To create a custom scan configuration:
- Go to View and Manage - Scan Configurations.
- At the bottom right of the page, click Add Scan Configuration.
- Select the Scan Types from those available and click Next.
- Step 2 - Scan Options of the wizard allows you to configure a variety of options (those available are dependent on the scan type selected in step 1). Options may include:
For a list of supported file types, see Supported Operating Systems and Applications for Security Scanning.
- Scan Configuration Name
- Exclude specific files types from data discovery scans. In the format: txt|doc|docx (Default: nil)
Hide the report from the user when scan completes (default false)
- Scan all file types regardless of extension in data discovery scans (Default: false)
- Enable scanning from drives mounted from network shares in data discovery scans (Default: false)
- List only the directories you wish to scan - In the format: c:\temp, c:\users\history etc.
- Exclude specific file types from data discovery scans - In the format: txt|doc|docx.
- Scan redirection URL - Redirects the output of the scan to the specified URL so that the scan report style can be customized.
Maximum number of seconds for scan to run - The maximum amount of seconds the scan will run before it times out. The timeout value is written to the log and, if the scan times out, the event is logged. This value must be a positive integer. The default is 0 seconds which means the scan will run with no timeout.
- Enable scanning of removable drives in data discovery scans (Default: false).
- List of Check IDs to Suppress (return true) (Default: oval:org.secpod.oval:def:7929, oval:org.secpod.oval:def:7925, oval:org.secpod.oval:def:6707, oval:org.mitre.oval:def:5965, oval:org.mitre.oval:def:6340, oval:org.secpod.oval:def:2556, oval:org.secpod.oval:def:7924, oval:org.secpod.oval:def:7927, oval:org.secpod.oval:def:7926) - List of patch, vulnerability and config check IDs that can be excluded from the particular scan results report. This is only used as a last resort and generally only when that particular check cannot be run against that particular machine.
- Logging value - Number 0-10, 0 is no logging, 10 is maximum logging (Default: 2) - This logging level determines how much information is logged to the app.log file during each scan. Default is 2, which logs ERROR, INFO and some DEBUG messages. When troubleshooting, you may want to increase this to 3 or 4, but this makes the app.log become extremely large.
- CPU throttling - Controls how much CPU utilization the executable will use during the scan. The higher the number, the less CPU used, but the more time the scan will take.
- Once you are done, click Next to go to Step 3. This step varies depending on the scan type selected in Step 1 and will display one of the following:
Step 1 - Select Scan type is displayed.
- Scan Configuration Review - Review your details before saving (applies to PCI, PAN, Security, PCI and PAN and Inventory scan types only).
- Data Rulesets - Add any Rulesets to this scan configuration (applies to Data Discovery and Data Breach Risk scan types only). See Using Data Rulesets to Find Sensitive Data.
- File Patterns and File Hashes - Specify which file patterns and file hashes to search (applies to File Finder scan type only). For more info, see Specify File Patterns and File Hashes for File Finder Scan Configuration.
Alternatively, enter any Using Data Rulesets to Find Sensitive Data (for Data Discovery and Data Breach Risk scan types) or Specify File Patterns and File Hashes for File Finder Scan Configuration (File Finder scan types) and click Next to go to Step 4 - Scan Configuration Review where you can review and save your new configuration.