Table of Contents
Advertisement
Policy Inheritance with Enterprise Scanner Policies
Introduction
General inheritance
behavior
Inheritance with
Enterprise Scanner
policies
Inheritance
indicators
Initially blank or
inherited from
default?
IBM Proventia Network Enterprise Scanner User Guide, Version 1.3
The inheritance properties of policies enable you to set up your scanning environment in a
hierarchical group structure. Even if you understand policy inheritance with other IBM
ISS agents, you should understand the slight variations with Enterprise Scanner policies.
For the best results, read the documentation before you set up a group structure and
define policies.
In general, inheritance works as follows:
When you define a policy for a group in your group structure, the policy
●
automatically applies to the group's subgroups unless a subgroup already has its own
version of the policy. Then, that subgroup retains its version of the policy.
You can break the inheritance at any level in the group structure by redefining
●
(overriding) the policy for a subgroup. When you define a policy for a subgroup, the
changes apply to its subgroups.
If you have defined a policy for a subgroup, and you want to apply that policy to
●
groups above the subgroup, you can promote the policy to a higher group.
As you plan your Site grouping structure for vulnerability management, keep these points
in mind:
Most asset policies follow the general rules of inheritance.
●
Many agent policies apply only to a single agent or scanning network interface.
●
Some asset and some agent policies have specialized inheritance characteristics. These
●
differences are described in more detail in later topics.
Policies for a group appear in a Policy tab in the SiteProtector Console. When you select a
group on the left pane of the SiteProtector Console, policies applicable to the group
appear on the right pane. The inheritance indicators of the policies appear in the
Inheriting From column as follows:
If the Inheriting
Then, ...
From Value is...
the policy is defined for the asset or agent group selected on the left pane.
blank
Inheriting from the
you have chosen to override the policy with one that is defined higher in the
factory defaults
group structure, but a higher-level policy is not defined.
the policy is inherited from the referenced group.
a_group_name
Table 24: Group policy inheritance indicators
The initial inheritance indicators for agent policies may be blank or Inheriting from the
factory defaults depending on whether you override the SiteProtector system group
settings when you register your agent with the SiteProtector system:
If you override the settings, the agent's settings are applied to the SiteProtector system
●
policies, so the Inheriting From column is blank.
If you do not override the settings, the column follows the inheritance described in
●
Table 24, above; however, you must configure the unconfigured policies.
Policy Inheritance with Enterprise Scanner Policies
77
Advertisement
Table of Contents
Need help?
Do you have a question about the Proventia Network Enterprise Scanner and is the answer not in the manual?
Questions and answers