scanning Deployments on page 4

• Options for Moving the Vulnerability Processor in Your JSA Vulnerability Manager Deployment on page 6

• Deploying a Dedicated JSA Vulnerability Manager Processor Appliance on page 7

• Moving Your Vulnerability Processor to a Managed Host or Console on page 7

• Verifying that a Vulnerability Processor is Deployed on page 8

• Removing a Vulnerability Processor from Your Console or Managed Host on page 9

• Options for Adding Scanners to Your JSA Vulnerability Manager Deployment on page 9

• Deploying a Dedicated JSA Vulnerability Manager Scanner Appliance on page 11

• Deploying a Vulnerability Scanner to a JSA Console or Managed Host on page 11

• Scanning the Assets in Your DMZ on page 13

• Verifying that a Vulnerability Scanner is added to your Deployment on page 14

• Supported Web Browsers on page 14

• Enabling Document Mode and Browser Mode in Internet Explorer on page 15

(16)

Vulnerability Manager Access and Installations

You access Juniper Secure Analytics (JSA) Vulnerability Manager by using the Vulnerabilities tab.

Depending on the product that you install and whether you upgrade JSA or install a new system, the Vulnerabilities tab might not be displayed.

To access vulnerabilities tab:

• If you install JSA, the Vulnerabilities tab is enabled by default with a temporary license key.

• If you install Log Analytics, the Vulnerabilities tab is not enabled.

• Depending on how you upgrade JSA, the Vulnerabilities tab might not be enabled. To use JSA Vulnerability Manager after an install or upgrade you must upload and allocate a valid license key. For more information, see the Juniper Secure Analytics Administration

Guide.

For more information about upgrading, see the Upgrading Juniper Secure Analytics to

2014.2.

Vulnerability Processing and Scanning Deployments

When you install and license Juniper Secure Analytics (JSA) Vulnerability Manager, a vulnerability processor is automatically deployed on your JSA console.

The vulnerability processor provides a scanning component by default. If required, you can deploy more scanners, either on dedicated JSA Vulnerability Manager managed host scanner appliances or JSA managed hosts. For example, you can deploy a vulnerability scanner on an Event Collector or Flow Processor. You cannot deploy a vulnerability scanner on a high availability managed host.

If required, you can move the vulnerability processor to a different managed host in your deployment. You might move the processor to preserve disk space on your JSA console.

(17)

NOTE: After you change your vulnerability processor deployment, you must wait for your deployment to fully configure. In the Scan Profiles page, the following message is displayed: QVM is in the process of being deployed.

To configure your vulnerability processing and scanning components, you must use the JSA deployment editor, which is on the Admin tab.

Ensure that following applications are installed on all desktop systems that you use to access the JSA product user interface:

• Java Runtime Environment (JRE) version 1.7

• Adobe Flash version 10.x

For more information about the deployment editor, see the Juniper Secure Analytics

Administration Guide.

If you have a large network and require flexible scanning options, you can add more scanners to your JSA Vulnerability Manager deployment. For more information about the deployment editor, see“Options for Adding Scanners to Your JSA Vulnerability Manager Deployment” on page 9.

If you have a large network and require flexible scanning options, you can add more scanners to your JSA Vulnerability Manager deployment. For more information about the deployment editor, see“Options for Moving the Vulnerability Processor in Your JSA Vulnerability Manager Deployment” on page 6.

For more information about the deployment editor, see the Juniper Secure Analytics

Administration Guide.

Vulnerability Manager Access and Installations on page 4

•

(18)

Options for Moving the Vulnerability Processor in Your JSA Vulnerability Manager

Deployment

If required, you can move the vulnerability processor from your Juniper Secure Analytics (JSA) console to a dedicated JSA Vulnerability Manager managed host appliance. For example, you might move your vulnerability processing capability to a managed host to minimize disk space impact on your JSA console.

NOTE: You can have only one vulnerability processor in your deployment. Also, you must deploy the vulnerability processor only on a JSA console or JSA Vulnerability Manager managed host processor appliance.

To move the vulnerability processor, choose one of the following options:

• Deploy a Dedicated JSA Vulnerability Manager Processor Appliance on page 6

Deploy a Dedicated JSA Vulnerability Manager Processor Appliance

To deploy a processor appliance you must complete the followings tasks:

1. Install a dedicated JSA Vulnerability Manager managed host processor appliance. For more information, see the Juniper Secure Analytics Installation Guide.

2. Add the managed host processor appliance to your deployment by using the deployment editor.

When you select the managed host option in the deployment editor, the processor is automatically removed from the JSA console.

Move the Vulnerability Processor from Your Console to Your Managed Host

If the vulnerability processor is on your JSA console, then later you can move your vulnerability processor to a previously installed JSA Vulnerability Manager managed host processor appliance.

At any time, you can move the vulnerability processor back to your JSA console. Related

Documentation

•

(19)

Deploying a Dedicated JSA Vulnerability Manager Processor Appliance

You can deploy a dedicated Juniper Secure Analytics (JSA) Vulnerability Manager managed host processor appliance.

When you deploy your vulnerability processor to a managed host, all vulnerabilities are processed on the managed host.

NOTE: After you deploy processing to a dedicated JSA Vulnerability Manager managed host, any scan profiles or scan results that are associated with a JSA console processor are not displayed. You can continue to search and view vulnerability data on the Manage Vulnerabilities pages.

Ensure that a dedicated JSA Vulnerability Manager managed host is installed. To deploy JSA Vulnerability Manager processor:

1. Click the Admin tab.

2. On toolbar, click Deployment Editor.

3. From the menu, select Actions > Add a Managed Host.

In the managed host wizard, ensure that you select the IP address of the JSA Vulnerability Manager managed host processor appliance.

You must wait several minutes while the managed host is added.

4. In the Validation Error window, select the JSA Vulnerability Manager managed host processor and click OK.

5. Click Yes.

6. In the deployment editor menu, select File > Save and close.

7. On the Admin tab toolbar, select Advanced > Deploy Full Configuration.

8. Click OK.

Verify that the JSA Vulnerability Manager processor is deployed on the managed host. Related

Documentation

•

Moving Your Vulnerability Processor to a Managed Host or Console

If required, you can move your vulnerability processor between a Juniper Secure Analytics (JSA) Vulnerability Manager managed host appliance and your JSA console.

(20)

To move JSA Vulnerability Manager processor:

2. On toolbar, click Deployment Editor.

3. Click the Vulnerability View tab.

4. In the Vulnerability Components pane click QVM Processor.

5. Type a memorable name for the QVM Processor that you want to add, then follow the instructions in the user interface and click Next.

6. In the Adding a new component window, ensure that you select the host for the console or managed host appliance.

If your processor is on the managed host, you can select only the JSA console.

7. Click Finish and Yes.

8. In the deployment editor menu, select File > Save and close.

9. In the Validation Error window, select the processor on the console or managed host. If you select the processor on the console, then the vulnerability processor on the managed host is automatically removed during the deployment.

You must wait several minutes while the deployment completes.

10.On the Admin tab toolbar, select Advanced > Deploy Full Configuration.

11. Click OK.

Deploying a Dedicated JSA Vulnerability Manager Processor Appliance on page 7

•

• Removing a Vulnerability Processor from your Console or Managed Host on page 9

Verifying that a Vulnerability Processor is Deployed

In Juniper Secure Analytics (JSA) Vulnerability Manager, you can verify that your vulnerability processor is deployed on a JSA console or JSA Vulnerability Manager managed host.

To verify the deployment of a vulnerability processor:

1. Log in to the JSA console.

2. On the Admin tab, click the Deployment Editor.

3. Select the Vulnerability View tab.

(21)

•

• Removing a Vulnerability Processor from your Console or Managed Host on page 9

Removing a Vulnerability Processor from Your Console or Managed Host

If required, you can remove the vulnerability processor from a Juniper Secure Analytics (JSA) console or JSA Vulnerability Manager managed host.

To remove the deployment of a vulnerability processor:

1. Log in to the JSA console.

2. On the Admin tab, click the Deployment Editor.

4. Verify that the QVM Processor is displayed in the Vulnerability View pane.

5. In the Warning window, click Yes.

6. From the Deployment Editor menu, select Edit > Delete.

7. From the Deployment Editor menu, select File > Save and close.

9. Click OK.

Moving Your Vulnerability Processor to a Managed Host or Console on page 7

•

Options for Adding Scanners to Your JSA Vulnerability Manager Deployment

If you have a large network and require flexible scanning options, you can add more scanners to your Juniper Secure Analytics (JSA) Vulnerability Manager deployment. Your JSA Vulnerability Manager processor is automatically deployed with a scanning component. By deploying more scanners you can increase the flexibility of your scanning operations. For example, you can scan specific areas of your network with different scanners and at different scheduled times.

(22)

Dynamic Vulnerability Scans

The vulnerability scanners that you deploy might not have access to all areas of your network. In JSA Vulnerability Manager you can assign different scanners to network CIDR ranges. During a scan, each asset in the CIDR range that you want to scan is dynamically associated with the correct scanner.

To add more vulnerability scanners, choose any of the following options:

• Deploy a Dedicated JSA Vulnerability Manager Managed Host Scanner Appliance on page 10

• Deploy a JSA Vulnerability Manager Scanner on Your JSA Console or Managed Host on page 10

• Configure Access to a Juniper Networks Hosted Scanner and Scan your DMZ on page 10

Deploy a Dedicated JSA Vulnerability Manager Managed Host Scanner Appliance

You can scan for vulnerabilities by using a dedicated JSA Vulnerability Manager managed host scanner appliance.

To deploy a scanner appliance, you must complete the followings tasks:

1. Install a dedicated JSA Vulnerability Manager managed host scanner appliance.

2. Add the managed host scanner appliance to your deployment by using the deployment editor.

Deploy a JSA Vulnerability Manager Scanner on Your JSA Console or Managed Host

If you move your vulnerability processor from your Juniper Secure Analytics (JSA) console to a JSA Vulnerability Manager managed host, you can add a scanner to your console. You can also add a vulnerability scanner to any preexisting JSA managed hosts in your deployment. For example, you can add a scanner to an event collector, flow collector, or event processor.

NOTE: You cannot add a vulnerability scanner to a high availability managed host.

Configure Access to a Juniper Networks Hosted Scanner and Scan your DMZ

You can configure access to a Juniper Networks hosted scanner and scan the assets in your DMZ.

Moving Your Vulnerability Processor to a Managed Host or Console on page 7

•

(23)

Deploying a Dedicated JSA Vulnerability Manager Scanner Appliance

You can deploy a dedicated Juniper Secure Analytics (JSA) Vulnerability Manager managed host scanner appliance.

Ensure that a dedicated JSA Vulnerability Manager managed host scanner appliance is installed.

To deploy a dedicated Vulnerability Manager Scanner Appliance:

2. On the toolbar, click Deployment Editor.

3. From the menu, select Actions > Add a managed host.

In the managed host wizard, ensure that you select the IP address of the JSA Vulnerability Manager managed host scanner appliance.

You must wait several minutes while the deployment saves.

4. At the Adding Managed Host dialog box, click OK.

5. From the deployment editor menu, select File > Save and close.

7. Click OK.

•

• Deploying a Vulnerability Scanner to a JSA Console or Managed Host on page 11

Deploying a Vulnerability Scanner to a JSA Console or Managed Host

You can deploy a Juniper Secure Analytics (JSA) Vulnerability Manager scanner to a JSA console or managed host. For example, you can deploy a scanner to a flow collector, flow processor, event collector, or event processor.

To deploy a scanner on your JSA console, ensure that the vulnerability processor is moved to a dedicated JSA Vulnerability Manager managed host appliance.

To deploy scanners on JSA managed hosts, ensure that you have existing managed hosts in your deployment. For more information, see the Juniper Secure Analytics Installation

Guide.

To deploy a vulnerability scanner:

2. On the toolbar, click Deployment Editor.

(24)

3. On the Vulnerability Components pane, click QVM Scanner.

4. Type a unique name for the QVM Scanner that you want to add.

NOTE: The name can be up to 20 characters in length and can include underscores or hyphens.

5. Click Next.

6. From the Select a host list box, select the IP address of the JSA managed host or console.

NOTE: You cannot add a scanner to a JSA console when the vulnerability processor is on the console. You must move the vulnerability processor to a JSA Vulnerability Manager managed host.

7. Click Next.

8. Click Finish.

10.On the Admin tab toolbar, select Advanced > Deploy Full Configuration

11. Click OK.

Verify that the external scanner is listed in the Scan Server list box in the Scan Profile Details expandable pane.

Deploying a Dedicated JSA Vulnerability Manager Scanner Appliance on page 11

•

(25)

Scanning the Assets in Your DMZ

In Juniper Secure Analytics (JSA) Vulnerability Manager, you can connect to an external scanner and scan the assets in your DMZ for vulnerabilities.

If you want to scan the assets in the DMZ for vulnerabilities, you do not need to deploy a scanner in your DMZ. You must configure JSA Vulnerability Manager with a hosted IBM scanner that is located outside your network.

Detected vulnerabilities are processed by the processor on either your JSA console or JSA Vulnerability Manager managed host.

To scan the assets in your DMZ for vulnerabilities:

• Configuring Your Network and Assets for External Scans on page 13

• Configuring JSA Vulnerability Manager to Scan Your External Assets on page 13

Configuring Your Network and Assets for External Scans

To scan the assets in your DMZ, you must configure your network and inform Juniper Networks of the assets that you want to scan.

1. Configure outbound internet access on port 443.

2. Send the following information to Juniper Networks:

• Your organization's external IP address.

NOTE: The IP address must be configured before you can run external scans.

• The IP address range of the assets in your DMZ.

Configuring JSA Vulnerability Manager to Scan Your External Assets

To scan the assets in your DMZ you must configure Juniper Secure Analytics (JSA) Vulnerability Manager, by using the deployment editor:

1. On the Admin tab, click Deployment Editor.

2. Click the Vulnerability View tab.

3. In the Vulnerability Components pane, click External Scanner.

4. Type a unique name for the External Scanner that you want to add.

5. Click Next.

6. Type your external IP address and click Next.

(26)

NOTE: You cannot scan external assets until your external IP address is configured. Ensure that you email details of your external IP address to Juniper Networks.

7. If your network is configured to use a proxy server, then type the details of your server, then click Next.

8. Click Finish.

10.On the Admin tab toolbar, select Advanced > Deploy Full Configuration.

11. Click OK.

Verify that the external scanner is listed in the Scan Server list box in the Scan Profile Details expandable pane.

For more information, see“Scan Profile Details” on page 28.

Verifying that a Vulnerability Scanner is added to your Deployment

In Juniper Secure Analytics (JSA) Vulnerability Manager you can verify that a vulnerability scanner is added to your deployment.

To verify that a vulnerability scanner is added to your deployment:

1. Click the Vulnerabilities tab.

2. On the navigation menu, select Administrative > Scan Profiles.

3. On the toolbar, click Actions > Create.

4. In the Scan Profile Details pane, click the Scan Server list and ensure that your scanner is displayed.

If the scanner is not listed, open the deployment editor and verify that you added the scanner.

Supported Web Browsers

For the features in Juniper Secure Analytics (JSA) products to work properly, you must use a supported web browser.

When you access the JSA system, you are prompted for a user name and a password. The user name and password must be configured in advance by the administrator.

(27)

Table 3: Supported Web Browsers for JSA Products

Supported version Web browser

• 17.0 Extended Support Release • 24.0 Extended Support Release Mozilla Firefox

• 8.0 • 9.0 32-bit Microsoft Internet Explorer, with document mode

and browser mode enabled

The current version as of the release date of JSA 2014.2 products Google Chrome

Configuring JSA Vulnerability Manager to Scan your External Assets on page 13

•

• Enabling Document Mode and Browser Mode in Internet Explorer on page 15

• Vulnerability Backup and Recovery on page 15

Enabling Document Mode and Browser Mode in Internet Explorer

If you use Microsoft Internet Explorer to access Junos Secure Analytics (JSA) products, you must enable browser mode and document mode.

To enable browser and document mode:

1. In your Internet Explorer web browser, press F12 to open the Developer Tools window.

2. Click Browser Mode and select the version of your web browser.

3. Click Document Mode.

• For Internet Explorer V9.0, select Internet Explorer 9 standards

• For Internet Explorer V8.0, select Internet Explorer 8 standards

Configuring your Network and Assets for External Scans on page 13

•

• Configuring JSA Vulnerability Manager to Scan your External Assets on page 13

• Supported Web Browsers on page 14

Vulnerability Backup and Recovery

You can back up and recover your vulnerability data including vulnerability configurations. For example, you can back up scan profiles.

Juniper Secure Analytics (JSA) Vulnerability Manager back up and recovery is managed by using the Admin tab.

For more information about vulnerability backup and recovery, see the Juniper Secure

Analytics Administration Guide.

(28)

• Configuring your Network and Assets for External Scans on page 13

• Configuring JSA Vulnerability Manager to Scan your External Assets on page 13

(29)

CHAPTER 2

JSA Vulnerability Manager

• Vulnerability Manager Overview on page 17

• Vulnerability Management Dashboard on page 18

Vulnerability Manager Overview

Juniper Secure Analytics (JSA) Vulnerability Manager is a network scanning platform that detects vulnerabilities within the applications, systems, and devices on your network or within your DMZ.

JSA Vulnerability Manager uses security intelligence to help you manage and prioritize your network vulnerabilities. For example, you can use JSA Vulnerability Manager to continuously monitor vulnerabilities, improve resource configuration, and identify software patches. You can also, prioritize security gaps by correlating vulnerability data with network flows, log data, firewall, and intrusion prevention system (IPS) data.

You can maintain real-time visibility of the vulnerabilities that are detected by the built-in JSA Vulnerability Manager scanner and other third-party scanners. Third-party scanners are integrated with JSA and include IBM Security EndPoint Manager, Guardium, AppScan, Nessus, nCircle, and Rapid7.

Unless otherwise noted, all references to JSA Vulnerability Manager refer to JSA Vulnerability Manager. All references to JSA refer to JSA and Log Analytics and all references to SiteProtector refer to IBM Security SiteProtector.

Vulnerability Scanning on page 17

•

Vulnerability Scanning

(30)

Vulnerability Processor

When you license JSA Vulnerability Manager, a vulnerability processor is automatically deployed on your JSA console. The processor contains a JSA Vulnerability Manager scanning component.

Deployment Options

Vulnerability scanning can be deployed in different ways. For example, you can deploy your scanning capability to a JSA Vulnerability Manager managed host scanner appliance or a JSA managed host.

Configuration Options

Administrators can configure scans in the following ways:

• Schedule scans to run at times convenient for your network assets.

• Specify the times during which scans are not allowed to run.

• Specify the assets that you want to exclude from scans, either globally or for each scan.

• Configure authenticated patch scans for Linux, UNIX, or Windows operating systems.

• Configure different scanning protocols or specify the port ranges that you want to scan.

Vulnerability Manager Overview on page 17

•

Vulnerability Management Dashboard

You can display vulnerability information on your Juniper Secure Analytics (JSA) dashboard.

JSA Vulnerability Manager is distributed with a default vulnerability dashboard so that you can quickly review the risk to your organization.

You can create a new dashboard, manage your existing dashboards, and modify the display settings of each vulnerability dashboard item.

For more information about dashboards, see the Juniper Secure Analytics Users Guide.

Reviewing Vulnerability Data on the Default Vulnerability Management Dashboard

You can display default vulnerability management information on the JSA dashboard. The default vulnerability management dashboard contains risk, vulnerability, and scanning information.

(31)

To review vulnerability data on the default vulnerability management dashboard:

1. Click the Dashboard tab.

2. On the toolbar, in the Show Dashboard list, select Vulnerability Management.

Creating a Customized Vulnerability Management Dashboard

In JSA you can create a vulnerability management dashboard that is customized to your requirements.

To create a customized vulnerability management dashboard:

1. Click the Dashboard tab.

2. On the toolbar, click New Dashboard.

3. Type a Name and Description for your vulnerability dashboard.

4. Click OK.

5. On the toolbar select Add Item > Vulnerability Management and choose from the following options:

• If you want to show default saved searches on your dashboard, select Vulnerability Searches.

• If you want to show website links to security and vulnerability information, select Security News, Security Advisories, or Latest Published Vulnerabilities.

• If you want show information that is about completed or running scans, select Scans Completedor Scans In Progress.

• Vulnerability Manager Overview on page 17

(32)

(33)

CHAPTER 3

Security Software Integrations

Juniper Secure Analytics (JSA) Vulnerability Manager integrates with other security products to help you manage and prioritize your security risks.

• IBM Endpoint Manager Integration on page 21

• Configuring Secure Socket Layer for IBM Endpoint Manager Integration on page 22

• Integrating JSA Vulnerability Manager with IBM Endpoint Manager on page 23

• IBM Security SiteProtector Integration on page 24

IBM Endpoint Manager Integration

Juniper Secure Analytics (JSA) Vulnerability Manager integrates with IBM Endpoint Manager to help you filter and prioritize the vulnerabilities that can be fixed.

Integration Components

A typical JSA Vulnerability Manager IBM Endpoint Manager integration consists of the following components:

• A Juniper Secure Analytics (JSA) console.

• A licensed installation of JSA Vulnerability Manager.

• An IBM Endpoint Manager server installation.

• An IBM Endpoint Manager agent installation on each of the scan targets in your network.

Vulnerability Remediation

Depending on whether you installed and integrated IBM Endpoint Manager, JSA Vulnerability Manager provides different information to help you remediate your vulnerabilities.

• If IBM Endpoint Manager is not installed, then JSA Vulnerability Manager provides information about vulnerabilities for which a fix is available.

JSA Vulnerability Manager maintains a list of vulnerability fix information. Fix information is correlated against the known vulnerability catalog.

(34)

• If IBM Endpoint Manager is installed, then JSA Vulnerability Manager also provides specific details about the vulnerability fix process. For example, a fix might be scheduled or an asset might be already fixed.

The IBM Endpoint Manager server gathers fix information from each of the IBM Endpoint Manager agents. Fix status information is transmitted to JSA Vulnerability Manager at pre-configured time intervals.

Using the JSA Vulnerability Manager search feature, you can quickly identify those vulnerabilities that are scheduled to be fixed or are already fixed.

Deploying a Vulnerability Scanner to a JSA Console or Managed Host on page 11

•

Configuring Secure Socket Layer for IBM Endpoint Manager Integration

You can configure secure socket layer (SSL) encryption to integrate JSA Vulnerability Manager with IBM Endpoint Manager.

To configure secure socket layer (SSL) encryption:

1. To download the public key certificate, open your web browser and type https://IPaddress/webreports.

NOTE: The IP address is the IP address of your IBM Endpoint Manager server.

2. Click Add Exception.

3. In the Add Security Exception window, click View.

4. Click the Details tab and click Export.

5. In the File name: field, type iemserver_cert.der

6. In the Save as type: field, select X.509 Certificate (DER).

7. Click Save.

8. Copy the public key certificate to your JSA console.

9. To create a JSA Vulnerability Manager truststore. a. Using SSH, log in to the JSA console as the root user. b. Type the following command:

keytool -keystore /opt/qvm/iem/truststore.jks -genkey -alias iem

c. At the prompts, type the appropriate information to create the truststore.

(35)

keytool -importcert -file iemserver_cert.der -keystore truststore.jks - storepass <your truststore password>-alias iem_crt_der

11. At the Trust this certificate? prompt, type Yes.

IBM Endpoint Manager Integration on page 21

•

Integrating JSA Vulnerability Manager with IBM Endpoint Manager

You can integrate Juniper Secure Analytics (JSA) Vulnerability Manager, with IBM Endpoint Manager.

The following components must be installed on your network:

• An IBM Endpoint Manager server.

• An IBM Endpoint Manager agent on each asset in your network that you scan. If you use secure socket layer (SSL) encryption, ensure that you configure secure socket layer (SSL) for IBM Endpoint Manager integration.

To integrate JSA Vulnerability Manager with IBM Endpoint Manager:

1. Using SSH, log in to the JSA console as the root user.

2. Change directory to following location:/opt/qvm/iem

3. To configure the JSA Vulnerability Manager IBM Endpoint Manager adapter, type the following commands:

a. Type

./iem-setup-webreports.pl

b. Type the IP address of the IBM Endpoint Manager server. c. Type the User name of the IBM Endpoint Manager server. d. Type the Password of the IBM Endpoint Manager server.

4. At the Use SSL encryption? prompt, type the appropriate response.

NOTE: If you type Yes, then ensure that the prerequisite conditions are met.

5. Type the location of your truststore.

6. Type your truststore password.

Deploying a Vulnerability Scanner to a JSA Console or Managed Host on page 11

•

• IBM Endpoint Manager Integration on page 21

(36)

IBM Security SiteProtector Integration

Juniper Secure Analytics (JSA) Vulnerability Manager integrates with IBM Security SiteProtector to help direct intrusion prevention system (IPS) policy.

When you configure SiteProtector, the vulnerabilities that are detected by scans are automatically forwarded to SiteProtector.

SiteProtector receives vulnerability data from JSA Vulnerability Manager scans that are performed only after the integration is configured.

• Connecting to IBM Security SiteProtector on page 24

Connecting to IBM Security SiteProtector

You can forward vulnerability data to IBM Security SiteProtector to help direct intrusion prevention system (IPS) policy.

To connect to IBM Security SiteProtector:

1. On the Admin tab, click Deployment Editor.

3. On the Vulnerability Components pane, click SiteProtector Adapter.

4. Type a unique name for the SiteProtector Adapter that you want to add and click Next.

The name can be up to 20 characters in length and can include underscores or hyphens.

5. Type the IP address of the IBM Security SiteProtector agent manager server.

6. Click Next.

7. Click Finish.

10.Click OK.

(37)

CHAPTER 4

Vulnerability Scanning

• Vulnerability Scanning Overview on page 25

• Creating a Scan Profile on page 26

• Viewing Scan Profiles on page 27

• Monitoring Scans in Progress on page 27

• Scan Profile Details on page 28

• Scan Scheduling on page 29

• Reviewing your Scheduled Scans in Calendar Format on page 30

• Network Scan Targets and Exclusions on page 31

• Scan Protocols and Ports on page 33

• Authenticated Patch Scans on page 36

• Configuring a Permitted Scan Interval Overview on page 43

• Dynamic Vulnerability Scans on page 45

• Scan Policies on page 47

Vulnerability Scanning Overview

Using Juniper Secure Analytics (JSA) Vulnerability Manager you can scan your network assets for known vulnerabilities. All network scanning is controlled by the scan profiles that you create.

Scan Profiles

You can create multiple scan profiles and configure each differently to account for the specific requirements of your network.

(38)

Using scan profiles, you can do the following tasks:

• Review information about existing scan profiles.

• Specify the network assets that you want to exclude from all scanning.

• Create operational windows, which define the times at which scans can run.

• Manually run scan profiles or schedule scan to run at a future date.

JSA Integration

Juniper Secure Analytics (JSA) Vulnerability Manager integrates with JSA to provide the option to scan the assets that form part of a saved asset search.

Creating a Scan Profile on page 26

•

Creating a Scan Profile

In Juniper Secure Analytics (JSA) Vulnerability Manager, you configure scan profiles to specify how and when your network assets are scanned for vulnerabilities.

To create a Scan Profile:

2. In the navigation pane, click Administrative > Scan Profiles.

3. On the toolbar, click Actions > Create.

4. In the Scan Profile Details pane of the Scan Profile Configuration page, enter text in the Profile Name field.

To create a scan profile, the only mandatory field in the Scan Profile Details pane is the Profile Name field. All other parameters are optional.

5. If you added more scanners to your JSA Vulnerability Manager deployment, you can select a different scanner from the Scan Server list.

6. To scan your network by using a predefined set of scanning criteria, select a scan from the Type of Scan list.

7. Click the What To Scan pane.

8. In the Include Network Nodes pane, enter an IP address, IP range, or CIDR range in the CIDR Range/IP/IP Range field.

The only mandatory field in the What To Scan pane is the CIDR Range/IP/IP Range field. All other parameters are optional.

9. Click Add.

(39)

Vulnerability Scanning Overview on page 25

•

Viewing Scan Profiles

You can view existing scan profiles, monitor the status of scans, and identify the time that a scan takes to complete.

To view Scan Profile:

A scan profile can show a status of Stopped. A status of Stopped indicates that the scan completed successfully or was canceled.

3. To display more information about a scan profile, hover your mouse on the Profile Name field.

•

Monitoring Scans in Progress

In Juniper Secure Analytics (JSA) Vulnerability Manager, you can monitor the progress of a scan that is running. You can also monitor the status of the scanning tools that are either queued or running.

To monitor scans in progress:

3. Select a scan and on the toolbar click Actions > Run Now.

4. Hover your mouse on the Progress field while the scan is running.

•

(40)

Scan Profile Details

In Juniper Secure Analytics (JSA) Vulnerability Manager you can describe your scan, select the scanner that you want to use, and choose from a number of scan type options. Scan profile details are specified in the Scan Profile Details pane, in the Scan Profile Configuration page.

Table 4 on page 28provides the options to configure the scan profile details.

Table 4: Scan Profile Details Configuration Options

Description

Options

Specifies whether you want to run the scan automatically at a scheduled time in the future. By default this check box is selected.

Active

Specifies whether you want to send your scan results to the JSA asset model. When you configure a scan profile, this check box is selected by default.

For more information about Assets and the JSA asset model, see the Juniper Secure Analytics Users Guide.

Update asset model

The scanner that is used to run the scan profile. The scanner that you select depends on your network configuration. For example, to scan DMZ assets, then select a scanner that has access to that area of your network.

The Controller scan server corresponds to the scanner that is deployed with the vulnerability processor on your JSA console or JSA Vulnerability Manager managed host.

NOTE: You can have only one vulnerability processor in your deployment. However, you can deploy multiple scanners either on dedicated JSA Vulnerability Manager managed host scanner appliances or JSA managed hosts.

Scan Server

Specifies whether you want to use a separate vulnerability scanner for each CIDR range that you scan. You can associate multiple CIDR ranges with separate vulnerability scanners. During a scan, JSA Vulnerability Manager automatically distributes the scanning activity to the correct scanner for each CIDR range that you specify.

Dynamic server selection

The scanning bandwidth. The default setting is Medium.

NOTE: If you select a value greater than 1000 kbps, you can affect network performance. Bandwidth Limit

The pre-configured scanning criteria about ports and protocols. For more information, see“Scan Policies” on page 47.

NOTE: Any selections that you make in the How To Scan pane supersede all scan types apart from PCI Scan.

Scan Policies

Viewing Scan Profiles on page 27

•

(41)

Scan Scheduling

In Juniper Secure Analytics (JSA) Vulnerability Manager, you can schedule the dates and times that it is convenient to scan your network assets for known vulnerabilities. Scan scheduling is controlled by using the When To Scan pane, in the Scan Profile Configuration page.

A scan profile that is configured with a manual setting must be run manually. However, scan profiles that are not configured as manual scans, can also be run manually. When you select a scan schedule, you can further refine your schedule by configuring a permitted scan interval.

• Scanning Domains Monthly on page 29

• Scheduling Scans of New Unscanned Assets on page 29

Scanning Domains Monthly

In Juniper Secure Analytics (JSA) Vulnerability Manager, you can configure a scan profile to scan the domains on your network each month.

To scan Domains monthly:

2. In the navigation pane, select Administrative > Scan Profiles.

3. On the toolbar, select Actions > Create.

4. In the Scan Profile Details pane, type a name for your scan profile in the Profile Name field.

5. Click the When To Scan pane.

6. In the Run Schedule list, select Monthly.

7. In the Start Time field, select a start date and time for your scan.

8. In the Day of the month field, select a day each month that your scan runs.

10.In the Domains field, type the URL of the asset that you want to scan.

11. Click Add.

12.Click Save.

13.During and after the scan, you can monitor scan progress and review completed scans.

Scheduling Scans of New Unscanned Assets

In Juniper Secure Analytics (JSA) Vulnerability Manager, you can configure scheduled scans of newly discovered, unscanned network assets.

(42)

To schedule scans of new unscanned assets:

1. Click the Assets tab.

2. In the navigation pane, click Asset Profiles, then on the toolbar click Search > New Search.

3. To specify your newly discovered, unscanned assets, complete the following steps in the Search Parameters pane:

a. Select Days Since Asset Found, Less than 2 then click Add Filter. b. Select Days Since Asset Scanned Greater than 2 then click Add Filter. c. Click Search.

4. On the toolbar, click Save Criteria and complete the following steps:

a. In the Enter the name of this search field, type the name of your asset search. b. Click Include in my Quick Searches.

c. Click Share with Everyone. d. Click OK.

8. In the Scan Profile Details pane, type a name for your scan profile in the Profile Name field.

NOTE: The profile name must be greater than 4 characters.

9. Click the When To Scan pane and in the Run Schedule list, select Weekly.

10.In the Start Time fields, type or select the date and time that you want your scan to run on each selected day of the week.

11. Select the check boxes for the days of the week that you want your scan to run.

12.Click the What To Scan pane.

13.In the Include Saved Searches pane, select your saved asset search from the Available Saved Searches list.

14.Click Add and Save.

For more information about using the Assets tab and saving asset searches, see the

Juniper Secure Analytics Users Guide.

Reviewing your Scheduled Scans in Calendar Format

(43)

To schedule scans of new unscanned assets:`

2. In the navigation pane, click Administrative > Scheduled Scans.

3. Optional. Hover your mouse on the scheduled scan to display information about the scheduled scan.

For example, you can show the time that a scan took to complete.

4. Optional. Double-click a scheduled scan to edit the scan profile.

Network Scan Targets and Exclusions on page 31

•

Network Scan Targets and Exclusions

You can set targets and exclusions for a network by referring the following sections:

• Network Scan Targets and Exclusions Overview on page 31

• Excluding Assets from all Scans on page 32

• Managing scan Exclusions on page 33

Network Scan Targets and Exclusions Overview

In Juniper Secure Analytics (JSA) Vulnerability Manager, you can provide information about the assets, domains, or virtual webs on your network that you want to scan. Use the What To Scan pane on the Scan Profile Configuration page to specify the network assets that you want to scan.

You can exclude a specific host or range of hosts that must never be scanned. For example, you might restrict a scan from running on critical servers that are hosting your production applications. You might also want to configure your scan to target only specific areas of your network.

JSA Vulnerability Manager integrates with JSA by providing the option to scan the assets that form part of a saved asset search. For more information, see“Scheduling Scans of New Unscanned Assets” on page 29.

Include Network Nodes

You can specify your scan targets by defining a CIDR range, IP address, IP address range, or a combination of all 3.

For more information about scanning assets, see Configuring a Basic Asset Scan. Domain Scanning

You can add domains to your scan profile to test for DNS zone transfers on each of the domains that you specify.

(44)

A host can use the DNS zone transfer to request and receive a full zone transfer for a domain. Zone transfer is a security issue because DNS data is used to decipher the topology of your network. The data that is contained in a DNS zone transfer is sensitive and therefore any exposure of the data might be perceived as a vulnerability. The information that is obtained might be used for malicious exploitation such as DNS poisoning or spoofing.

For more information about configuring a Domain Scan, see“Scanning Domains Monthly” on page 29.

Scans that Used Saved Asset Searches

You can scan the assets and IP addresses that are associated with a JSA saved asset search.

Using the Assets tab, any saved searches are displayed in the Include Saved Searches section of the What To Scan pane.

For more information about configuring a scan profile with a saved asset search, see

“Scheduling Scans of New Unscanned Assets” on page 29.

For more information about saving an asset search, see the Juniper Secure Analytics Users

Guide.

Exclude Network Scan Targets

In the Exclude network nodes pane, you can specify the assets that must not be scanned. For example, if you want to avoid scanning a highly loaded, unstable, or sensitive server, exclude these assets.

When you configure a scan exclusion in a scan profile configuration, the exclusion applies only to the scan profile.

For more information, see“Excluding Assets from all Scans” on page 32. Virtual Webs

You can configure a scan profile to scan different URLs that are hosted on the same IP address.

When you scan a virtual web, JSA Vulnerability Manager checks each web page for SQL injection and cross site scripting vulnerabilities.

Excluding Assets from all Scans

In Juniper Secure Analytics (JSA) Vulnerability Manager, scan exclusions specify the assets in your network that are not scanned.

(45)

To exclude assets from all scans:

2. In the navigation pane, click Administrative > Scan Exclusions.

3. On the toolbar, select Actions > Add.

4. In the IP/IP Range field, type the IP address or range of IP addresses that you want to exclude from all scanning.

NOTE: You cannot type the IP address of an asset that is already excluded from scanning.

5. In the Description field, type information about the scan exclusion.

Provide a description that it is identifiable in the future. The description must contain at least 5 characters.

Managing scan Exclusions

In Juniper Secure Analytics (JSA) Vulnerability Manager you can update, delete, or print scan exclusions.

To manage scan exclusions:

2. In the navigation pane, click Administrative > Scan Exclusions.

3. From the list on the Scan Exclusions page, click the Scan Exclusion that you want to modify.

4. On the toolbar, select an option from the Actions menu.

5. Depending on your selection, follow the on-screen instructions to complete this task.

Scheduling Scans of New Unscanned Assets on page 29

•

• Scan Protocols and Ports on page 33

Scan Protocols and Ports

In Juniper Secure Analytics (JSA) Vulnerability Manager, you can choose different scan protocols and scan various port ranges.

• Configuring Your Scan Profile Port Protocols on page 34

• Scanning a Full Port Range on page 34

• Scanning Assets with Open Ports on page 35

(46)

Configuring Your Scan Profile Port Protocols

Use the How To Scan pane on the Scan Profile Configuration page to specify scanning protocols and the ports that you want to scan.

Table 5 on page 34provides the options to configure your scan profile port protocols.

Table 5: Scan Protocol and Port Options

Description

Protocol

The default scan protocol and scans most ports in the range 1 - 1024. TCP and UDP

The most common scanning protocol. When TCP scanning is combined with IP range scanning, you can locate a host that is running services that are prone to vulnerabilities. The default port range is 1 - 65535. TCP

Sends a packet to all specified ports. If the target is listening, it responds with a SYN and Acknowledgement (ACK). If the target is not listening, it responds with an RST (reset). Normally, the destination port is closed and an RST is returned. The default port range is 1 - 65535.

SYN

Similar to SYN, but in this case an ACK flag is set. The ACK scan does not determine whether the port is open or closed, but tests if the port is filtered or unfiltered. Testing the port is useful when you probe for the existence of a firewall and its rule sets. Simple packet filtering enables established connections (packets with the ACK bit set), whereas a more sophisticated stateful firewall might not. The default port range is 1 - 65535. ACK

A TCP packet that is used to terminate a connection, or it can be used as a method to identify open ports. FIN sends erroneous packets to a port and expects open listening ports to send back different error messages than closed ports. The scanner sends a FIN packet, which might close a connection that is open. Closed ports reply to a FIN packet with an RST. Open ports ignore the packet in question. The default port range is 1 -65535.

FIN

Scanning a Full Port Range

In Juniper Secure Analytics (JSA) Vulnerability Manager, you can scan the full port range on the assets that you specify.

To Scan a full port range:

4. In the Scan Profile Details pane, type a name for your Scan Profile in the Profile Name field.

NOTE: The profile name must be greater than 4 characters.

Juniper Secure Analytics

Juniper Secure Analytics

Vulnerability Manager User Guide

2014.2

Table of Contents

Part 1

Juniper Secure Analytics Vulnerability Manager

List of Tables

Part 1

Juniper Secure Analytics Vulnerability Manager

About the Documentation

Documentation Conventions

Table 1: Notice Icons

Table 2: Text and Syntax Conventions

Table 2: Text and Syntax Conventions (continued)

Documentation Feedback

Requesting Technical Support

Self-Help Online Tools and Resources

Opening a Case with JTAC

PART 1

Juniper Secure Analytics Vulnerability

Manager

CHAPTER 1

Vulnerability Manager Installations and

Deployments

Vulnerability Manager Access and Installations

Vulnerability Processing and Scanning Deployments

Options for Moving the Vulnerability Processor in Your JSA Vulnerability Manager

Deployment

Deploy a Dedicated JSA Vulnerability Manager Processor Appliance

Move the Vulnerability Processor from Your Console to Your Managed Host

Deploying a Dedicated JSA Vulnerability Manager Processor Appliance

Moving Your Vulnerability Processor to a Managed Host or Console

Verifying that a Vulnerability Processor is Deployed

Removing a Vulnerability Processor from Your Console or Managed Host

Options for Adding Scanners to Your JSA Vulnerability Manager Deployment

Dynamic Vulnerability Scans

Deploy a Dedicated JSA Vulnerability Manager Managed Host Scanner Appliance

Deploy a JSA Vulnerability Manager Scanner on Your JSA Console or Managed Host

Configure Access to a Juniper Networks Hosted Scanner and Scan your DMZ

Deploying a Dedicated JSA Vulnerability Manager Scanner Appliance

Deploying a Vulnerability Scanner to a JSA Console or Managed Host

Scanning the Assets in Your DMZ

Configuring Your Network and Assets for External Scans

Configuring JSA Vulnerability Manager to Scan Your External Assets

Verifying that a Vulnerability Scanner is added to your Deployment

Supported Web Browsers

Table 3: Supported Web Browsers for JSA Products

Enabling Document Mode and Browser Mode in Internet Explorer

Vulnerability Backup and Recovery

CHAPTER 2

JSA Vulnerability Manager

Vulnerability Manager Overview

Vulnerability Scanning

Vulnerability Processor

Deployment Options

Configuration Options

Vulnerability Management Dashboard

Reviewing Vulnerability Data on the Default Vulnerability Management Dashboard

Creating a Customized Vulnerability Management Dashboard

CHAPTER 3

Security Software Integrations

IBM Endpoint Manager Integration

Integration Components

Vulnerability Remediation

Configuring Secure Socket Layer for IBM Endpoint Manager Integration

Integrating JSA Vulnerability Manager with IBM Endpoint Manager

IBM Security SiteProtector Integration

Connecting to IBM Security SiteProtector

CHAPTER 4

Vulnerability Scanning

Vulnerability Scanning Overview

Scan Profiles

JSA Integration

Creating a Scan Profile

Viewing Scan Profiles

Monitoring Scans in Progress

Scan Profile Details

Table 4: Scan Profile Details Configuration Options

Scan Scheduling