Defining Periods Of Allowed Scanning (Scan Window Policy) - IBM Proventia Network Enterprise Scanner User Manual

Table of Contents

Defining Periods of Allowed Scanning (Scan Window Policy)

Introduction

Scope

Default behavior

Rules for defining

scan windows

Important

consideration for

multiple agents

Procedure

IBM Proventia Network Enterprise Scanner User Guide, Version 1.3

Use the Scan Window policy to define the following:

hours of allowed scanning for discovery scans (scan windows)

●

hours of allowed scanning for assessment scans (scan windows)

●

the time zone in which you want the scanning to occur, which is usually the time zone

●

of the assets

By default, scanning is allowed at any time. If you want to limit scanning, be

Important:

sure to define scan windows.

The Scan Window policy applies to background discovery and assessment scans. For an

ad hoc scan, you can choose whether to run the scan only during the windows defined in

this policy or to run the scan without restriction.

By default, all scan windows are open, so scanning is allowed at any time. When you open

a Scan Window policy, however, the default changes; and all scan windows are closed. If

you modify a Scan Window policy, be sure to define scan windows for discovery and for

assessment scans.

If you start a scan when there are no scan windows, the job appears in the

Important:

Command Jobs window in the Idle state. The job will not run until you define scan

windows.

The following rules apply to scan windows:

You define the scan windows for discovery and assessment policies separately, on

●

separate tabs of the policy.

Be sure to define a scan window for both types of scans if you intend to

Important:

run both as background scans.

You can define scan windows only in increments of hours, so the minimum scan

●

window is one hour.

You can define as many scan windows as you want on any day of the week.

●

If you have multiple agents, you should stagger your scan windows to allow the

discovery scan to finish before the assessment scan begins. If a discovery scan adds assets

to a group while an assessment scan is running, there is no guarantee that those assets will

be included in the assessment scan.

To define periods of allowed scanning:

1. In the SiteProtector Console, set up a tab to display asset policies. (See page 74.)

2. On the navigation pane, select a group, and then open the Scan Window policy for

that group.

3. Select the Discovery Windows tab or the Assessment Windows tab.

Scanning hours are selected; non-scanning hours are not selected.

Note: