Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Triggering Scans of New Assets

 

Use events that are processed by the custom rules engine (CRE) to trigger scans on new assets when they are assigned new IP addresses.

Create a scan profile with the On Demand Scanning enabled.

  1. From the Log Activity tab, click Rules > Rules.

    You can also get to the rules menu from the Offenses and Network Activity tabs.

  2. From the Actions menu, click New Event Rule.
  3. Click Events, and then click Next to continue.
  4. Add tests to your rule list.
    1. Click the add icon (+) icon beside when the events were detected by one or more of these log sources test.

    2. Click the add icon (+) beside when the event QID is one of the following QIDs test.

    3. Click the add icon (+) beside and when the source IP is one of the following IP addresses test.

  5. In the Rule pane, edit each rule value.
    1. For the first rule, click these log sources and add the Asset Profiler item from the list.

    2. For the second rule, click QIDs, then search for QIDs that are described in the following table, and add these QIDs to your rule.

      Table 1: QID Names and Descriptions to Add to Rule

      QID

      Name

      Description

      68750030

      IP Address Created

      This event occurs when a new IP address record is created for an asset.

      68750013

      Asset Created

      This event occurs when a new asset is created.

    3. For the third rule, click and so it changes to and NOT, then click IP addresses and add 127.0.0.1

      The following example is the output of this rule configuration:

      and NOT when the source IP is one of the following 127.0.0.1

  6. In the Apply text box, type a unique name for this rule, and leave Local as the default system setting, and then click Next.
  7. In the Rule Response section, click Trigger Scan.
    1. From the Scan Profile to be used as a template menu, select the scan profile that you want to use.

      You must select the On Demand Scanning option in the scan profile that you want to use with this rule.

    2. Click Source for the Local IPs to Scan option.

    3. Enter values for the Response Limiter setting.

      Configure appropriate intervals to avoid a potential overload on your system.

    4. If you don't want to start watching events right away, clear the Enable Rule option and then click Finish.