How Policies Apply To Discovery And Assessment Scans - IBM Proventia Network Enterprise Scanner User Manual

Chapter 7: Configuring Discovery and Assessment Policies

How Policies Apply to Discovery and Assessment Scans

Introduction
Scope of scanning
Asset policies
98
With Enterprise Scanner, you define discovery scans and assessment scans separately.
Agent and asset policies apply to discovery and assessment scans as follows:
Agent policies describe the scanning behavior of the agent, and they apply to both
●
discovery and assessment scans.
The ESM (Enterprise Scanner Module) agent policy does, however, include
Note:
some separate settings for discovery and assessment scans.
Asset policies apply to discovery scans, to assessment scans, or to both, depending on
●
the policy.
The scopes of discovery and assessment scans are defined as follows:
Type of Scan Scope
Discovery The IP addresses that you assign to the scan for a single group.
Note: The group you use for discovery scans may already contain assets.
Those assets do not have to belong to the IP range of the scan.
Assessment The assets in a group and any included subgroups, based on policy inheritance.
Note: The list of assets included in a scan is based on the assets in the group
when the scan job is posted to the Command Jobs window—not the assets in
the group when you save assessment policies.
Table 35: Scope of discovery and assessment scans
Table 36 identifies which asset policies apply to discovery scans, which apply to
assessment scans, and which apply to both:
Policy
Assessment
Assessment Credentials
Discovery
Network Locations
Network Services
Scan Control
Scan Exclusion
Scan Window
Table 36: Asset policies that affect discovery and assessment scans
Discovery Assessment
n/a
n/a
n/a
n/a
IBM Internet Security Systems